Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+

Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
2 Misafir Kullanıcı, 2 Masaüstü Kullanıcı
9.880
Cevap
18
Favori
1.219.408
Tıklama
Tüm Forumlar >> İşletim Sistemleri ve Yazılımlar >> Yazılım Genel >> Güvenlik Programları >> HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Giriş
Mesaj
  • Yarbay
    4409 Mesaj
    Serji herhangi bir fazlalık var mı bakarsan sevinirim
    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 09:19:23, on 17.04.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
    C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\Ad Muncher\AdMunch.exe
    C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    D:\Program Setup\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [Ad Muncher] "C:\Program Files (x86)\Ad Muncher\AdMunch.exe" /bt
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Block frame with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=02B0772Q&id=menu_ie_frame
    O8 - Extra context menu item: Block image with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=02B0772Q&id=menu_ie_image
    O8 - Extra context menu item: Block link with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=02B0772Q&id=menu_ie_link
    O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Don't filter page with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=02B0772Q&id=menu_ie_exclude
    O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Report page to the Ad Muncher developers -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=2.0&pass=02B0772Q&id=menu_ie_report
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9418D664-ACBC-4DFC-B7A6-EC7219189A0D}: NameServer = 8.8.8.8,8.8.4.4
    O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: O&O Defrag - Unknown owner - C:\Windows\system32\oodag.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8401 bytes
    |
    |
    _____________________________
    APPLE IPHONE 6S PLUS / 64GB GOLD




  • Yüzbaşı
    915 Mesaj
    Merhaba serji,

    İlgine teşekkür ederim. Benim LOG da aşağıdaki gibi. Bir göz atıverirsen sevinirim.

    Saygılar..

    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 12:05:30, on 17.04.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\csrss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\svchost.exe
    F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\WINDOWS\VistaDrive\VistaDrive.exe
    F:\Program Files\Visual Task Tips\Visual Task Tips.exe
    F:\PROGRA~1\LAUNCH~1\LManager.exe
    F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    F:\Program Files\Common Files\Java\Java Update\jusched.exe
    F:\Program Files\ESET\ESET Smart Security\egui.exe
    F:\WINDOWS\RTHDCPL.EXE
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\LClock\LClock.exe
    F:\Program Files\SuperCopier2\SuperCopier2.exe
    F:\Program Files\Windows Live\Messenger\msnmsgr.exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\Strokeit\strokeit.exe
    F:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    F:\Program Files\FinePixViewer\QuickDCF2.exe
    F:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    F:\DOCUME~1\Admin\LOCALS~1\Temp\RtkBtMnt.exe
    F:\WINDOWS\system32\agrsmsvc.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\ESET\ESET Smart Security\ekrn.exe
    F:\WINDOWS\system32\fsproflt.exe
    F:\Program Files\Java\jre6\bin\jqs.exe
    F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    F:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\System32\alg.exe
    F:\WINDOWS\system32\wbem\wmiapsrv.exe
    F:\Program Files\Windows Live\Contacts\wlcomm.exe
    F:\Program Files\Mozilla Firefox\firefox.exe
    F:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
    F:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
    F:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe
    F:\Documents and Settings\Admin\Belgelerim\HiJackThis.exe
    F:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = XP Ultimate 2009
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts:http://173.192.215.230/200kon/
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - F:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - F:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [VistaDrive] F:\WINDOWS\VistaDrive\VistaDrive.exe
    O4 - HKLM\..\Run: [Visual Task Tips] F:\Program Files\Visual Task Tips\Visual Task Tips.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LManager] F:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [SynTPEnh] F:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "F:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "F:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NokiaMServer] F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup
    O4 - HKLM\..\Run: [NokiaMusic FastStart] "F:\Program Files\Nokia\Ovi Player\NokiaOviPlayer.exe" /command:faststart
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [mspaint] "F:\WINDOWS\system32\Paint.exe" -autocheck
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [LClock] F:\Program Files\LClock\LClock.exe
    O4 - HKCU\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe
    O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [StrokeIt] F:\Program Files\Strokeit\strokeit.exe
    O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\Admin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [LClock] F:\Program Files\LClock\LClock.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [TopDesk] F:\Program Files\TopDesk\topdesk.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [RocketDock] "F:\Program Files\RocketDock\RocketDock.exe" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] F:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [SuperCopier2.exe] F:\Program Files\SuperCopier2\SuperCopier2.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: ExifLauncher2.lnk = F:\Program Files\FinePixViewer\QuickDCF2.exe
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://F:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Send to &Bluetooth Device... - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send To Bluetooth - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - F:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - F:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{1DDA3AD1-78C3-48C1-8AA0-E644F2053753}: NameServer = 208.67.222.222,208.67.222.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{85788E76-04B2-4685-A4B0-B0B66BF1BFFA}: NameServer = 208.67.222.222,208.67.222.220
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - F:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - F:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FSPro Filter Service (fsproflt) - FSPro Labs - F:\WINDOWS\system32\fsproflt.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - F:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - F:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - F:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - F:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: ServiceLayer - Nokia - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 10214 bytes
    |
    |
    _____________________________




  • Yüzbaşı
    261 Mesaj
    Bilgisayar açılışta ani durma sesi çıkarıyor ama ekranda hata yok arada sırada da donuyor bakarsan sevinirim kolay gelsin

    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 13:44:04, on 17.04.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\IObit\Game Booster\gbtray.exe
    D:\SROKing\Launcher.exe
    C:\Program Files\Silkroad\sro_client.exe
    C:\Program Files\K-Lite Codec Pack\Media Player Classic\mplayerc.exe
    C:\Documents and Settings\Bilgisayarım\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

    --
    End of file - 3363 bytes
    |
    |
    _____________________________




  • Çavuş
    53 Mesaj
    Benim raporumu inceler misiniz?


    [code][/code]
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 02:04:10, on 19.04.2010
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\MooN\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = socks=
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_0.dll
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://software.kuaiche.com
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1271536734593
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C5444D7E-9555-44FD-83AF-89AC8958A531}: NameServer = 208.67.222.222,208.67.220.220
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 6954 bytes
    |
    |




  • Yarbay
    2966 Mesaj
    merhaba. virüslü bir linke tıkladım. incelerseniz sevinirim.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:10:38, on 22.04.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\Domino.EXE
    C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
    C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
    C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
    C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
    C:\Program Files (x86)\Winamp\winampa.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Warcraft III\eb.exe
    C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    c:\program files (x86)\avira\antivir desktop\avgnt.exe
    C:\Program Files (x86)\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\Windows\SysWOW64\dvmurl.dll
    R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
    O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_P.dll
    O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [eurobattlegui] "C:\Program Files (x86)\Warcraft III\eb.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATICDE.EXE /FU "C:\Windows\TEMP\E_S9848.tmp" /EF "HKCU"
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Global Startup: Logitech SetPoint.lnk = ?
    O4 - Global Startup: Rainmeter.lnk = C:\Program Files\Rainmeter\Rainmeter.exe
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O20 - AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - C:\Program Files (x86)\WinPcap\rpcapd.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9341 bytes
    |
    |
    _____________________________




  • Emekli Yönetici
    13626 Mesaj
    Merhaba rica etsem inceleyebilirmisiniz.

    ComboFix 10-04-21.01 - Fatih 22.04.2010  22:22:21.1.2 - x86 
    Microsoft Windows 7 Ultimate 6.1.7600.0.1254.90.1055.18.3071.2337 [GMT 3:00]
    Running from: c:\users\Fatih\Desktop\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    H:\9b9w3.exe
    H:\Autorun.inf

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-22 to 2010-04-22 )))))))))))))))))))))))))))))))
    .

