Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (447. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Samsung Galaxy S24 Ultra 17,3 cm (6,8") 12 GB 256 GB Çift SIM Gri 5000 mAh : Amazon.com.tr: Elektronik
https://www.amazon.com.tr/dp/B0CNKGPSBM
14 sa. önce paylaşıldı
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
2 Misafir - 2 Masaüstü
Giriş
Mesaj
-
-
quote:
Orijinalden alıntı: unitito
merhaba kardes benim pc de de IE da felaket yavlasma var 15 sn felan yanıt almıyor sonra buluyor. pc cok kasılıyor. loglar bunlar yarıdımcı olursan sevinirim ve daha sonra ne yapmam gerektigini de belirtirsen sevinirim.simdiden tesekkürler.
hocam mesaj atmıstım ama hala cevap vermemissiniz bi yardımcı olursanız sevinirim log ları bir daha koyuyorum
Programda bunlari isaretleyip fix checked demen yeterli.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://go.microsoft.com/fwlink/?LinkId=488
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PERFECT XP SP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
-
quote:
Orijinalden alıntı: ReWeLLeR
İyi günler Serji bey benim problemim genel olarak eskiye oranla internet yavaşlaması olursanız sevinirim ..
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
quote:
Orijinalden alıntı: sato_re
hijack this raporu müsait olduğunda fixlemem gerekenleri yazarsan sevinirim
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - C:\Program Files\iMesh Applications\iMesh\iMeshIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
-
Hocam dediklerinizi yaptım birde bu hatayı alıyorum nedense 
Fixledikten sonraki log dosyası bir incelerseniz sevinirim
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:02:36, on 10.11.2009
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16386)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\baskentlee\Downloads\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: flashget2 urlcatch - {1F364306-AA45-47B5-9F9D-39A8B94E7EF1} - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\bhoCATCH.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\FlashGet.exe" /min
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [FlashGet] "C:\Program Files\FlashGet Network\FlashGet universal\flashget.exe" /min
O8 - Extra context menu item: &Download All by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O8 - Extra context menu item: &Download by FlashGet - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bholink.htm
O8 - Extra context menu item: &Tümünü Flashget ile indir - C:\Program Files\FlashGet Network\FlashGet universal\ComDlls\Bhoall.htm
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{00F77E28-054B-4347-A291-011ED8053E4F}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{00F77E28-054B-4347-A291-011ED8053E4F}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{00F77E28-054B-4347-A291-011ED8053E4F}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
--
End of file - 4369 bytes
-
quote:
Orijinalden alıntı: serji
quote:
Orijinalden alıntı: tcebeci
Avanger mi silemiyor benmi yanlış yapıyorum acaba , Combofix hala "mbr" yi gösteriyor.
MBAM ile taratildiginda bir sorun gozukmuyor degil mi? Bir de Bitdefender ya da Kaspersky ile taratabilir misin?
MBAM taramasında sorun yok
Bitdefender 2009 aşağıdakini bulup sildi
C:\Qoobox\Quarantine\C\Windows\System32\BReWErS.dll.vir
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 11 Kasım 2009; 1:47:56 > -
Merhaba , bugunlerde makinemde yavaslama olmaya basladi , bir gozatabilirseniz memnun olurum ...
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:56, on 11.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\USB Disk Security\USBGuard.exe
C:\WINDOWS\Domino.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\ugur\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\BrowserPlusCore.exe
C:\Documents and Settings\ugur\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\BrowserPlusService.exe
C:\Documents and Settings\ugur\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\BrowserPlusService.exe
C:\Documents and Settings\ugur\Local Settings\Application Data\Yahoo!\BrowserPlus\2.4.17\BrowserPlusService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O8 - Extra context menu item: Reklam Başlığı Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: PalTalk - {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ultimate Download Manager - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: URL ko&ntrolü - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase1140.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -http://www.gaski.gov.tr:9999/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211482636875
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file:///C:/Program%20Files/AutoCAD%202002/AcDcToday.ocx
O16 - DPF: {AE563720-B4F5-11D4-A415-00108302FDFD} (NOXLATE-BANR) - file:///C:/Program%20Files/AutoCAD%202002/InstBanr.ocx
O16 - DPF: {C6637286-300D-11D4-AE0A-0010830243BD} (InstaFred) - file:///C:/Program%20Files/AutoCAD%202002/InstFred.ocx
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file:///C:/Program%20Files/AutoCAD%202002/AcPreview.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{05E45F17-7681-4FDD-97ED-718A0DA21971}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\..\{404C4C8A-8A1F-43C7-8EFB-06523B803FF5}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{05E45F17-7681-4FDD-97ED-718A0DA21971}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{05E45F17-7681-4FDD-97ED-718A0DA21971}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\Skype4COM.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Unknown owner - C:\DOCUME~1\ugur\LOCALS~1\Temp\RarSFX0\sp_rsser.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 12669 bytes
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:48:52, on 11/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{57908789-2F93-4BE4-BE48-AFAFEC5B9E94}: NameServer = 195.175.39.40 195.175.39.39
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
]
--
End of file - 4414 bytes
Arkadaşlar şunu da bi incelerseniz sevinirim.
-
quote:
Orijinalden alıntı: ReWeLLeR
Hocam dediklerinizi yaptım birde bu hatayı alıyorum nedense
Tmam o hata sorun degil. Hosts dosyasina erisim kisitlanmis buyuk ihtimalle YoutubeJacker tarzı bir programdan kaynaklanıyor.
