DonanımHaber'de AraYENİ GELİŞMİŞ ARAMA
ForumBu Bölümde Ara
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
9.877
Cevap
20
Favori
1.191.758
Tıklama
Tüm Forumlar >> İşletim Sistemleri ve Yazılımlar >> Yazılım Genel >> Güvenlik Programları >> HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Sayfaya Git:
Sayfa: <<< önceki 146 147 148 149 150 151 152 153 154 155 sonraki >>>
Giriş
Mesaj
    • Yarbay
      2224 Mesaj
      14 Kasım 2009 15:12:00
      Merhabalar, dediğiniz gibi hijackthisle gerekli satırları fixledim ve combofixle söylediğiniz işlemleri gerçekleştirdim aşağıda combofix logunu gönderiyorum, bu arada gizli dosyaları göstermeme sorunum ortadan kalktı.

      quote:


      ComboFix 09-11-14.03 - Ali Burak 14.11.2009 17:03..2 - FAT32x86
      Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.1015.626 [GMT 2:00]
      Running from: c:\documents and settings\Ali Burak\Belgelerim\ComboFix.exe
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\6ruaqx.exe
      C:\9b9w3.exe
      C:\autorun.inf
      c:\docume~1\ALIBUR~1\LOCALS~1\Temp\cvasds0.dll
      c:\docume~1\ALIBUR~1\LOCALS~1\Temp\cvasds1.dll
      C:\g12g.exe
      C:\hjvjte.exe
      C:\l61yyp.exe
      c:\recycler\S-1-5-21-3713256513-92216171-3168076220-1003
      C:\v1cbvsmq.exe
      C:\vk0w.exe
      c:\windows\AhnRpta.exe
      c:\windows\system32\scrrntr.dll
      D:\6ruaqx.exe
      D:\9b9w3.exe
      D:\Autorun.inf
      D:\g12g.exe
      D:\l61yyp.exe
      D:\v1cbvsmq.exe
      D:\vk0w.exe

      .
      ((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
      .

      2009-11-14 14:31 . 2009-11-14 14:31 116017 --sh--r- C:\opdux.exe
      2009-11-14 14:30 . 2009-11-14 14:35 -------- d-----w- C:\4551cbfd24b7354fbd27fdb39924
      2009-11-14 13:55 . 2009-11-14 13:55 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
      2009-11-14 13:44 . 2009-11-14 14:53 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
      2009-11-14 13:44 . 2009-10-03 08:15 2924848 -c----w- c:\documents and settings\All Users\Application Data\~0\Ad-AwareInstallation.exe
      2009-11-14 13:44 . 2009-11-14 14:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
      2009-11-11 18:35 . 2009-11-11 18:35 113817 --sh--r- C:\pbudsara.exe
      2009-11-10 17:59 . 2009-11-10 18:01 -------- d-----w- c:\program files\icytower1.4
      2009-11-03 15:55 . 2009-11-03 15:54 111826 --sh--r- C:\mwfubaob.exe
      2009-10-30 16:10 . 2009-10-30 16:10 113614 --sh--r- C:\a2g21.exe
      2009-10-29 18:29 . 2008-05-21 12:28 7994 ----a-w- C:\yama.vbs
      2009-10-29 15:07 . 2009-10-30 11:00 112905 --sh--r- C:\uqgvf.exe
      2009-10-29 09:33 . 2009-10-29 09:32 115845 --sh--r- C:\3n8awsyg.exe
      2009-10-22 15:04 . 2009-10-22 15:04 -------- d-----w- c:\documents and settings\Ali Burak\Local Settings\Application Data\Help

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-10 17:41 . 2009-09-06 22:45 -------- d-----w- c:\program files\Opera
      2009-11-10 14:30 . 2009-10-11 13:23 -------- d-----w- c:\documents and settings\Ali Burak\Application Data\uTorrent
      2009-11-10 13:27 . 2009-02-26 13:44 72664 ----a-w- c:\windows\system32\perfc01F.dat
      2009-11-10 13:27 . 2009-02-26 13:44 390090 ----a-w- c:\windows\system32\perfh01F.dat
      2009-10-11 13:23 . 2009-10-11 13:23 -------- d-----w- c:\program files\uTorrent
      2009-10-06 11:43 . 2009-10-06 11:43 -------- d-----w- c:\documents and settings\Ali Burak\Application Data\GRETECH
      2009-10-06 11:27 . 2009-09-07 00:59 55816 ----a-w- c:\documents and settings\Ali Burak\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-10-05 15:02 . 2009-10-05 15:02 -------- d-----w- c:\program files\GRETECH
      2009-10-04 08:25 . 2009-02-26 13:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
      2009-10-04 08:20 . 2009-02-26 13:04 -------- d-----w- c:\program files\Microsoft Works
      2009-10-04 08:19 . 2009-10-04 08:19 -------- d-----w- c:\program files\Microsoft.NET
      2009-09-19 15:09 . 2009-02-26 11:59 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
      2009-09-06 22:29 . 2009-09-06 22:29 390214 ----a-w- c:\windows\1000H-ASUS-2102.zip
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension1]
      @="{fe25455d-b4c2-4e32-97d2-92632ec1c224}"
      [HKEY_CLASSES_ROOT\CLSID\{fe25455d-b4c2-4e32-97d2-92632ec1c224}]
      2006-12-22 10:28 271360 ----a-w- c:\windows\system32\mscoree.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayIconExtension2]
      @="{1fae2d88-a78e-4f03-909f-be818a3c1ce6}"
      [HKEY_CLASSES_ROOT\CLSID\{1fae2d88-a78e-4f03-909f-be818a3c1ce6}]
      2006-12-22 10:28 271360 ----a-w- c:\windows\system32\mscoree.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
      "ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-01-23 416768]
      "AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]
      "AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]
      "AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-20 94208]
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.EXE [2008-09-18 16855040]
      "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2009-06-17 55824]