    2010-04-22 19:31 . 2010-04-22 19:32 -------- d-----w- c:\users\Fatih\AppData\Local\temp
    2010-04-22 17:49 . 2010-04-22 17:49 932368 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\profiles-1-6.dll
    2010-04-22 17:49 . 2010-04-22 17:49 678416 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\content_interpreter-1-1.dll
    2010-04-22 17:49 . 2010-04-22 17:49 604688 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\gsg-3-9.dll
    2010-04-22 17:49 . 2010-04-22 17:49 522768 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\database-1-5.dll
    2010-04-22 17:49 . 2010-04-22 17:49 1096208 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\KasFlt\Plugins\filtration-4-6.dll
    2010-04-22 17:47 . 2010-04-22 17:47 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\fssync.dll
    2010-04-22 17:47 . 2010-04-22 17:47 397328 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\oeas.dll
    2010-04-22 17:01 . 2010-04-22 17:01 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
    2010-04-22 16:49 . 2010-04-22 16:49 -------- d-----w- c:\program files\MSXML 4.0
    2010-04-22 07:16 . 2010-04-22 07:18 -------- d-----w- c:\program files\The KMPlayer
    2010-04-22 06:54 . 2010-04-22 06:54 29992 ----a-w- c:\windows\system32\drivers\GRD.sys
    2010-04-22 06:48 . 2010-04-22 06:48 53320 ----a-w- c:\windows\system32\drivers\MiniIcpt.sys
    2010-04-22 06:48 . 2010-04-22 06:48 46536 ----a-w- c:\windows\system32\drivers\PktIcpt.sys
    2010-04-22 06:47 . 2010-04-22 06:47 27720 ----a-w- c:\windows\system32\drivers\GDBehave.sys
    2010-04-22 06:47 . 2010-04-22 06:47 40904 ----a-w- c:\windows\system32\drivers\gdwfpcd32.sys
    2010-04-22 06:47 . 2010-04-22 16:56 -------- d-----w- c:\programdata\G DATA
    2010-04-22 06:47 . 2010-04-22 16:56 -------- d-----w- c:\program files\G Data
    2010-04-22 06:47 . 2010-04-22 16:56 -------- d-----w- c:\program files\Common Files\G DATA
    2010-04-22 06:42 . 2010-04-22 06:45 -------- d-----w- c:\users\Fatih\AppData\Local\Ahead
    2010-04-22 06:39 . 2010-04-22 06:39 -------- d-----w- c:\users\Fatih\AppData\Roaming\Ahead
    2010-04-22 06:39 . 2010-04-22 06:39 -------- d-----w- c:\programdata\Ahead
    2010-04-22 06:37 . 2010-04-22 06:38 -------- d-----w- c:\program files\Common Files\Ahead
    2010-04-22 06:37 . 2010-04-22 06:37 -------- d-----w- c:\programdata\Nero
    2010-04-22 06:37 . 2010-04-22 06:37 -------- d-----w- c:\program files\Nero
    2010-04-22 06:20 . 2010-04-22 06:20 -------- d-----w- c:\program files\Common Files\PX Storage Engine
    2010-04-22 06:20 . 2010-04-22 06:20 -------- d-----w- c:\programdata\GoodSync
    2010-04-22 06:20 . 2010-04-22 06:20 -------- d-----w- c:\users\Fatih\AppData\Roaming\GoodSync
    2010-04-22 06:20 . 2010-04-22 06:20 -------- d-----w- c:\program files\Siber Systems
    2010-04-22 06:19 . 2010-04-22 06:19 -------- d-----w- c:\windows\system32\IOSUBSYS
    2010-04-22 06:19 . 2010-04-22 06:19 -------- d-----w- c:\program files\Google
    2010-04-22 06:16 . 2010-04-22 06:16 -------- d-----w- c:\program files\Ask.com
    2010-04-22 06:14 . 2010-04-22 06:14 -------- d-----w- c:\program files\ImageShack Uploader
    2010-04-22 06:11 . 2010-04-22 06:20 -------- d-----w- c:\users\Fatih\AppData\Local\Google
    2010-04-22 06:10 . 2010-04-22 06:10 -------- d-----w- c:\program files\FreeTime
    2010-04-22 06:09 . 2010-04-22 06:09 -------- d-----w- c:\program files\FileZilla FTP Client
    2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\users\Fatih\AppData\Roaming\FastStone
    2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\program files\FastStone Capture
    2010-04-22 06:07 . 2010-04-22 06:07 -------- d-----w- c:\program files\CCleaner
    2010-04-22 06:06 . 2010-04-22 06:06 89752 ----a-r- c:\users\Fatih\AppData\Roaming\Microsoft\Installer\{60435182-A9EF-4C3A-AB2C-22A85EAAE123}\_5df81f92.exe
    2010-04-22 06:06 . 2010-04-22 06:06 11502 ----a-r- c:\users\Fatih\AppData\Roaming\Microsoft\Installer\{60435182-A9EF-4C3A-AB2C-22A85EAAE123}\_5eb7145f.exe
    2010-04-22 06:06 . 2010-04-22 06:06 11502 ----a-r- c:\users\Fatih\AppData\Roaming\Microsoft\Installer\{60435182-A9EF-4C3A-AB2C-22A85EAAE123}\_5d513b2b.exe
    2010-04-22 06:06 . 2010-04-22 06:06 -------- d-----w- c:\program files\Alarmset 6
    2010-04-22 06:03 . 2010-04-22 06:03 -------- d-----w- c:\program files\Unlocker
    2010-04-22 06:01 . 2010-04-22 06:01 -------- d-----w- c:\program files\MSECache
    2010-04-22 05:54 . 2003-06-18 22:31 18944 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\mdippr.dll
    2010-04-22 05:54 . 2003-06-18 22:31 17920 ----a-w- c:\windows\system32\mdimon.dll
    2010-04-22 05:52 . 2010-04-22 05:52 -------- d-----w- c:\program files\Microsoft Works
    2010-04-22 05:51 . 2010-04-22 05:51 -------- d-----w- c:\program files\Microsoft.NET
    2010-04-22 05:48 . 2010-04-22 05:48 -------- d-----r- C:\MSOCache
    2010-04-22 05:45 . 2010-04-22 05:45 -------- d-----w- c:\program files\Common Files\Java
    2010-04-22 05:45 . 2010-04-12 14:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-22 05:23 . 2010-04-22 05:32 -------- d-----w- c:\program files\JDownloader
    2010-04-22 05:21 . 2010-04-22 05:45 -------- d-----w- c:\program files\Java
    2010-04-22 05:18 . 2010-04-22 05:18 -------- d-----w- c:\windows\Profiles
    2010-04-22 05:18 . 2010-04-22 05:18 -------- d-----w- c:\users\Fatih\AppData\Roaming\URSoft
    2010-04-22 05:18 . 2010-04-22 05:19 -------- d-----w- c:\program files\Your Uninstaller 2008
    2010-04-21 21:20 . 2010-04-21 21:20 -------- d-----w- c:\users\Fatih\AppData\Roaming\FRISK Software
    2010-04-21 21:14 . 2010-04-22 06:30 -------- dc----w- c:\windows\system32\DRVSTORE
    2010-04-21 21:14 . 2008-03-28 11:06 584544 ----a-w- c:\windows\system32\drivers\FPAV_RTP.sys
    2010-04-21 21:14 . 2010-04-21 21:14 -------- d-----w- c:\programdata\FRISK Software
    2010-04-21 21:11 . 2010-04-21 21:11 -------- d-----w- c:\program files\Microsoft IntelliPoint
    2010-04-21 21:08 . 2010-04-21 21:09 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    2010-04-21 20:57 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
    2010-04-21 20:48 . 2010-04-21 20:48 -------- d-----w- c:\programdata\Messenger Plus!
    2010-04-21 20:40 . 2010-02-24 07:16 181632 ------w- c:\windows\system32\MpSigStub.exe
    2010-04-21 20:39 . 2009-10-02 04:06 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
    2010-04-21 20:39 . 2009-09-03 07:04 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
    2010-04-21 20:39 . 2009-08-19 07:20 507568 ----a-w- c:\windows\system32\winload.exe
    2010-04-21 20:39 . 2009-08-19 07:20 442920 ----a-w- c:\windows\system32\winresume.exe
    2010-04-21 20:39 . 2009-08-29 06:54 12625408 ----a-w- c:\windows\system32\wmploc.DLL
    2010-04-21 20:38 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-04-21 20:38 . 2009-12-13 09:30 641536 ----a-w- c:\windows\system32\CPFilters.dll
    2010-04-21 20:38 . 2009-12-13 09:29 417792 ----a-w- c:\windows\system32\msdri.dll
    2010-04-21 20:38 . 2009-12-13 09:30 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2010-04-21 20:34 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
    2010-04-21 20:34 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
    2010-04-21 20:34 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-21 20:34 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-21 20:34 . 2010-01-18 23:29 365568 ----a-w- c:\windows\system32\secproc_isv.dll
    2010-04-21 20:34 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
    2010-04-21 20:34 . 2010-01-18 23:29 369152 ----a-w- c:\windows\system32\secproc.dll
    2010-04-21 20:34 . 2010-01-18 23:28 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
    2010-04-21 20:34 . 2010-01-18 23:28 320512 ----a-w- c:\windows\system32\RMActivate.exe
    2010-04-21 20:34 . 2010-01-18 23:29 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
    2010-04-21 20:34 . 2010-01-18 23:28 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
    2010-04-21 20:34 . 2010-01-18 23:28 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
    2010-04-21 20:33 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-21 20:33 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-21 20:33 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-21 20:26 . 2010-04-21 20:26 -------- d-----w- c:\users\Fatih\AppData\Local\ESET
    2010-04-21 20:22 . 2010-04-21 20:22 -------- d-----w- c:\windows\system32\Macromed
    2010-04-21 20:15 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-21 20:15 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-04-21 20:14 . 2010-04-21 20:14 0 ----a-w- c:\windows\nsreg.dat
    2010-04-21 20:14 . 2010-04-21 20:14 -------- d-----w- c:\users\Fatih\AppData\Local\Mozilla
    2010-04-21 20:10 . 2010-04-21 20:10 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-04-21 20:09 . 2010-04-21 19:16 -------- d-----w- c:\windows\Panther
    2010-04-21 20:07 . 2010-04-21 20:07 -------- d-----w- c:\windows\PCHEALTH
    2010-04-21 20:07 . 2010-04-21 20:07 -------- d-----w- c:\program files\Windows Live
    2010-04-21 19:50 . 2007-03-07 23:51 129784 ------w- c:\windows\system32\pxafs.dll
    2010-04-21 19:50 . 2010-04-21 19:52 -------- d-----w- c:\users\Fatih\AppData\Roaming\Winamp
    2010-04-21 19:50 . 2010-04-21 19:51 -------- d-----w- c:\program files\Winamp
    2010-04-21 19:47 . 2010-04-21 19:47 -------- d-----w- c:\users\Fatih\AppData\Local\Opera
    2010-04-21 19:47 . 2010-04-21 19:47 -------- d-----w- c:\program files\Opera
    2010-04-21 19:41 . 2010-04-21 19:42 -------- d-----w- c:\program files\Analog Devices
    2010-04-21 19:41 . 2010-04-21 19:41 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-04-21 19:40 . 2010-04-21 19:40 -------- d-----w- c:\users\Fatih\AppData\Roaming\InstallShield
    2010-04-21 19:38 . 2010-04-21 19:39 -------- d-----w- c:\programdata\NVIDIA
    2010-04-21 19:37 . 2010-04-21 19:38 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-04-21 19:36 . 2010-01-12 04:03 11586280 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
    2010-04-21 19:36 . 2010-01-12 04:03 795104 ----a-w- c:\windows\system32\dpinst.exe
    2010-04-21 19:36 . 2010-01-12 04:03 68200 ----a-w- c:\windows\system32\OpenCL.dll
    2010-04-21 19:36 . 2010-01-12 04:03 14924392 ----a-w- c:\windows\system32\nvoglv32.dll
    2010-04-21 19:35 . 2010-01-12 04:03 4077672 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-04-21 19:35 . 2010-01-12 04:03 4061800 ----a-w- c:\windows\system32\nvcuda.dll
    2010-04-21 19:35 . 2010-01-12 04:03 2243176 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-04-21 19:35 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod189.dll
    2010-04-21 19:35 . 2010-01-12 04:03 182888 ----a-w- c:\windows\system32\nvcod.dll
    2010-04-21 19:35 . 2010-01-12 04:03 1280616 ----a-w- c:\windows\system32\nvapi.dll
    2010-04-21 19:35 . 2010-01-12 04:03 11639400 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-04-21 19:28 . 2010-04-22 17:03 -------- d-sh--w- c:\windows\Installer
    2010-04-21 19:28 . 2010-04-22 06:45 -------- d-----w- c:\users\Fatih\AppData\Local\Downloaded Installations
    2010-04-21 19:22 . 2010-04-22 07:40 -------- d-----w- c:\windows\system32\wbem\Performance
    2010-04-21 19:18 . 2010-04-22 06:11 109216 ----a-w- c:\users\Fatih\AppData\Local\GDIPFONTCACHEV1.DAT