-
quote:
Orijinalden alıntı: tcebeci
MBAM taramasında sorun yok
Bitdefender 2009 aşağıdakini bulup sildi
C:\Qoobox\Quarantine\C\Windows\System32\BReWErS.dll.vir
ComboFix klasoru disinda bir sey bulmadiysa sorun yok demektir.
quote:
Orijinalden alıntı: blkjack
Merhaba , bugunlerde makinemde yavaslama olmaya basladi , bir gozatabilirseniz memnun olurum ...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - (no file)
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Ultimate Download Manager - {AEF9B8DB-0DEF-4c0b-8209-661C9E82B8C3} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
quote:
Orijinalden alıntı: Ballerium
Arkadaşlar şunu da bi incelerseniz sevinirim.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
-
Serji;
log dosyamla ilgilendiğin için teşekkür ederim.
Alıntı yaptığın başlıkları fixledim.
Şunu da sorayım.Bunları gereksiz olduğu için mi ayırdın yoksa tehlikeli olduğu için mi?
Bi de bir kaç spyware programı yükledim.Onları aktif olarak kullanmıyorum.Bellirli aralıklarla açıyorum.Fakat şu an scan yaptığımda o programlara ait girdiler beliriyor.Onları da fixlemem gerekiyor mu? -
merhaba arakadaşlar
benim pc ve internet fazla yavaşladı.birde şu yaooau.exe var
loglarıma bakarmısınız lütfen.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:14:20, on 11.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 SP3 (7.00.6000.20772)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
C:\Documents and Settings\Administrator\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PERFECT XP SP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet
Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adparatus - {8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED} - C:\Program Files\Adparatus\Adparatus.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program
Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet
Security 2010\klwtbbho.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImage\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [Adparatus] "C:\Program Files\Adparatus\Adparatus.exe"
O4 - HKCU\..\RunOnce: [OSSProxy] c:\program files\relevantknowledge\rlvknlg.exe -bootinstall
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-507921405-1284227242-1644491937-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
(User '?')
O4 - HKUS\S-1-5-21-507921405-1284227242-1644491937-500\..\Run: [Adparatus] "C:\Program
Files\Adparatus\Adparatus.exe" (User '?')
O4 - HKUS\S-1-5-21-507921405-1284227242-1644491937-500\..\RunOnce: [OSSProxy] c:\program
files\relevantknowledge\rlvknlg.exe -bootinstall (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-507921405-1284227242-1644491937-500 Startup: paylaşım kapatma dosyam .bat (User '?')
O4 - Startup: paylaşım kapatma dosyam .bat
O4 - Global Startup: Wireless Utility.lnk = C:\Program Files\EDIMAX\Common\RaUI.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Reklam Başlığı Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2010\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program
Files\Java\jre1.6.0_06\bin\npjpi160_06.dll
O9 - Extra button: &Sanal klavye - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2010\klwtbbho.dll
O9 - Extra button: URL ko&ntrolü - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky
Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network
Diagnostic\xpnetdiag.exe
O15 - ProtocolDefaults: '@ivt' protocol is in My Computer Zone, should be Intranet Zone (HKLM)
O15 - ProtocolDefaults: 'file' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'ftp' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O15 - ProtocolDefaults: 'https' protocol is in My Computer Zone, should be Internet Zone (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{56E6330B-6047-4F0D-B8A0-CD08E3C1C331}: NameServer = 4.2.2.2,4.2.2.4
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common
Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security
2010\avp.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
--
End of file - 6566 bytes
-
quote:
Orijinalden alıntı: serji
ComboFix klasoru disinda bir sey bulmadiysa sorun yok demektir.
Çok teşekkürler, sınavlarda başarılar
< Bu mesaj bu kişi tarafından değiştirildi tcebeci -- 11 Kasım 2009; 21:29:50 > -
quote:
Orijinalden alıntı: Ballerium
Serji;
log dosyamla ilgilendiğin için teşekkür ederim.
Alıntı yaptığın başlıkları fixledim.
Şunu da sorayım.Bunları gereksiz olduğu için mi ayırdın yoksa tehlikeli olduğu için mi?
Bi de bir kaç spyware programı yükledim.Onları aktif olarak kullanmıyorum.Bellirli aralıklarla açıyorum.Fakat şu an scan yaptığımda o programlara ait girdiler beliriyor.Onları da fixlemem gerekiyor mu?
Hayir onlari IE yuk olmasin ve agirlastirmasin diye fixlettirdim. Fixleyip fixlememek sana kalmis. 2 turlu de sorun olmaz ama fixlersen IE performansi biraz artar. -
quote:
Orijinalden alıntı: firatkiray
merhaba arakadaşlar
benim pc ve internet fazla yavaşladı.birde şu yaooau.exe var
loglarıma bakarmısınız lütfen.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PERFECT XP SP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} -C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Adparatus - {8B2C7C9D-716D-4e9e-9358-B9C80A81B7ED} - C:\Program Files\Adparatus\Adparatus.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\ProgramFiles\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} -C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [OSSProxy] c:\program files\relevantknowledge\rlvknlg.exe -bootinstall
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-507921405-1284227242-1644491937-500\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
(User '?')
O4 - HKUS\S-1-5-21-507921405-1284227242-1644491937-500\..\Run: [Adparatus] "C:\Program
Files\Adparatus\Adparatus.exe" (User '?')
O4 - HKUS\S-1-5-21-507921405-1284227242-1644491937-500\..\RunOnce: [OSSProxy] c:\program
files\relevantknowledge\rlvknlg.exe -bootinstall (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-507921405-1284227242-1644491937-500 Startup: paylaşım kapatma dosyam .bat (User '?')
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orijinalden alıntı: tcebeci
Çok teşekkürler, sınavlarda başarılar
Rica ederim. Tesekkurler.