      c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
      SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2009-2-26 376832]

      [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
      "{B03A4BE6-5E5A-483E-B9B3-C484D4B20B72}"= "c:\windows\system32\softqq1.dll" [2008-04-15 62925]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
      2009-07-20 09:28 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
      @=""

      [HKLM\~\startupfolder\C:^Documents and Settings^Ali Burak^Start Menu^Programlar^Başlangıç^Logitech . Ürün Kaydı.lnk]
      path=c:\documents and settings\Ali Burak\Start Menu\Programlar\Başlangıç\Logitech . Ürün Kaydı.lnk
      backup=c:\windows\pss\Logitech . Ürün Kaydı.lnkStartup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Logitech SetPoint.lnk]
      path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\Logitech SetPoint.lnk
      backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\uTorrent\\uTorrent.exe"=
      "d:\\utorrent.exe"=

      R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [26.02.2009 15:00 54752]
      R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [08.09.2009 19:14 10384]
      R3 AsusACPI;ASUS ACPI Driver;c:\windows\system32\drivers\ASUSACPI.SYS [26.02.2009 14:40 10752]
      R3 Ktp;Elantech Smart-Pad;c:\windows\system32\drivers\ETD.sys [19.02.2009 04:33 93696]
      S3 fsssvc;Windows Live Aile Koruması Hizmeti;"c:\program files\Windows Live\Family Safety\fsssvc.exe" --> c:\program files\Windows Live\Family Safety\fsssvc.exe [?]
      S3 L1e;Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1e51x86.sys [04.02.2009 11:41 38400]
      S3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [26.02.2009 14:40 933504]

      --- Other Services/Drivers In Memory ---

      *NewlyCreated* - MBR
      *Deregistered* - mbr
      .
      Contents of the 'Scheduled Tasks' folder
      .
      .
      ------- Supplementary Scan -------
      .
      IE: &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      IE: Bluetooth'a Gönder - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-14 17:10
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(532)
      c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
      c:\program files\common files\logishrd\bluetooth\LBTServ.dll

      - - - - - - - > 'explorer.exe'(2528)
      c:\program files\ASUS\Eee Storage\XPClient.dll
      c:\windows\system32\WPDShServiceObj.dll
      c:\windows\system32\PortableDeviceTypes.dll
      c:\windows\system32\PortableDeviceApi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
      c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\windows\system32\wscntfy.exe
      c:\windows\system32\igfxsrvc.exe
      c:\windows\system32\igfxext.exe
      .
      **************************************************************************
      .
      Completion time: 2009-11-14 17:12 - machine was rebooted
      ComboFix-quarantined-files.txt 2009-11-14 15:12

      Pre-Run: 66.274.787.328 bayt boş
      Post-Run: 66.682.695.680 bayt boş

      WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

      - - End Of File - - 949D021FCB0A65A77E6D5FB06D2BCB99



      < Bu mesaj bu kişi tarafından değiştirildi djinn_inc -- 14 Kasım 2009; 17:19:59 >
      _____________________________

    • Yarbay
      3842 Mesaj
      14 Kasım 2009 15:29:55

      quote:

      Orijinalden alıntı: sancar1992

      kardeşim banada yardımcı olurmusun bi combofix tarama sonucum bu sistem32 deki PnkBstrB exe dosya olduğu konusunda sürekli uyarı alıyorum ne yapmalıyım

      ComboFix 09-11-13.06 - B3K1R Corporation 13.11.2009 21:15.1.2 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.1023.473 [GMT 2:00]
      Running from: c:\documents and settings\B3K1R Corporation\Desktop\7011-ComboFix.exe
      * Created a new restore point

      WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
      .
      ADS - system32: deleted 12 bytes in 1 streams.