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-22 19:18 . 2010-04-21 20:37 -------- d-----w- c:\program files\Everything
    2010-04-22 18:17 . 2010-04-22 17:02 -------- d-----w- c:\programdata\Kaspersky Lab
    2010-04-22 17:47 . 2010-04-22 17:47 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
    2010-04-22 17:47 . 2010-04-22 17:47 19472 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
    2010-04-22 17:47 . 2010-04-22 17:47 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
    2010-04-22 17:47 . 2010-04-22 17:47 397328 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\oeas.dll
    2010-04-22 17:47 . 2010-04-22 17:47 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\mzvkbd3.dll
    2010-04-22 17:47 . 2010-04-22 17:47 17936 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\kloehk.dll
    2010-04-22 17:47 . 2010-04-22 17:47 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\fssync.dll
    2010-04-22 17:47 . 2010-04-22 17:47 311312 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.736\sys\i386\6.0\klif.sys
    2010-04-22 17:15 . 2010-04-22 17:02 -------- d-----w- c:\program files\Kaspersky Lab
    2010-04-22 17:02 . 2010-04-22 17:02 108059 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-04-22 17:02 . 2010-04-22 17:02 95259 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-04-22 07:40 . 2009-07-14 08:10 609650 ----a-w- c:\windows\system32\perfh01F.dat
    2010-04-22 07:40 . 2009-07-14 08:10 118138 ----a-w- c:\windows\system32\perfc01F.dat
    2010-04-21 19:16 . 2010-04-21 19:16 -------- d-sh--we c:\programdata\Sık Kullanılanlar
    2010-04-21 19:16 . 2010-04-21 19:16 -------- d-sh--we c:\programdata\Belgeler
    2010-03-08 21:33 . 2010-04-21 20:37 427520 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-02 07:45 . 2010-04-21 20:37 2048 ----a-w- c:\windows\system32\tzres.dll
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-07-10 14:28 1174920 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-07-10 1174920]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2009-10-17 5724184]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
    "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-05-16 153136]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2006-12-19 868352]
    "Everything"="c:\program files\Everything\Everything.exe" [2009-03-13 602624]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2009-06-01 1501064]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2009-06-01 1468296]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-05-02 15872]
    "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
    "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" [2009-10-20 340456]

    c:\users\Fatih\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    FastStone Capture.lnk - c:\program files\FastStone Capture\FSCapture.exe [2008-10-15 1010688]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll c:\progra~1\KASPER~1\KASPER~1\kloehk.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2010-04-22 06:11 133104 ----atw- c:\users\Fatih\AppData\Local\Google\Update\GoogleUpdate.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    S0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
    S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2009-09-14 21520]
    S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-10-02 19472]
    S3 RTL8167;Realtek 8167 NT Sürücüsü;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2120841533-3629461184-3109211551-1000Core.job
    - c:\users\Fatih\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 06:11]

    2010-04-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2120841533-3629461184-3109211551-1000UA.job
    - c:\users\Fatih\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-22 06:11]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.ask.com?o=15187&l=dis
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    TCP: {AFFABD7E-BF78-45B8-856D-A64D19C01E02} = 208.67.222.222,208.67.220.220
    FF - ProfilePath - c:\users\Fatih\AppData\Roaming\Mozilla\Firefox\Profiles\ok8s4xox.default\
    FF - prefs.js: browser.search.selectedEngine - Ask.com
    FF - prefs.js: keyword.URL - hxxp://supertoolbar.ask.com/redirect?client=ff&src=kw&tb=PTV&o=15184&locale=en_US&q=
    FF - component: c:\program files\Mozilla Firefox\extensions\[email protected]\components\KavLinkFilter.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\Fatih\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2010-04-22 22:36:05
    ComboFix-quarantined-files.txt 2010-04-22 19:36

    Pre-Run: 30.126.960.640 bayt boş
    Post-Run: 31.416.066.048 bayt boş

    - - End Of File - - 4E0A91A1AFA04966FFCC593817FA2A9B
    |
    |
    _____________________________





  • Er
    5 Mesaj
    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 09:43:03, on 23.04.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\AKINSOFT\CafePlusFilter1\cafeplusfilter.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\AKINSOFT\CafePlusFilter1\cafeplusfilterinject.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\DVR\Encode.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\AKINSOFT\CafePlus9\Server\CafePlus.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\EXA\EXARadyo\EXARadyo.exe
    C:\Program Files\Java\jre6\bin\javaw.exe
    C:\Documents and Settings\Administrator\Belgelerim\Downloads\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = •·.·´¯`·.·•BLACK DARK EDİTİON LİTE 2010•·.·´¯`·.·• BY YeNiÇeri
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AKINSOFT CafeFilter] C:\AKINSOFT\CafePlusFilter1\cafeplusfilter.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [görevyöneticisi] F:\Program\Araçlar\Programlar\EnableTM.reg
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O4 - Startup: DVR.lnk = C:\DVR\DVR.exe
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: CafePlusFilterServiceMain - Unknown owner - C:\AKINSOFT\CafePlusFilter1\cafeplusfilterinject.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 6059 bytes
    |
    |
    _____________________________
    Parmak bassam olurmu