-
fixledikten sonra bilgisayarı yeniden başlattım ve az önce fixlediklerimi yeni raporda tekrar çıkardı. ben internete girdiğimde sürekli bir hata oluştu yazısı geliyor ve beni atıyor msnde donuyo ve bağlantı kapatıyor ve bende avg olmadığı halde sildiğim halde avg olduğunu yazıp başka anti virüs yüklemiyor
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:37:21, on 13.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16915)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Shenturk\Mini Hava\minihava.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Shenturk\Mini Hava\minihava.exe
C:\Program Files\Shenturk\Mini Hava\minihava.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - (no file)
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - (no file)
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [RaidTool] C:\Program Files\VIA\RAID\raid_tool.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\savaş\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [minihava] "C:\Program Files\Shenturk\Mini Hava\minihava.exe"
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) -http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
O16 - DPF: {474F00F5-3853-492C-AC3A-476512BBC336} (UploadListView Class) -http://picasaweb.google.com/s/v/51.26/uploader2.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) -http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1234890976609
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) -http://www.opentopia.com/support/activex/AxisCamControl.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate1c9a08f6ed5a052) (gupdate1c9a08f6ed5a052) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Norton Internet Security - Unknown owner - C:\Program Files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe (file missing)
--
End of file - 5025 bytes
-
Selamlar Serji Bey. Kontrol edebilirmisiniz ?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:01:26, on 13.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Rainmeter\Rainmeter.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Setupları\AntiVirus Programları\HiJackThis\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70 www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PSwitch] C:\Program Files\Proxy Switcher Standard\ProxySwitcher.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download All Links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Add to VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra 'Tools' menuitem: Add to &VideoGet - {88CFA58B-A63F-4A94-9C54-0C7A58E3333E} - C:\PROGRA~1\NUCLEA~1\VideoGet\Plugins\VIDEOG~1.DLL
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{357112BE-786F-4BC2-9942-2D4C8DDED86F}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F526033-4668-4E61-A780-536F1A58970B}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS1\Services\Tcpip\..\{357112BE-786F-4BC2-9942-2D4C8DDED86F}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CS2\Services\Tcpip\..\{357112BE-786F-4BC2-9942-2D4C8DDED86F}: NameServer = 4.2.2.2,4.2.2.3
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
--
End of file - 14734 bytes
-
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:10:58, on 11/13/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.20900)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\DrvIcon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\winamp toolbar\WinampTbServer.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
O1 - Hosts: YOUTUBE JACKER Ozkan ATA
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com
O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com
O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com
O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com
O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com
O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.87 v11.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.90 v12.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.93 v13.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.96 v14.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.99 v15.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.102 v16.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.82 v17.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.85 v18.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.88 v19.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.91 v20.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.94 v21.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.97 v22.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.100 v23.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.103 v24.lscache4.c.youtube.com
O1 - Hosts: 74.125.99.16 v1.lscache5.c.youtube.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: moneycharger browser enhancer - {F6640E18-7CEF-A8F6-85E8-6B1F633D5A11} - C:\WINDOWS\system32\cbbuuglsbogqy.dll