  • Er
    4 Mesaj
    attrib.exe hatası,
    uygulama düzgün olarak başlayamadı (0x0000142) ... hatası görünüyor.

    tamam deyince bir sorun yok. çalışmaya devam ediyorum.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:23:10, on 25.04.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe
    C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\talha\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Orbitdownloader\orbitdm.exe
    C:\Program Files\Orbitdownloader\orbitnet.exe
    C:\WINDOWS\system32\msfeedssync.exe
    C:\Downloads\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SamsungSM PanelMgr] C:\WINDOWS\SamsungSM\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\talha\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [antisansur] C:\PROGRA~1\ANTISA~1\ANTISA~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://reporteokul.meb.gov.tr/crystalreportviewers115/ActiveXControls/activexviewer.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O20 - Winlogon Notify: winveg32 - winveg32.dll (file missing)
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 8005 bytes
    |
    |
    _____________________________




  • Binbaşı
    1737 Mesaj
    Hocam içimden bir ses çok sorun olduğunu söylüyor, CCleaner açılmıyor. Herhangi bir Anti-Virüs programını sisteme kuramıyorum.
    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 23:08:11, on 26.04.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Microsoft\Search Enhancement

    Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid

    Engine\SuperHybridEngine.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =http://tr.msn.com/
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Page_URL =

    http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet

    Explorer\Main,Default_Search_URL =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

    http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

    http://go.microsoft.com/fwlink/?LinkId=69157
    O2 - BHO: Skype add-on (mastermind) -

    {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program

    Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet

    Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program

    Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper -

    {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program

    Files\Microsoft\Search Enhancement Pack\Search

    Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper -

    {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program

    Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı -

    {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

    Files\Common Files\Microsoft Shared\Windows

    Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper -

    {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

    Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper -

    {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program

    Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) -

    {965B54B0-71E0-4611-8DE7-F73FA0B20E26} - (no file)
    O3 - Toolbar: &Windows Live Toolbar -

    {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program

    Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds]

    C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program

    Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program

    Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program

    Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common

    Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Babylon Client] C:\Program

    Files\Babylon\Babylon-Pro\Babylon.exe -AutoStart
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft

    Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program

    Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE]

    C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE]

    C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk =

    C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: &Bluetooth Aygıtına Gönder... -

    C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Bluetooth'a Gönder - C:\Program

    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Microsoft Excel'e &Ver -

    res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder -

    res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Translate with &Babylon -

    res://C:\Program

    Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm
    O9 - Extra button: Bunu Bloga Al -

    {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

    Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web

    Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} -

    C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: OneNote'a Gönder -

    {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder -

    {2670000A-7350-4f3c-8081-5663EE0C6C49} -

    C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Skype -

    {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program

    Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research -

    {92780B25-18CC-41C8-B9BE-3C9C571A8263} -

    C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 -

    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 -

    {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program

    Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: (no name) -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

    {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

    Diagnostic\xpnetdiag.exe
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave

    Flash Object) -

    http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash

    .cab
    O17 -

    HKLM\System\CCS\Services\Tcpip\..\{2D45BEB1-E540-4604-AF44-1DA

    BA1128920}: NameServer = 4.2.2.4,4.2.2.3
    O18 - Protocol: grooveLocalGWS -

    {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program

    Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com -

    {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

    C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. -

    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common

    Files\InterVideo\RegMgr\iviRegMgr.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

    Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp

    Software - C:\Program Files\TuneUp Utilities

    2010\TuneUpDefragService.exe
    O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp

    Software - C:\Program Files\TuneUp Utilities

    2010\TuneUpUtilitiesService32.exe

    --
    End of file - 8215 bytes
    |
    |
    _____________________________




  • Süresiz olarak uzaklaştırıldı.
    1 Not
    @beatricem

    Sisteminiz temiz gözüküyor.

    @KırıkKılıç

    Sisteminizde zararlılar bulunuyor.Bunun için sisteminizi MalwareBytes programı ile komple taratıp raporunuzu eklermisiniz.

    @Peerless

    Sisteminiz temiz gözüküyor.

    @89serkank

    O1 - Hosts: http://173.192.215.230/200kon/
    O4 - HKLM\..\Run: [mspaint] "F:\WINDOWS\system32\Paint.exe" -autocheck

    Satırlarını fix'leyip MalwareBytes programı ile sisteminizi komple taratıp logu eklermisiniz.

    @EkremSoftwarez

    Sisteminiz temiz gözükmekte.

    @loftylove

    O2 - BHO: (no name) - {140BD8E3-C167-11D4-B4A3-080000180323} - (no file)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
    O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

    Satırlarını fixlermisiniz.

    @linkin_park20

    Sisteminiz temiz gözükmektedir.

    @krm-iks

    Aşağıdaki programı indirdikten sonra sisteminize tüm harici bellek ve taşınabilir harddiskleri takıp programı çalıştırın.Otomatik temizleyecek ve onay verecektir.Böylece flash zararlısından kurtulmuş olucaksınız.

    İndir

    Birde sisteminizi MalwareBytes programı ile komple taratıp log eklerseniz sevinirim.

    @gazibozkurt

    MalwareBytes ile sisteminizi komple taratıp log eklermisiniz.

    @istidat

    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://reporteokul.meb.gov.tr/crystalreportviewers115/ActiveXControls/activexvie wer.cab

    Satırlarını fix'leyip sisteminizi MalwareBytes ile komple tarattıktan sonra log'unuzu eklermisiniz.

    @Hasikomen

    Sisteminizi komple MalwareBytes ile taratıp log'u buraya eklermisiniz.
    |
    |
    _____________________________




  • Binbaşı
    1737 Mesaj
    Hocam ben sorunu sistemi 0'dan kurarak çözdüm. Yardımların için teşekkürler.
    |
    |
    _____________________________
  • Yarbay
    13458 Mesaj
    Sistemde bir yavaşlama var. Ayrıca görev yöneticisine ulaşmakta zorlanıyorum çoğu zaman. Bunu raporlamadan önce bir şey keşfettim; Ctrl + Shift + Esc'den görev yöneticisini açar açmaz kayboluyordu. Kaybolmadan hemen önce karışık isimli bir exe gördüm. Görev yöneticisini açar açmaz Delete'ye basmak suretiyle bundan kurtuldum ve şimdi rahatça açılıyor. Eminim bir dahaki açılışta aynısı olacaktır. İsmi epeyce karışık bir şeydi. Bir zararlı olduğu açık, kurtulmak gerekiyor fakat henüz kurtulamadım. ComboFix'in log dosyasını da gönderiyorum. Ayrıca açtığım başlıkta da belirttiğim "gizli dosyaları gizleyememe" problemi de şimdi yok gibi. Sorun tamamen o lanet olasıca exe'de besbelli. Onu sonlandırınca düzeldi yavaşlama ve diğer problemler. Bariz biçimde CPU tükettiğini de gördüm.

    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 02:31:31, on 29.04.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
    C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Ahmet\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Users\Ahmet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ahmet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ahmet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ahmet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ahmet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Ahmet\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\Ahmet\Desktop\HiJackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
    O4 - HKLM\..\Run: [CSRBip] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe] C:\Users\Ahmet\AppData\Roaming\Microsoft\System\Services\Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe
    O4 - HKCU\..\Run: [Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe] C:\Users\Ahmet\AppData\Roaming\Microsoft\System\Services\Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{45E92DA5-6322-4AC8-B9A8-CF002B22E121}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    --
    End of file - 5976 bytes




    ComboFix 10-04-26.05 - Ahmet 28.04.2010   6:04.1.2 - x86 
    Microsoft Windows 7 Ultimate 6.1.7600.0.1254.90.1055.18.2047.1215 [GMT 3:00]
    Running from: c:\users\Ahmet\Downloads\Programlar\ComboFix.exe
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Ahmet\AppData\Roaming\chrtmp
    c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
    c:\windows\system32\sqlite3.dll
    D:\Windows.exe

    .
    ((((((((((((((((((((((((( Files Created from 2010-03-28 to 2010-04-28 )))))))))))))))))))))))))))))))
    .