O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [DrvIcon] C:\WINDOWS\system32\DrvIcon.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [nohtvhbswhlyoh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cbbuuglsbogqy.dll"
O4 - HKCU\..\Run: [drvicon] C:\WINDOWS\system32\DrvIcon.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe
O4 - HKCU\..\Run: [EPSON BX300F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEJE.EXE /FU "C:\WINDOWS\TEMP\E_S4C.tmp" /EF "HKCU"
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~1.EXE -Update -1103470 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; GTB6; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 1.1.4322)" -"http://www.ben10.gen.tr/oyun/41/Ben_10_Savaa_Hazr.html"
O4 - HKUS\S-1-5-20\..\Run: [drvicon] C:\WINDOWS\system32\DrvIcon.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [drvicon] C:\WINDOWS\system32\DrvIcon.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [drvicon] C:\WINDOWS\system32\DrvIcon.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
O8 - Extra context menu item: &Winamp Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{668383A9-60EF-4C03-B0A1-1C12C23DD71C}: NameServer = 4.2.2.1,4.2.2.5
O23 - Service: Atheros Configuration Service (acs) - Atheros - C:\WINDOWS\system32\acs.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\WINDOWS\system32\DRIVERS\xaudio.exe
--
End of file - 13497 bytes
ŞİMDİDEN TEŞEKKÜRLER
NOT:MNS MESSENGER BAĞLANTI YAPILDIKTAN SONRA HEMEN DÜŞÜYORRR
-
kardeşim banada yardımcı olurmusun bi combofix tarama sonucum bu sistem32 deki PnkBstrB exe dosya olduğu konusunda sürekli uyarı alıyorum ne yapmalıyım
ComboFix 09-11-13.06 - B3K1R Corporation 13.11.2009 21:15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.473 [GMT 2:00]
Running from: c:\documents and settings\B3K1R Corporation\Desktop\7011-ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1a1dndah.exe
C:\22yj2fy1.exe
C:\3c.exe
C:\6ruaqx.exe
C:\86.exe
C:\8dtyjjf.exe
C:\9b9w3.exe
C:\9jyhdim8.exe
C:\9u.exe
C:\APHQG.EXE
C:\b.bat
C:\cj3k.exe
C:\cv8j.exe
c:\docume~1\B3K1RC~1\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\B3K1RC~1\LOCALS~1\Temp\cvasds1.dll
c:\documents and settings\B3K1R Corporation\Desktop\12.sınıf atölye\PLC\plc 2010\şifre- 6596\Desktop_.ini
c:\documents and settings\B3K1R Corporation\Desktop\12.sınıf atölye\PLC\plc 2010\plc simülasyon\Desktop_.ini
C:\dogyx90.exe
C:\eexyv.exe
C:\ewqij.bat
C:\g12g.exe
C:\G8K.EXE
C:\gcq6.exe
C:\hjvjte.exe
C:\hm1bfpuj.exe
C:\hx.exe
C:\i0yva6.exe
C:\incwf.bat
C:\kgji.exe
C:\ktly.exe
C:\l61yyp.exe
C:\lcw.exe
C:\m.exe
C:\m1eqos3.exe
C:\mjafm.exe
C:\mqhnawe.bat
C:\mranjm.exe
C:\mt2.exe
C:\nkv.bat
C:\o9bxu.exe
C:\p.exe
C:\pkkwng.exe
C:\t2hjo0.exe
C:\t8s2x.exe
C:\u0riu2.exe
C:\ucivd6xi.bat
C:\ukfbi3aw.exe
C:\vk0w.exe
C:\w9hw8.exe
C:\wbj.exe
C:\wcgswa.exe
c:\windows\AhnRpta.exe
c:\windows\system32\e8main0.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\msconfig.exe
c:\windows\system32\NTSVc.ocx
c:\windows\system32\scrrntr.dll
c:\windows\system32\vbbho.tlb
C:\xs6kpr0.exe
C:\y.bat
D:\1a1dndah.exe
D:\22yj2fy1.exe
D:\3c.exe
D:\6ruaqx.exe
D:\8dtyjjf.exe
D:\9b9w3.exe
D:\9jyhdim8.exe
D:\9u.exe
D:\aphqg.exe
D:\b.bat
D:\cj3k.exe
D:\cv8j.exe
D:\dogyx90.exe
D:\eexyv.exe
D:\ewqij.bat
D:\g12g.exe
D:\g8k.exe
D:\gcq6.exe
D:\hjvjte.exe
D:\hm1bfpuj.exe
D:\hx.exe
D:\i0yva6.exe
D:\incwf.bat
D:\kgji.exe
D:\ktly.exe
D:\l61yyp.exe
D:\lcw.exe
D:\m.exe
D:\m1eqos3.exe
D:\mjafm.exe
D:\mqhnawe.bat
D:\mranjm.exe
D:\mt2.exe
D:\nkv.bat
D:\o9bxu.exe
D:\p.exe
D:\pkkwng.exe
D:\t2hjo0.exe
D:\t8s2x.exe
D:\u0riu2.exe
D:\ucivd6xi.bat
D:\ukfbi3aw.exe
D:\vk0w.exe
D:\w9hw8.exe
D:\wbj.exe
D:\wcgswa.exe
D:\xs6kpr0.exe
D:\y.bat
E:\1a1dndah.exe
E:\22yj2fy1.exe
E:\3c.exe
E:\6ruaqx.exe
E:\8dtyjjf.exe
E:\9b9w3.exe
E:\9jyhdim8.exe
E:\9u.exe
E:\aphqg.exe
E:\b.bat
E:\cj3k.exe
E:\cv8j.exe
E:\dogyx90.exe
E:\eexyv.exe
E:\ewqij.bat
E:\g12g.exe
E:\g8k.exe
E:\gcq6.exe
E:\hjvjte.exe
E:\hm1bfpuj.exe
E:\hx.exe
E:\i0yva6.exe
E:\incwf.bat
E:\kgji.exe
E:\ktly.exe
E:\l61yyp.exe
E:\lcw.exe
E:\m.exe
E:\m1eqos3.exe
E:\mjafm.exe
E:\mqhnawe.bat
E:\mranjm.exe
E:\mt2.exe
E:\nkv.bat
E:\o9bxu.exe
E:\p.exe
E:\pkkwng.exe
E:\t2hjo0.exe
E:\t8s2x.exe
E:\u0riu2.exe
E:\ucivd6xi.bat
E:\ukfbi3aw.exe
E:\vk0w.exe
E:\w9hw8.exe
E:\wbj.exe
E:\wcgswa.exe
E:\xs6kpr0.exe
E:\y.bat
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_SVCHOST
-------\Service_AVPsys
-------\Service_SvcHost
((((((((((((((((((((((((( Files Created from 2009-10-13 to 2009-11-13 )))))))))))))))))))))))))))))))
.
2009-11-12 20:59 . 2009-11-12 20:59 -------- d-----w- c:\program files\Mecanique
2009-11-12 19:54 . 2009-11-12 19:54 -------- d-----w- c:\program files\USB Disk Security
2009-11-12 19:07 . 2009-11-12 19:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Zbshareware Lab
2009-11-11 16:13 . 2009-11-11 17:02 113817 --sh--r- C:\pbudsara.exe
2009-11-10 19:59 . 2009-11-11 17:01 -------- d-----w- c:\program files\Microsoft Silverlight
2009-11-10 19:59 . 2009-08-05 20:48 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-11-10 19:58 . 2009-11-10 19:58 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-11-10 19:57 . 2009-11-10 19:57 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-11-10 19:56 . 2009-11-10 19:56 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-11-04 16:29 . 2009-11-05 11:22 114304 --sh--r- C:\srgo.exe
2009-11-03 16:57 . 2009-11-03 16:56 111826 --sh--r- C:\mwfubaob.exe
2009-11-01 13:01 . 2009-11-01 13:01 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
2009-10-30 13:33 . 2009-10-30 14:40 113614 --sh--r- C:\a2g21.exe
2009-10-29 15:03 . 2009-10-29 16:28 112905 --sh--r- C:\uqgvf.exe
2009-10-28 16:18 . 2009-10-28 19:24 115845 --sh--r- C:\3n8awsyg.exe
2009-10-23 13:48 . 2009-10-23 14:11 114191 --sh--r- C:\b00ijwpu.exe
2009-10-21 16:42 . 2009-10-22 10:30 113953 --sh--r- C:\qbr2q.exe
2009-10-19 14:14 . 2009-10-20 16:00 116183 --sh--r- C:\nds0q.exe
2009-10-19 13:58 . 2009-10-19 13:58 116341 --sh--r- C:\nyt9mrd3.exe
2009-10-17 19:13 . 2009-10-19 13:59 -------- d-----w- c:\documents and settings\B3K1R Corporation\Local Settings\Application Data\ApplicationHistory
2009-10-17 19:13 . 2009-10-17 19:13 140 ----a-w- c:\documents and settings\B3K1R Corporation\Local Settings\Application Data\fusioncache.dat
2009-10-17 19:12 . 2009-10-17 19:12 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-17 19:11 . 2009-10-17 19:11 -------- d-----w- c:\program files\Common Files\Siemens
2009-10-17 19:11 . 2002-08-28 09:20 110645 ----a-w- c:\windows\system32\s7wcaotx.dll
2009-10-17 19:11 . 2001-08-10 07:05 217088 ----a-w- c:\windows\system32\s7esetdx.dll
2009-10-17 19:11 . 2002-08-28 09:26 495669 ----a-w- c:\windows\system32\S7OINTFX.dll
2009-10-17 19:11 . 2002-08-28 09:22 69685 ----a-w- c:\windows\system32\S7OTBLEX.dll
2009-10-17 19:11 . 2000-02-10 11:12 40960 ----a-w- c:\windows\system32\MelbReg.dll
2009-10-17 19:11 . 1999-11-05 11:27 33280 ----a-w- c:\windows\system32\s7erwlcx.dll
2009-10-17 19:10 . 2009-10-17 19:11 -------- d-----w- c:\windows\Setup
2009-10-17 19:10 . 2009-10-17 19:13 -------- d-----w- c:\program files\Siemens
2009-10-17 15:40 . 2009-10-18 15:38 115181 --sh--r- C:\se12ydam.exe
2009-10-16 15:10 . 2009-10-16 15:10 115618 --sh--r- C:\vb0hsoay.exe
2009-10-15 14:46 . 2009-10-15 14:46 116414 --sh--r- C:\2sm66r.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 16:16 . 2008-04-15 12:00 82714 ----a-w- c:\windows\system32\perfc01F.dat
2009-11-11 16:16 . 2008-04-15 12:00 431054 ----a-w- c:\windows\system32\perfh01F.dat
2009-11-10 19:59 . 2009-02-28 17:06 -------- d-----w- c:\program files\Windows Live
2009-11-01 07:36 . 2009-02-28 17:20 65368 ----a-w- c:\documents and settings\B3K1R Corporation\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-17 19:13 . 2009-02-28 17:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-14 18:42 . 2009-10-13 15:37 115522 --sh--r- C:\s3ek.exe
2009-10-13 10:15 . 2009-10-12 15:14 114400 --sh--r- C:\ycvvj.exe
2009-10-12 10:25 . 2009-10-11 15:19 114888 --sh--r- C:\mje12tni.exe
2009-10-10 16:15 . 2009-10-09 16:14 114819 --sh--r- C:\vlvtdflx.exe
2009-10-08 16:37 . 2009-10-08 16:37 117508 --sh--r- C:\1di1w.exe
2009-10-07 17:18 . 2009-10-07 16:18 117945 --sh--r- C:\r2g20.exe
2009-10-06 16:14 . 2009-10-06 16:15 117625 --sh--r- C:\f9o8o.exe
2009-10-06 10:40 . 2009-10-05 16:19 118651 --sh--r- C:\ctu8r.exe
2009-10-05 13:09 . 2009-10-03 16:39 117453 --sh--r- C:\sp1jensi.exe
2009-10-03 16:23 . 2009-10-03 16:23 117070 --sh--r- C:\l6jj.exe
2009-09-30 17:11 . 2009-09-30 16:09 118464 --sh--r- C:\0fkk02x.exe
2009-09-29 14:13 . 2009-09-28 14:41 117960 --sh--r- C:\rg9g9bgq.exe
2009-09-27 16:50 . 2009-03-29 19:50 -------- d-----w- c:\documents and settings\B3K1R Corporation\Application Data\LimeWire
2009-09-25 16:44 . 2009-09-24 14:28 111956 --sh--r- C:\w9uxx92.exe
2009-09-25 05:36 . 2008-08-11 23:52 666624 ----a-w- c:\windows\system32\wininet.dll
2009-09-25 05:36 . 2008-04-15 12:00 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-09-23 15:05 . 2009-09-23 14:54 112471 --sh--r- C:\bycfht.exe
2009-09-20 19:16 . 2009-09-20 19:17 115061 --sh--r- C:\cqb6wo.exe
2009-09-19 18:11 . 2009-09-19 17:03 117220 --sh--r- C:\2o1ajagt.exe
2009-09-19 07:29 . 2009-09-18 14:50 116114 --sh--r- C:\wrsf.exe
2009-09-17 16:38 . 2009-09-17 16:39 115797 --sh--r- C:\lhh3v.exe
2009-09-16 15:14 . 2009-09-16 15:15 116163 --sh--r- C:\qcod.exe
2009-09-15 20:26 . 2009-09-15 20:27 115942 --sh--r- C:\o8tf6l.exe
2009-09-12 16:53 . 2009-09-10 17:28 115742 --sh--r- C:\ph.exe
2009-09-11 14:18 . 2008-04-15 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-09 08:12 . 2009-09-08 17:18 116142 --sh--r- C:\10nb.exe
2009-09-07 14:10 . 2009-09-07 14:11 115074 --sh--r- C:\9cquqs.exe
2009-09-04 21:04 . 2008-04-15 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-30 14:26 . 2009-08-30 14:26 113919 --sh--r- C:\xbvv0.exe
2009-08-26 08:01 . 2008-04-15 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
.