    2010-04-28 04:08 . 2010-04-28 04:09 -------- d-----w- c:\users\Ahmet\AppData\Local\temp
    2010-04-28 04:08 . 2010-04-28 04:08 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-04-28 02:26 . 2010-04-28 02:26 -------- d-----w- c:\program files\Dracula
    2010-04-27 06:41 . 2010-04-27 06:41 20480 ----a-w- c:\users\Ahmet\AppData\Roaming\LimeWire\browser\xulrunner\components\autoconfig.dll
    2010-04-27 06:41 . 2010-04-27 06:41 18944 ----a-w- c:\users\Ahmet\AppData\Roaming\LimeWire\browser\xulrunner\components\appshell_modal.dll
    2010-04-27 06:41 . 2010-04-27 06:41 17408 ----a-w- c:\users\Ahmet\AppData\Roaming\LimeWire\browser\xulrunner\components\auth.dll
    2010-04-27 06:41 . 2010-04-27 06:41 8192 ----a-w- c:\users\Ahmet\AppData\Roaming\LimeWire\browser\xulrunner\AccessibleMarshal.dll
    2010-04-27 06:41 . 2010-04-27 06:41 20480 ----a-w- c:\users\Ahmet\AppData\Roaming\LimeWire\browser\xulrunner\IA2Marshal.dll
    2010-04-27 06:40 . 2010-04-28 02:18 -------- d-----w- c:\users\Ahmet\AppData\Roaming\LimeWire
    2010-04-27 06:39 . 2010-04-27 08:12 -------- d-----w- c:\program files\LimeWire
    2010-04-27 06:39 . 2010-04-27 06:39 110593 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\System\Services\Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe
    2010-04-27 06:39 . 2010-04-27 06:39 110593 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Templates\Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe
    2010-04-27 06:39 . 2010-04-27 06:39 0 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Templates\Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da3.exe
    2010-04-27 06:39 . 2010-04-27 06:39 22617872 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Templates\Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da1.exe
    2010-04-27 06:39 . 2010-04-27 06:39 110593 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\System\Services\Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe
    2010-04-27 06:39 . 2010-04-27 06:39 0 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Templates\Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr3.exe
    2010-04-27 06:39 . 2010-04-27 06:39 110593 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Templates\Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe
    2010-04-27 06:38 . 2010-04-27 06:38 22617872 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Templates\Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr1.exe
    2010-04-25 20:23 . 2007-10-23 06:27 110592 ----a-w- c:\users\Ahmet\AppData\Roaming\U3\temp\cleanup.exe
    2010-04-25 20:21 . 2006-09-17 22:57 19456 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\SUGS1pc.dll
    2010-04-25 20:20 . 2006-12-03 22:25 22723 ----a-w- c:\windows\system32\SUGS1l3.dll
    2010-04-25 20:20 . 2006-11-21 08:40 65536 ----a-w- c:\windows\system32\SUGS1ci.dll
    2010-04-25 20:20 . 2006-11-20 05:22 151552 ----a-w- c:\windows\system32\SUGS1ci.exe
    2010-04-25 20:20 . 2009-03-02 11:12 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
    2010-04-25 20:20 . 2009-03-02 11:12 38400 ------w- c:\windows\system32\drivers\DGIVECP.SYS
    2010-04-25 20:20 . 2010-04-25 20:20 -------- d-----w- c:\program files\SAMSUNG
    2010-04-25 20:20 . 2010-04-25 20:20 -------- d-----w- c:\temp\ML-1610
    2010-04-25 20:20 . 2010-04-25 20:20 -------- d-----w- C:\Temp
    2010-04-25 20:11 . 2007-10-23 06:22 3350528 ---ha-w- c:\users\Ahmet\AppData\Roaming\U3\temp\Launchpad Removal.exe
    2010-04-25 20:11 . 2010-04-25 20:23 -------- d-----w- c:\users\Ahmet\AppData\Roaming\U3
    2010-04-24 19:26 . 2010-04-24 19:26 -------- d-----w- c:\program files\Common Files\Java
    2010-04-24 19:25 . 2010-04-12 14:29 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-04-23 14:35 . 2010-04-23 14:35 3280 ------w- C:\bootsqm.dat
    2010-04-18 02:55 . 2010-04-19 22:19 -------- d-----w- C:\UT2004
    2010-04-17 21:31 . 2009-09-04 14:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-04-17 21:31 . 2009-09-04 14:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
    2010-04-17 21:31 . 2009-09-04 14:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2010-04-17 21:31 . 2009-09-04 14:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
    2010-04-17 21:31 . 2009-09-04 14:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-04-17 21:31 . 2009-09-04 14:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
    2010-04-17 21:31 . 2009-09-04 14:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2010-04-17 21:31 . 2009-09-04 14:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-04-17 21:31 . 2008-10-27 07:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
    2010-04-17 21:31 . 2008-10-27 07:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
    2010-04-17 21:31 . 2008-10-27 07:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
    2010-04-17 21:31 . 2008-10-27 07:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
    2010-04-17 21:30 . 2008-07-31 07:41 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
    2010-04-17 21:30 . 2008-07-31 07:40 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
    2010-04-17 21:30 . 2008-07-31 07:41 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
    2010-04-17 18:11 . 2010-04-17 18:11 -------- d-----w- c:\users\Ahmet\AppData\Roaming\NVIDIA
    2010-04-17 18:09 . 2010-01-28 14:25 68200 ----a-w- c:\windows\system32\drivers\nvhda32v.sys
    2010-04-17 18:09 . 2010-01-28 14:24 19456 ----a-w- c:\windows\system32\nvhdap32.dll
    2010-04-17 18:09 . 2010-01-28 14:24 57344 ----a-w- c:\windows\system32\nvapo32v.dll
    2010-04-17 17:45 . 2010-04-17 17:45 2853 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight Unlimited\Konfiguration von Flight ändern.pif
    2010-04-17 17:45 . 2010-04-17 17:45 -------- d-----w- C:\FLIGHT
    2010-04-16 21:49 . 2010-04-16 21:49 -------- d-----w- c:\program files\Auran
    2010-04-16 21:27 . 2009-02-24 15:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys
    2010-04-16 21:27 . 2010-04-16 21:28 -------- d-----w- c:\program files\MagicDisc
    2010-04-14 04:22 . 2010-02-27 07:32 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
    2010-04-14 04:22 . 2010-02-27 07:32 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
    2010-04-14 04:22 . 2010-02-27 07:32 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-04-14 04:22 . 2010-02-27 12:07 3899280 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-04-14 04:22 . 2010-02-27 12:07 3954568 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2010-04-14 04:22 . 2010-03-08 21:33 427520 ----a-w- c:\windows\system32\vbscript.dll
    2010-04-14 04:22 . 2009-12-29 06:55 172032 ----a-w- c:\windows\system32\wintrust.dll
    2010-04-14 04:21 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
    2010-04-11 19:30 . 2010-04-11 19:30 2157 ----a-w- c:\users\Ahmet\AppData\Roaming\.purple\certificates\x509\tls_peers\omega.contacts.msn.com
    2010-04-11 19:30 . 2010-04-11 19:30 2095 ----a-w- c:\users\Ahmet\AppData\Roaming\.purple\certificates\x509\tls_peers\login.live.com
    2010-04-11 15:42 . 2010-04-11 15:42 -------- d-----w- c:\users\Ahmet\AppData\Roaming\gtk-2.0
    2010-04-08 22:03 . 2010-04-08 22:03 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Download Manager
    2010-04-02 19:05 . 2010-04-02 19:05 -------- d-----w- c:\users\Ahmet\AppData\Roaming\skypePM
    2010-04-02 19:03 . 2010-04-02 20:00 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Skype
    2010-04-02 19:02 . 2010-04-02 19:02 -------- d-----w- c:\program files\Common Files\Skype
    2010-04-02 19:02 . 2010-04-02 19:03 -------- d-----r- c:\program files\Skype
    2010-04-02 19:02 . 2010-04-02 19:02 -------- d-----w- c:\programdata\Skype
    2010-04-01 13:14 . 2010-04-01 13:14 -------- d-----w- c:\program files\KONAMI
    2010-04-01 13:13 . 2010-04-01 13:14 -------- d-----w- c:\programdata\KONAMI
    2010-04-01 11:47 . 2010-04-01 11:47 -------- d-----w- c:\users\Ahmet\AppData\Roaming\HD Tune Pro
    2010-04-01 11:47 . 2010-04-01 11:47 -------- d-----w- c:\program files\HD Tune Pro
    2010-03-31 09:33 . 2010-02-23 07:56 977920 ----a-w- c:\windows\system32\wininet.dll
    2010-03-31 06:45 . 2010-04-13 19:50 -------- d-----w- c:\users\Ahmet\AppData\Local\Google
    2010-03-30 04:16 . 2010-03-30 04:16 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Thinking Minds Budiling Bytes
    2010-03-29 12:25 . 2010-04-24 19:25 -------- d-----w- c:\program files\Java

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-04-28 02:17 . 2010-03-20 11:11 45056 ----a-w- c:\windows\system32\acovcnt.exe
    2010-04-27 21:02 . 2009-07-14 08:10 609888 ----a-w- c:\windows\system32\perfh01F.dat
    2010-04-27 21:02 . 2009-07-14 08:10 118344 ----a-w- c:\windows\system32\perfc01F.dat
    2010-04-24 02:47 . 2010-03-24 23:34 -------- d-----w- c:\users\Ahmet\AppData\Roaming\uTorrent
    2010-04-19 22:20 . 2010-03-23 22:03 -------- d-----w- c:\program files\Gabest
    2010-04-17 18:13 . 2010-03-20 04:23 -------- d-----w- c:\programdata\NVIDIA
    2010-04-17 17:45 . 2010-04-17 17:45 2853 ----a-w- c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flight Unlimited\Konfiguration von Flight ändern.pif
    2010-04-16 12:55 . 2010-03-20 04:57 109216 ----a-w- c:\users\Ahmet\AppData\Local\GDIPFONTCACHEV1.DAT
    2010-04-16 02:25 . 2009-07-14 04:52 -------- d-----w- c:\program files\Microsoft Games
    2010-04-11 19:41 . 2010-03-20 14:40 -------- d-----w- c:\users\Ahmet\AppData\Roaming\.purple
    2010-04-09 17:45 . 2010-03-20 05:11 -------- d-----w- c:\program files\ASUS
    2010-04-02 19:05 . 2010-04-02 19:05 56 ---ha-w- c:\programdata\ezsidmv.dat
    2010-03-30 05:08 . 2010-03-24 02:05 -------- d-----w- c:\program files\SetFSBTray
    2010-03-30 05:07 . 2010-03-20 05:10 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-03-27 00:56 . 2010-03-27 00:36 -------- d-----w- c:\programdata\Symantec
    2010-03-27 00:38 . 2010-03-27 00:36 -------- d-----w- c:\programdata\Norton
    2010-03-27 00:36 . 2010-03-27 00:36 -------- d-----w- c:\programdata\NortonInstaller
    2010-03-26 06:23 . 2010-03-26 03:26 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Ubisoft
    2010-03-26 06:22 . 2010-03-26 06:22 -------- d-----w- c:\programdata\Solidshield
    2010-03-26 02:51 . 2010-03-26 02:45 -------- d-----w- c:\programdata\Tages
    2010-03-26 02:23 . 2010-03-26 02:23 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
    2010-03-26 02:23 . 2010-03-26 02:23 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
    2010-03-26 02:15 . 2010-03-26 02:15 -------- d-----w- c:\program files\Ubisoft
    2010-03-26 00:25 . 2010-03-26 00:25 -------- d-----w- c:\program files\CSR
    2010-03-24 23:35 . 2010-03-24 23:35 -------- d-----w- c:\program files\uTorrent
    2010-03-24 22:56 . 2010-03-24 22:56 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Foxit
    2010-03-24 22:56 . 2010-03-24 22:56 -------- d-----w- c:\program files\Foxit Software
    2010-03-24 22:21 . 2010-03-24 22:21 854 ----a-w- c:\windows\unins000.dat
    2010-03-24 22:21 . 2010-03-24 22:21 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Flatcast
    2010-03-24 22:21 . 2010-03-24 22:21 695578 ----a-w- c:\windows\unins000.exe
    2010-03-24 08:14 . 2010-03-20 06:18 -------- d-----w- c:\programdata\ASUS
    2010-03-24 07:41 . 2010-03-20 06:44 -------- d-----w- c:\program files\Downloaded Installations
    2010-03-24 04:19 . 2010-03-24 01:02 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Hoyle FaceCreator
    2010-03-24 04:14 . 2010-03-24 01:02 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Hoyle Puzzle and Board Games
    2010-03-24 01:01 . 2010-03-24 01:01 -------- d-----w- c:\program files\Common Files\Datalode
    2010-03-24 00:59 . 2010-03-24 00:59 -------- d-----w- c:\program files\Encore
    2010-03-23 23:39 . 2010-03-23 23:38 -------- d-----w- c:\program files\The KMPlayer
    2010-03-23 23:30 . 2010-03-23 23:30 -------- d-----w- c:\users\Ahmet\AppData\Roaming\InstallShield
    2010-03-23 23:24 . 2010-03-23 21:25 53319 ----a-w- c:\programdata\Temp\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\PostBuild.exe
    2010-03-23 23:20 . 2010-03-23 23:20 -------- d-----w- c:\program files\Haali
    2010-03-23 23:20 . 2010-03-23 23:20 -------- d-----w- c:\program files\CoreCodec
    2010-03-23 22:02 . 2010-03-23 22:01 -------- d-----w- c:\users\Ahmet\AppData\Roaming\GetRightToGo
    2010-03-23 21:43 . 2010-03-23 19:16 -------- d-----w- c:\program files\VideoLAN
    2010-03-23 21:32 . 2010-03-23 21:29 -------- d-----w- c:\users\Ahmet\AppData\Roaming\CyberLink
    2010-03-23 21:31 . 2010-03-23 21:29 -------- d-----w- c:\programdata\CyberLink
    2010-03-23 21:29 . 2010-03-23 21:29 -------- d-----w- c:\program files\Common Files\CyberLink
    2010-03-23 21:25 . 2010-03-23 21:26 29480 ----a-w- c:\windows\system32\msxml3a.dll
    2010-03-23 20:48 . 2010-03-23 20:48 -------- d-----w- c:\program files\TopWare
    2010-03-23 20:13 . 2010-03-23 20:12 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Media Player Classic
    2010-03-23 19:18 . 2010-03-23 19:18 -------- d-----w- c:\users\Ahmet\AppData\Roaming\dvdcss
    2010-03-23 14:58 . 2010-03-22 11:18 717296 ----a-w- c:\windows\system32\drivers\sptd.sys
    2010-03-22 17:20 . 2010-03-22 09:10 -------- d-----w- c:\programdata\Microsoft Help
    2010-03-22 17:11 . 2009-07-14 04:52 -------- d-----w- c:\program files\MSBuild
    2010-03-22 17:10 . 2010-03-22 17:10 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2008
    2010-03-22 17:10 . 2010-03-22 17:10 -------- d-----w- c:\program files\Microsoft Visual Studio .NET 2005
    2010-03-22 17:10 . 2010-03-22 17:10 -------- d-----w- c:\program files\Microsoft Synchronization Services
    2010-03-22 17:08 . 2010-03-22 17:08 -------- d-----w- c:\program files\Microsoft.NET
    2010-03-22 17:08 . 2010-03-22 17:08 -------- d-----w- c:\program files\Microsoft Sync Framework
    2010-03-22 17:08 . 2010-03-22 17:08 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2010-03-22 17:04 . 2010-03-22 17:04 -------- d-----w- c:\program files\Microsoft Visual Studio 8
    2010-03-22 17:02 . 2010-03-22 17:02 -------- d-----w- c:\program files\Microsoft Analysis Services
    2010-03-22 13:46 . 2010-03-22 13:46 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Activision
    2010-03-22 12:20 . 2010-03-20 05:29 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-03-22 11:17 . 2010-03-22 11:17 -------- d-----w- c:\users\Ahmet\AppData\Roaming\DAEMON Tools Lite
    2010-03-22 07:45 . 2010-03-22 07:44 -------- d-----w- c:\users\Ahmet\AppData\Roaming\ChessBase
    2010-03-22 07:25 . 2010-03-22 07:24 128 ---ha-w- c:\users\Ahmet\microsoft.dat
    2010-03-21 01:03 . 2010-03-20 12:25 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-03-21 00:59 . 2010-03-21 00:59 -------- d-----w- c:\program files\Alwil Software
    2010-03-20 14:39 . 2010-03-20 14:39 -------- d-----w- c:\program files\Pidgin
    2010-03-20 14:39 . 2010-03-20 14:39 -------- d-----w- c:\program files\Common Files\GTK
    2010-03-20 12:52 . 2010-03-20 12:50 -------- d-----w- c:\program files\Windows Live Safety Center
    2010-03-20 12:25 . 2010-03-20 12:25 -------- d-----w- c:\program files\Microsoft
    2010-03-20 12:25 . 2010-03-20 12:24 -------- d-----w- c:\program files\Windows Live
    2010-03-20 12:25 . 2010-03-20 12:25 -------- d-----w- c:\program files\Windows Live SkyDrive
    2010-03-20 12:21 . 2010-03-20 12:21 -------- d-----w- c:\program files\Common Files\Windows Live
    2010-03-20 11:29 . 2010-03-20 05:46 -------- d-----w- c:\users\Ahmet\AppData\Roaming\Protector Suite
    2010-03-20 11:21 . 2010-03-20 11:21 -------- d-----w- c:\program files\P4G
    2010-03-20 11:21 . 2010-03-20 11:21 -------- d-----w- c:\programdata\P4G
    2010-03-20 09:04 . 2010-03-20 09:04 -------- d-----w- c:\program files\UPEK
    2010-03-20 09:03 . 2010-03-20 05:34 -------- d-----w- c:\programdata\UIB
    2010-03-20 06:40 . 2010-03-20 06:40 -------- d-----w- c:\program files\TrueSuite
    2010-03-20 06:39 . 2010-03-20 06:39 -------- d-----w- c:\programdata\Downloaded Installations
    2010-03-20 06:26 . 2010-03-20 06:26 0 ----a-w- c:\windows\system32\drivers\1043_ASUSTeK_N10Jc.alu
    2010-03-20 06:14 . 2010-03-20 06:14 -------- d-----w- c:\program files\Wireless Console 2
    2010-03-20 05:57 . 2010-03-20 05:57 -------- d-----w- c:\program files\Common Files\SPBA
    2010-03-20 05:57 . 2010-03-20 05:35 -------- d-----w- c:\program files\Protector Suite QL
    2010-03-20 05:43 . 2010-03-20 05:42 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-03-20 05:42 . 2010-03-20 05:42 -------- d-----w- c:\program files\AGEIA Technologies
    2010-03-20 05:42 . 2010-03-20 05:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2010-03-20 05:39 . 2010-03-20 05:38 -------- d-----w- c:\program files\Atheros
    2010-03-20 05:38 . 2010-03-20 05:38 -------- d-----w- c:\program files\Cisco
    2010-03-20 05:37 . 2010-03-20 05:37 -------- d-----w- c:\programdata\Atheros
    2010-03-20 05:37 . 2010-03-20 05:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2010-03-20 05:37 . 2010-03-20 05:37 -------- d-----w- c:\program files\Synaptics
    2010-03-20 05:35 . 2010-03-20 05:35 -------- d-----w- c:\program files\RSA
    2010-03-20 05:31 . 2010-03-20 05:31 -------- d-----w- c:\program files\Multimedia Card Reader
    2010-03-20 05:29 . 2010-03-20 05:29 319456 ----a-w- c:\windows\DIFxAPI.dll
    2010-03-20 05:29 . 2010-03-20 05:29 -------- d-----w- c:\program files\Realtek
    2010-03-20 05:29 . 2010-03-20 05:29 315392 ----a-w- c:\windows\HideWin.exe
    2010-03-20 05:08 . 2010-03-20 05:08 -------- d-----w- c:\program files\Intel
    2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
    2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
    @="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
    [HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
    2008-07-04 00:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
    @="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
    [HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
    2008-07-04 00:14 4232968 ----a-w- c:\program files\Protector Suite QL\farchns.dll