------- Sigcheck -------
[-] 2008-08-11 . 356A9AA52B02AF8C6E0E2CC4B6C73998 . 1139200 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-08-11 . EE6385AAB18EA3D562E0D5EC3E5FBB5B . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
[-] 2008-08-11 . CE7B1140A1B1AFE9A4DB47412639B726 . 30208 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
c:\windows\system32\wscntfy.exe ... is missing !!
c:\windows\system32\regsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2008-07-24 490952]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-04-30 2329936]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Gainward"="c:\program files\Vtune\TBPanel.exe" [2006-09-13 2154496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"EasyTuneV"="c:\program files\Gigabyte\ET5\ETcall.exe" [2007-01-04 24576]
"ISUSPM Startup"="c:\progra~1\COMMON~1\InstallShield\UpdateService\isuspm.exe" [2005-02-17 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-17 81920]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2005-05-11 49152]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"USB Antivirus"="c:\program files\USB Disk Security\USBGuard.exe" [2008-05-20 798720]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2006-08-11 1519616]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-12-12 16270848]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-12-12 2879488]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2008-04-15 110592]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-04-15 99840]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2009-3-1 3655168]
Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2009-3-1 66076]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"= 0 (0x0)
"SynchronousUserGroupPolicy"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"MemCheckBoxInRunDlg"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
"MemCheckBoxInRunDlg"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMHelp"= 1 (0x1)
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
"NoResolveTrack"= 1 (0x1)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WBSrv]
2005-12-20 20:57 176128 ------w- c:\progra~1\Stardock\OBJECT~1\WINDOW~1\WbSrv.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"e:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\KONAMI\\Pro Evolution Soccer 2009\\pes2009.exe"=
"e:\\Program Files\\battlefield vietnam\\bfvietnam.exe"=
"d:\\GENERALS\\game.dat"=
"d:\\generals 2\\game.dat"=
"e:\\Program Files\\Warcraft III\\war3.exe"=
"e:\\Program Files\\NFSU2\\speed2.exe"=
"e:\\Far Cry 2\\bin\\FarCry2.exe"=
"e:\\Far Cry 2\\bin\\FC2Launcher.exe"=
"e:\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 aaatimeo;aaatimeo;c:\windows\system32\drivers\aaatimeo.sys [26.02.2006 17:21 4928]
R0 afamgt;afamgt;c:\windows\system32\drivers\afamgt.sys [28.03.2006 16:43 91707]
R0 siwinacc;siwinacc;c:\windows\system32\drivers\siwinacc.sys [01.11.2004 12:21 10368]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [18.08.2008 12:27 34312]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [23.08.2008 18:40 468224]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [10.11.2009 21:59 54752]
R2 NVIDIA Performance Driver Service;NVIDIA Performance Driver Service;c:\program files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe [11.12.2008 06:08 3575808]
R2 s7oiehsx;SIMATIC IEPG Help Service;c:\program files\Common Files\Siemens\S7IEPG\s7oiehsx.exe [07.07.2004 11:17 200769]
S1 NTAKRNL;NT Automation Kernel System;c:\windows\system32\drivers\ntakrnl.sys --> c:\windows\system32\drivers\ntakrnl.sys [?]
S2 gupdate1c99efffe8a4676;Google Update Service (gupdate1c99efffe8a4676);c:\program files\Google\Update\GoogleUpdate.exe [07.03.2009 10:37 133104]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys --> c:\windows\system32\DRIVERS\cv2k1.sys [?]
S3 fsssvc;Windows Live Aile Koruması Hizmeti;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 704864]
S3 NTProcDrv;Process creation detector for NT.;\??\c:\program files\Silkroad\NtProcDrv.sys --> c:\program files\Silkroad\NtProcDrv.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - HELPSVC
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 08:37]
2009-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-07 08:37]
2009-11-13 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 14:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.microsoft.com
mStart Page = hxxp://www.microsoft.com
mWindow Title = Microsoft Internet Explorer
IE: Microsoft Excel'e Gö&nder - c:\progra~1\Microsoft Office\OFFICE11\EXCEL.EXE/3000
TCP: {941E579C-F31C-483F-9C2B-1DB979181AC5} = 4.2.2.3,4.2.2.4
FF - ProfilePath - c:\documents and settings\B3K1R Corporation\Application Data\Mozilla\Firefox\Profiles\y1wi9bim.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - component: c:\documents and settings\B3K1R Corporation\Application Data\Mozilla\Firefox\Profiles\y1wi9bim.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
BHO-{9133C0FE-F3E9-407A-B8A7-DC276A9A0EDA} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\MsnMsgr.Exe
AddRemove-Bilden OKS - c:\program files\Bilden\OKS\IsStub32.exe
AddRemove-Shogo Demo - c:\games\ShogoDemo\DeIsL1.isu
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-11-13 21:26
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net
device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll sfsync02.sys atapi.sys spnm.sys >>UNKNOWN [0x86787938]<<
kernel: MBR read successfully
user & kernel MBR OK
Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net
atapi.sys @ 0x0 0x0 bytes
\Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xF732FB40 atapi.sys
\Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xF732FB40 atapi.sys
\Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xF732FB40 atapi.sys
\Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xF75FC8B4 sfsync02.sys
\Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xF732FB40 atapi.sys
\Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xF732FB40 atapi.sys
\Driver\atapi IRP hooks detected !