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-04-13 136176]
    "Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe"="c:\users\Ahmet\AppData\Roaming\Microsoft\System\Services\Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe" [2010-04-27 110593]
    "Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe"="c:\users\Ahmet\AppData\Roaming\Microsoft\System\Services\Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe" [2010-04-27 110593]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HControlUser"="c:\program files\ASUS\ATK Hotkey\HControlUser.exe" [2008-01-11 98304]
    "RtHDVCpl"="RtHDVCpl.exe" [2008-06-19 6244896]
    "Skytel"="Skytel.exe" [2007-11-20 1826816]
    "PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-07-03 49928]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "ASUS Live Update"="c:\program files\ASUS\ASUS Live Update\ALU.exe" [2007-11-30 51768]
    "avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2009-08-17 85888]
    "CSRSkype"="c:\program files\CSR\Vista Feature Pack 2.0\CSRSkype.exe" [2007-09-10 339968]
    "CSRBip"="c:\program files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe" [2007-09-12 305152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

    c:\users\Ahmet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-12-16 503808]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "DisableCAD"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
    2008-07-04 00:02 96008 ----a-w- c:\windows\System32\psqlpwd.dll

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli psqlpwd

    R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-23 717296]
    R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 6656]
    R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2009-08-21 30510960]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2009-08-21 4639136]
    S1 aswSP;avast! Self Protection; [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys [2009-11-24 20560]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\DRIVERS\aswMonFlt.sys [2009-11-24 53328]
    S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-03-02 5120]
    S3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [2009-08-13 22528]
    S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2010-01-28 68200]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-03-04 277536]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]

    .
    Contents of the 'Scheduled Tasks' folder

    2010-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3077163238-1661092670-3827779715-1001Core.job
    - c:\users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-13 19:49]

    2010-04-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3077163238-1661092670-3827779715-1001UA.job
    - c:\users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe [2010-04-13 19:49]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
    TCP: {45E92DA5-6322-4AC8-B9A8-CF002B22E121} = 208.67.222.222,208.67.220.220
    TCP: 14942545945435F52545D2230353 = 208.67.222.222,208.67.220.220
    TCP: 861646279616E65737 = 208.67.222.222,208.67.220.220
    TCP: F4A5B41495D414B402432302447402030363 = 208.67.222.222,208.67.220.220
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    FF - ProfilePath - c:\users\Ahmet\AppData\Roaming\Mozilla\Firefox\Profiles\7dqdd499.default\
    FF - prefs.js: browser.startup.homepage -
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL
    FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL
    FF - plugin: c:\progra~1\MOZILL~1\plugins\npdeployJava1.dll
    FF - plugin: c:\progra~1\MOZILL~1\plugins\npnul32.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv522.dll
    FF - plugin: c:\users\Ahmet\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll
    FF - plugin: c:\users\Ahmet\AppData\Local\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\users\Ahmet\AppData\Roaming\Flatcast\NpFv522.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
    .
    - - - - ORPHANS REMOVED - - - -

    HKCU-Run-CubeDesktop - (no file)
    MSConfigStartUp-Canaveral - c:\windows\system32\sshnas21.dll
    MSConfigStartUp-YVIBBBHA8C - c:\users\Ahmet\AppData\Local\Temp\Bqh.exe


    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3077163238-1661092670-3827779715-1001\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{2AB66A01-FB2A-B26B-A1A8-BCCF0D9ABFAD}*]
    "jabppnmjoemlkkpkciai"=hex:66,61,67,6d,6b,70,67,6d,61,61,68,6c,00,00
    "pajgcidpljkoambpefppdbocplagmbip"=hex:65,61,67,6d,6a,70,62,6d,64,64,00,6c
    "habppnmjoemlkkpk"=hex:6e,62,67,6d,65,70,64,64,6d,70,69,6d,6a,68,6d,62,67,63,
    6e,6f,6d,6a,6e,6b,6c,6b,6d,6e,67,63,6e,67,6f,6b,66,6b,6f,66,6a,62,67,6c,67,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'lsass.exe'(532)
    c:\windows\system32\psqlpwd.DLL
    c:\program files\Protector Suite QL\homefus2.dll
    c:\program files\Protector Suite QL\infql2.dll
    .
    Completion time: 2010-04-28 07:19:16
    ComboFix-quarantined-files.txt 2010-04-28 04:19

    Pre-Run: 177.414.766.592 bayt boş
    Post-Run: 177.569.087.488 bayt boş

    - - End Of File - - E158779998CFC7DA725EFB1DFA2A1E1E
    |
    |
    _____________________________




  • Er
    2 Mesaj
    çok acil!!!
    fixlenecek dosyaları belirtirseniz çok sevinirim. şimdiden çok teşekkürler.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:09:59, on 29.04.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\WINDOWS\system32\ACEngSvr.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Program Files\AVG\AVG9\avgscanx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Documents and Settings\asus\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (file missing)
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
    O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\16 free.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [lite bore] C:\DOCUME~1\asus\APPLIC~1\DATEMA~1\Pile Amok.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [antisansur] C:\PROGRA~1\ANTISA~1\ANTISA~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.radyodinle.com/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3467EC-4C9B-4FE7-9A9F-D6A6619C29F9}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{71346888-273D-4DE9-9ED4-0ACCB85E2D67}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D899C70A-F0C5-43A0-A913-9676E555E122}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 14522 bytes
    |
    |
    _____________________________




  • Teğmen
    158 Mesaj
    Selam. Bilgisayarımda zaman zaman Rundll hatası ile karşılaşmaya başladım.Bununla birlikte internet explorer olur olmadık yerde hata verip kendi kendini kapatmaya başladı. İşletim sistemim Vista Home Premium. Yardımcı olabilirseniz sevinirim. Şimdiden teşekkürler...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:19:58, on 29.04.2010
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18904)
    Boot mode: Normal

    Running processes:
    c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program files\P4G\BatteryLife.exe
    C:\Program Files\ASUS\SmartLogon\sensorsrv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\ASUS\ATK Media\DMedia.exe
    C:\Windows\AsScrPro.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\VM303_STI.EXE
    C:\Windows\VMSnap3.EXE
    C:\Windows\Domino.EXE
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10d.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\ASUS\Downloads\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
    O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
    O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
    O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
    O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exe
    O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (VC0303)
    O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.EXE
    O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.EXE
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{525BB9A8-FE1C-433A-9413-9797830C6D9E}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D14200F3-518E-4131-AA45-386177446798}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
    O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
    O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
    O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
    O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: spmgr - Unknown owner - C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe

    --
    End of file - 11428 bytes



    < Bu mesaj bu kişi tarafından değiştirildi hakklo -- 29 Nisan 2010; 13:44:39 >
    |
    |
    _____________________________




  • Er
    2 Mesaj
    merhabalar. bilgisayarım açılırken "attribe.exe-Uygulama hatası uygulama düzgün olarak başlayamadı (0xc0000142).sonlandırmak içn tamam a basıné hatası veriyor. tamam a bastığımda kapanmıyor. nette hatayı araştırdım buraya yazmam gerektiği kanısına vardım acil yardım ederseniz sevinirim.


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 13:49:58, on 29.04.2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.17023)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATK0100\HControl.exe
    C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    C:\Program Files\Wireless Console 2\wcourier.exe
    C:\Program Files\ASUS\Splendid\ACMON.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\system32\ACEngSvr.exe
    C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\ATK0100\ATKOSD.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\PROGRA~1\AVG\AVG9\avgtray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\WINDOWS\system32\attrib.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
    C:\Program Files\Java\jre6\bin\jucheck.exe
    C:\Documents and Settings\asus\Desktop\HiJackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe
    O4 - HKLM\..\Run: [SMSERIAL] C:\WINDOWS\sm56hlpr.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
    O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe
    O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\16 free.exe
    O4 - HKLM\..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [lite bore] C:\DOCUME~1\asus\APPLIC~1\DATEMA~1\Pile Amok.exe
    O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [antisansur] C:\PROGRA~1\ANTISA~1\ANTISA~1.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Save YouTube Video as MP3 - res://C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
    O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stage6/windows/AutoDLDivXWebPlayerInstaller.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) - http://www.flatcast.com/obj/NpFv415.dll
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F554} (Flatcast Viewer 4.16) - http://data.flatcast.com/data/objects/NpFv41629.dll
    O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - http://data.myflatcast.com/data/objects/NpFv501.dll
    O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
    O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.radyodinle.com/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6B3467EC-4C9B-4FE7-9A9F-D6A6619C29F9}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{71346888-273D-4DE9-9ED4-0ACCB85E2D67}: NameServer = 208.67.222.222,208.67.220.220
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D899C70A-F0C5-43A0-A913-9676E555E122}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe

    --
    End of file - 11880 bytes
    |
    |
    _____________________________




  • Yüzbaşı
    360 Mesaj
    Bilgisayarım Program: C:\Windows\system32\DllHost.exe hatası veriyor
    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 02:22:18, on 01.05.2010
    Platform: Unknown Windows (WinNT 6.01.3004)
    MSIE: Internet Explorer v8.00 (8.00.7100.0000)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
    C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Users\gaskiney\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\gaskiney\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\gaskiney\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: DigitalPersona Personal Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - C:\Program Files\DigitalPersona\Bin\DpOtsPluginIe8.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [PLFSet] rundll32.exe C:\Windows\PLFSet.dll,PLFDefSetting
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [WirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
    O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
    O4 - HKLM\..\Run: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Google Update] "C:\Users\gaskiney\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O13 - Gopher Prefix:
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) -http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) -https://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv27.CAB
    O17 - HKLM\System\CCS\Services\Tcpip\..\{EA8A19A1-D5DA-45B9-9ED8-F0093BEA0EEB}: NameServer = 8.8.8.8,8.8.4.4
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: @C:\Program Files\DigitalPersona\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 7796 bytes
    
                                                
    |
    |
    _____________________________




  • Süresiz olarak uzaklaştırıldı.
    1 Not
    @jay jay justified

    C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
    C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
    O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
    O4 - HKLM\..\Run: [CSRBip] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
    O4 - HKCU\..\Run: [Aw3z1PNj0n2RZy89CmWb54XdEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe] C:\Users\Ahmet\AppData\Roaming\Microsoft\System\Services\Aw3z1PNj0n2RZy89CmWb54X dEa7g6HYq20SiJo9c1T7Bpf8QFk63MtLe45Gxs0D9Kr2.exe
    O4 - HKCU\..\Run: [Tb1r9P0Ycq5XFo3w4Q2Ekm7MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.ex e] C:\Users\Ahmet\AppData\Roaming\Microsoft\System\Services\Tb1r9P0Ycq5XFo3w4Q2Ekm7 MDg8s6ANt21Gey3W8SaRd60CzZn9f7HBx5p4J9Kij5L8SkWy40Da2.exe

    Satırlarını fix'leyip MalwareBytes ile sisteminizi komple taratırmısınız.

    @hakklo

    Sisteminiz temiz gözükmekte.Fakat yinede MalwareBytes ile sisteminizi komple taratırmısınız.

    @kankatresi

    C:\WINDOWS\system32\attrib.exe

    Tüm attrib.exe'leri fix'leyiniz.

    O4 - HKLM\..\Run: [Comp about extra bin] C:\Documents and Settings\All Users\Application Data\Roam Program Comp About\16 free.exe
    O4 - HKCU\..\Run: [lite bore] C:\DOCUME~1\asus\APPLIC~1\DATEMA~1\Pile Amok.exe

    Satırlarınıda fixleyiniz.

    @innhibitor

    Sisteminiz temiz gözükmekte.Avira Premium ürününü kullanırsanız memnun kalırsınız.

    @gaskiney

    İlk mesajdaki gibi logunuzu eklermisiniz.
    |
    |
    _____________________________




  • Yarbay
    13458 Mesaj
    Hocam dikkatinizi çektiyse uzun isimli 2 adet exe vardı. Onları CCleaner ile temizledikten sonra tüm sorunum çözüldü ve ayrıca dediğiniz satırları bulup fixlemeye çalıştım. Şimdi bilgisayar çok rahat ve temiz. Son haliyle log dosyası:

    quote:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 12:28:32, on 01.05.2010
    Platform: Unknown Windows (WinNT 6.01.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16385)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\rundll32.exe
    C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Protector Suite QL\psqltray.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\Ahmet\AppData\Local\Google\Update\1.2.183.23\GoogleCrashHandler.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Users\Ahmet\Downloads\Programlar\Güvenlik\HiJackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Skype\Toolbars\Shared\SkypeNames.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O4 - HKLM\..\Run: [HControlUser] C:\Program Files\ASUS\ATK Hotkey\HControlUser.exe
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] Skytel.exe
    O4 - HKLM\..\Run: [PSQLLauncher] "C:\Program Files\Protector Suite QL\launcher.exe" /startup
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
    O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [CSRSkype] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRSkype.exe
    O4 - HKLM\..\Run: [CSRBip] C:\Program Files\CSR\Vista Feature Pack 2.0\CSRBipPushResponder.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exe
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ahmet\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~4\Office14\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{45E92DA5-6322-4AC8-B9A8-CF002B22E121}: NameServer = 208.67.222.222,208.67.220.220
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ASUS\ATK Hotkey\ASLDRSrv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Firewall - ALWIL Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

    --
    End of file - 5358 bytes
    |
    |
    _____________________________




  • Süresiz olarak uzaklaştırıldı.
    1 Not
    @jay jay justified

    Sisteminiz şuanda temiz.İyi günlerde kullanın
    |
    |
    _____________________________
  • Yarbay
    13458 Mesaj
    Çok teşekkür ederim Eraybar
    |
    |
    _____________________________
HızlıCevap
Reklamlar
Mobilya Takımları
SEO
son dakika
üniversite
Bey Azura
Bu sayfanın
Mobil sürümü
Mini Sürümü

DHBR1
6,219
1.2.165

Reklamlar
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.