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\S-1-5-21-1177238915-1965331169-2147063517-1001\Software\SecuROM\License information*]
"datasecu"=hex:b7,bf,29,7f,c4,d7,74,50,b3,43,f7,29,52,8a,10,dc,a1,92,38,75,10,
f9,3b,d4,6b,4d,2f,24,89,dd,dd,20,ad,c7,34,0c,b6,18,c9,53,2b,46,fb,e5,08,de,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\cscui.dll
c:\progra~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
- - - - - - - > 'explorer.exe'(3588)
c:\windows\System32\cscui.dll
c:\windows\system32\NETSHELL.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2009-11-13 21:29 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-13 19:29
Pre-Run: 6.855.630.848 bayt boş
Post-Run: 6.981.529.600 bayt boş
- - End Of File - - 1966CD1003E7EF7B031829D1F0C224BE
-
Merhabalar, dediğiniz gibi hijackthisle gerekli satırları fixledim ve combofixle söylediğiniz işlemleri gerçekleştirdim aşağıda combofix logunu gönderiyorum, bu arada gizli dosyaları göstermeme sorunum ortadan kalktı.
quote:
ComboFix 09-11-14.03 - Ali Burak 14.11.2009 17:03..2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.1015.626 [GMT 2:00]
Running from: c:\documents and settings\Ali Burak\Belgelerim\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\6ruaqx.exe
C:\9b9w3.exe
C:\autorun.inf
c:\docume~1\ALIBUR~1\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\ALIBUR~1\LOCALS~1\Temp\cvasds1.dll
C:\g12g.exe
C:\hjvjte.exe
C:\l61yyp.exe
c:\recycler\S-1-5-21-3713256513-92216171-3168076220-1003
C:\v1cbvsmq.exe
C:\vk0w.exe
c:\windows\AhnRpta.exe
c:\windows\system32\scrrntr.dll
D:\6ruaqx.exe
D:\9b9w3.exe
D:\Autorun.inf
D:\g12g.exe
D:\l61yyp.exe
D:\v1cbvsmq.exe
D:\vk0w.exe
.
((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.
2009-11-14 14:31 . 2009-11-14 14:31 116017 --sh--r- C:\opdux.exe
2009-11-14 14:30 . 2009-11-14 14:35 -------- d-----w- C:\4551cbfd24b7354fbd27fdb39924
2009-11-14 13:55 . 2009-11-14 13:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-14 13:44 . 2009-11-14 14:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2009-11-14 13:44 . 2009-10-03 08:15 2924848 -c----w- c:\documents and settings\All Users\Application Data\~0\Ad-AwareInstallation.exe
2009-11-14 13:44 . 2009-11-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-11-11 18:35 . 2009-11-11 18:35 113817 --sh--r- C:\pbudsara.exe
2009-11-10 17:59 . 2009-11-10 18:01 -------- d-----w- c:\program files\icytower1.4
2009-11-03 15:55 . 2009-11-03 15:54 111826 --sh--r- C:\mwfubaob.exe
2009-10-30 16:10 . 2009-10-30 16:10 113614 --sh--r- C:\a2g21.exe
2009-10-29 18:29 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
2009-10-29 15:07 . 2009-10-30 11:00 112905 --sh--r- C:\uqgvf.exe
2009-10-29 09:33 . 2009-10-29 09:32 115845 --sh--r- C:\3n8awsyg.exe
2009-10-22 15:04 . 2009-10-22 15:04 -------- d-----w- c:\documents and settings\Ali Burak\Local Settings\Application Data\Help
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-10 17:41 . 2009-09-06 22:45 -------- d-----w- c:\program files\Opera
2009-11-10 14:30 . 2009-10-11 13:23 -------- d-----w- c:\documents and settings\Ali Burak\Application Data\uTorrent
2009-11-10 13:27 . 2009-02-26 13:44 72664 ----a-w- c:\windows\system32\perfc01F.dat
2009-11-10 13:27 . 2009-02-26 13:44 390090 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-11 13:23 . 2009-10-11 13:23 -------- d-----w- c:\program files\uTorrent
2009-10-06 11:43 . 2009-10-06 11:43 -------- d-----w- c:\documents and settings\Ali Burak\Application Data\GRETECH
2009-10-06 11:27 . 2009-09-07 00:59 55816 ----a-w- c:\documents and settings\Ali Burak\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-05 15:02 . 2009-10-05 15:02 -------- d-----w- c:\program files\GRETECH
2009-10-04 08:25 . 2009-02-26 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-04 08:20 . 2009-02-26 13:04 -------- d-----w- c:\program files\Microsoft Works
2009-10-04 08:19 . 2009-10-04 08:19 -------- d-----w- c:\program files\Microsoft.NET
2009-09-19 15:09 . 2009-02-26 11:59 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-09-06 22:29 . 2009-09-06 22:29 390214 ----a-w- c:\windows\1000H-ASUS-2102.zip
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
@="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
[HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
2006-12-22 10:28 271360 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
@="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
[HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
2006-12-22 10:28 271360 ----a-w- c:\windows\system32\mscoree.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]
c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-26 376832]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}"= "c:\windows\system32\softqq1.dll" [2008-04-15 62925]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 09:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\startupfolder\C:^Documents and Settings^Ali Burak^Start Menu^Programlar^Başlangıç^Logitech . Ürün Kaydı.lnk]
path=c:\documents and settings\Ali Burak\Start Menu\Programlar\Başlangıç\Logitech . Ürün Kaydı.lnk
backup=c:\windows\pss\Logitech . Ürün Kaydı.lnkStartup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"d:\\utorrent.exe"=
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26.02.2009 15:00 54752]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [08.09.2009 19:14 10384]
R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [26.02.2009 14:40 10752]
R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [19.02.2009 04:33 93696]
S3 fsssvc;Windows Live Aile Koruması Hizmeti;"c:\program files\Windows Live\Family Safety\fsssvc.exe" --> c:\program files\Windows Live\Family Safety\fsssvc.exe [?]
S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [04.02.2009 11:41 38400]
S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [26.02.2009 14:40 933504]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - MBR
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Bluetooth'a Gönder - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-11-14 17:10
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(532)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(2528)
c:\program files\ASUS\Eee Storage\XPClient.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\igfxext.exe
.
**************************************************************************
.
Completion time: 2009-11-14 17:12 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-14 15:12
Pre-Run: 66.274.787.328 bayt boş
Post-Run: 66.682.695.680 bayt boş
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 949D021FCB0A65A77E6D5FB06D2BCB99
< Bu mesaj bu kişi tarafından değiştirildi djinn_inc -- 14 Kasım 2009; 17:19:59 >
-
quote:
Orijinalden alıntı: sancar1992
kardeşim banada yardımcı olurmusun bi combofix tarama sonucum bu sistem32 deki PnkBstrB exe dosya olduğu konusunda sürekli uyarı alıyorum ne yapmalıyım
ComboFix 09-11-13.06 - B3K1R Corporation 13.11.2009 21:15.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.473 [GMT 2:00]
Running from: c:\documents and settings\B3K1R Corporation\Desktop\7011-ComboFix.exe
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - system32: deleted 12 bytes in 1 streams.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\1a1dndah.exe
C:\22yj2fy1.exe
C:\3c.exe
C:\6ruaqx.exe
C:\86.exe
C:\8dtyjjf.exe
C:\9b9w3.exe
C:\9jyhdim8.exe
C:\9u.exe
C:\APHQG.EXE
C:\b.bat
C:\cj3k.exe
C:\cv8j.exe
c:\docume~1\B3K1RC~1\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\B3K1RC~1\LOCALS~1\Temp\cvasds1.dll
c:\documents and settings\B3K1R Corporation\Desktop\12.sınıf atölye\PLC\plc 2010\şifre- 6596\Desktop_.ini
c:\documents and settings\B3K1R Corporation\Desktop\12.sınıf atölye\PLC\plc 2010\plc simülasyon\Desktop_.ini
C:\dogyx90.exe
C:\eexyv.exe
C:\ewqij.bat
C:\g12g.exe
C:\G8K.EXE
C:\gcq6.exe
C:\hjvjte.exe
C:\hm1bfpuj.exe
C:\hx.exe
C:\i0yva6.exe
C:\incwf.bat
C:\kgji.exe
C:\ktly.exe
C:\l61yyp.exe
C:\lcw.exe
C:\m.exe
C:\m1eqos3.exe
C:\mjafm.exe
C:\mqhnawe.bat
C:\mranjm.exe
C:\mt2.exe
C:\nkv.bat
C:\o9bxu.exe
C:\p.exe
C:\pkkwng.exe
C:\t2hjo0.exe
C:\t8s2x.exe
C:\u0riu2.exe
C:\ucivd6xi.bat
C:\ukfbi3aw.exe
C:\vk0w.exe
C:\w9hw8.exe
C:\wbj.exe
C:\wcgswa.exe
c:\windows\AhnRpta.exe
c:\windows\system32\e8main0.dll
c:\windows\system32\ieuinit.inf
c:\windows\system32\msconfig.exe
c:\windows\system32\NTSVc.ocx
c:\windows\system32\scrrntr.dll
c:\windows\system32\vbbho.tlb
C:\xs6kpr0.exe
C:\y.bat
D:\1a1dndah.exe
D:\22yj2fy1.exe
D:\3c.exe
D:\6ruaqx.exe
D:\8dtyjjf.exe
D:\9b9w3.exe
D:\9jyhdim8.exe
D:\9u.exe
D:\aphqg.exe
D:\b.bat
D:\cj3k.exe
D:\cv8j.exe
D:\dogyx90.exe
D:\eexyv.exe
D:\ewqij.bat
D:\g12g.exe
D:\g8k.exe
D:\gcq6.exe
D:\hjvjte.exe
D:\hm1bfpuj.exe
D:\hx.exe
D:\i0yva6.exe
D:\incwf.bat
D:\kgji.exe
D:\ktly.exe
D:\l61yyp.exe
D:\lcw.exe
D:\m.exe
D:\m1eqos3.exe
D:\mjafm.exe
D:\mqhnawe.bat
D:\mranjm.exe
D:\mt2.exe
D:\nkv.bat
D:\o9bxu.exe
D:\p.exe
D:\pkkwng.exe
D:\t2hjo0.exe
D:\t8s2x.exe
D:\u0riu2.exe
D:\ucivd6xi.bat
D:\ukfbi3aw.exe
D:\vk0w.exe
D:\w9hw8.exe
D:\wbj.exe
D:\wcgswa.exe
D:\xs6kpr0.exe
D:\y.bat
E:\1a1dndah.exe
E:\22yj2fy1.exe
E:\3c.exe
E:\6ruaqx.exe
E:\8dtyjjf.exe
E:\9b9w3.exe
E:\9jyhdim8.exe
E:\9u.exe
E:\aphqg.exe
E:\b.bat
E:\cj3k.exe
E:\cv8j.exe
E:\dogyx90.exe
E:\eexyv.exe
E:\ewqij.bat
E:\g12g.exe
E:\g8k.exe
E:\gcq6.exe
E:\hjvjte.exe
E:\hm1bfpuj.exe
E:\hx.exe
E:\i0yva6.exe
E:\incwf.bat
E:\kgji.exe
E:\ktly.exe
E:\l61yyp.exe
E:\lcw.exe
E:\m.exe
E:\m1eqos3.exe
E:\mjafm.exe
E:\mqhnawe.bat
E:\mranjm.exe
E:\mt2.exe
E:\nkv.bat
E:\o9bxu.exe
E:\p.exe
E:\pkkwng.exe
E:\t2hjo0.exe
E:\t8s2x.exe
E:\u0riu2.exe
E:\ucivd6xi.bat
E:\ukfbi3aw.exe
E:\vk0w.exe
E:\w9hw8.exe
E:\wbj.exe
E:\wcgswa.exe
E:\xs6kpr0.exe
E:\y.bat
Bilgisayar virüs istilasına uğramış, iyiki log gönderdin. @serji halledecektir.
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