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\1a1dndah.exe
      C:\22yj2fy1.exe
      C:\3c.exe
      C:\6ruaqx.exe
      C:\86.exe
      C:\8dtyjjf.exe
      C:\9b9w3.exe
      C:\9jyhdim8.exe
      C:\9u.exe
      C:\APHQG.EXE
      C:\b.bat
      C:\cj3k.exe
      C:\cv8j.exe
      c:\docume~1\B3K1RC~1\LOCALS~1\Temp\cvasds0.dll
      c:\docume~1\B3K1RC~1\LOCALS~1\Temp\cvasds1.dll
      c:\documents and settings\B3K1R Corporation\Desktop\12.sınıf atölye\PLC\plc 2010\şifre- 6596\Desktop_.ini
      c:\documents and settings\B3K1R Corporation\Desktop\12.sınıf atölye\PLC\plc 2010\plc simülasyon\Desktop_.ini
      C:\dogyx90.exe
      C:\eexyv.exe
      C:\ewqij.bat
      C:\g12g.exe
      C:\G8K.EXE
      C:\gcq6.exe
      C:\hjvjte.exe
      C:\hm1bfpuj.exe
      C:\hx.exe
      C:\i0yva6.exe
      C:\incwf.bat
      C:\kgji.exe
      C:\ktly.exe
      C:\l61yyp.exe
      C:\lcw.exe
      C:\m.exe
      C:\m1eqos3.exe
      C:\mjafm.exe
      C:\mqhnawe.bat
      C:\mranjm.exe
      C:\mt2.exe
      C:\nkv.bat
      C:\o9bxu.exe
      C:\p.exe
      C:\pkkwng.exe
      C:\t2hjo0.exe
      C:\t8s2x.exe
      C:\u0riu2.exe
      C:\ucivd6xi.bat
      C:\ukfbi3aw.exe
      C:\vk0w.exe
      C:\w9hw8.exe
      C:\wbj.exe
      C:\wcgswa.exe
      c:\windows\AhnRpta.exe
      c:\windows\system32\e8main0.dll
      c:\windows\system32\ieuinit.inf
      c:\windows\system32\msconfig.exe
      c:\windows\system32\NTSVc.ocx
      c:\windows\system32\scrrntr.dll
      c:\windows\system32\vbbho.tlb
      C:\xs6kpr0.exe
      C:\y.bat
      D:\1a1dndah.exe
      D:\22yj2fy1.exe
      D:\3c.exe
      D:\6ruaqx.exe
      D:\8dtyjjf.exe
      D:\9b9w3.exe
      D:\9jyhdim8.exe
      D:\9u.exe
      D:\aphqg.exe
      D:\b.bat
      D:\cj3k.exe
      D:\cv8j.exe
      D:\dogyx90.exe
      D:\eexyv.exe
      D:\ewqij.bat
      D:\g12g.exe
      D:\g8k.exe
      D:\gcq6.exe
      D:\hjvjte.exe
      D:\hm1bfpuj.exe
      D:\hx.exe
      D:\i0yva6.exe
      D:\incwf.bat
      D:\kgji.exe
      D:\ktly.exe
      D:\l61yyp.exe
      D:\lcw.exe
      D:\m.exe
      D:\m1eqos3.exe
      D:\mjafm.exe
      D:\mqhnawe.bat
      D:\mranjm.exe
      D:\mt2.exe
      D:\nkv.bat
      D:\o9bxu.exe
      D:\p.exe
      D:\pkkwng.exe
      D:\t2hjo0.exe
      D:\t8s2x.exe
      D:\u0riu2.exe
      D:\ucivd6xi.bat
      D:\ukfbi3aw.exe
      D:\vk0w.exe
      D:\w9hw8.exe
      D:\wbj.exe
      D:\wcgswa.exe
      D:\xs6kpr0.exe
      D:\y.bat
      E:\1a1dndah.exe
      E:\22yj2fy1.exe
      E:\3c.exe
      E:\6ruaqx.exe
      E:\8dtyjjf.exe
      E:\9b9w3.exe
      E:\9jyhdim8.exe
      E:\9u.exe
      E:\aphqg.exe
      E:\b.bat
      E:\cj3k.exe
      E:\cv8j.exe
      E:\dogyx90.exe
      E:\eexyv.exe
      E:\ewqij.bat
      E:\g12g.exe
      E:\g8k.exe
      E:\gcq6.exe
      E:\hjvjte.exe
      E:\hm1bfpuj.exe
      E:\hx.exe
      E:\i0yva6.exe
      E:\incwf.bat
      E:\kgji.exe
      E:\ktly.exe
      E:\l61yyp.exe
      E:\lcw.exe
      E:\m.exe
      E:\m1eqos3.exe
      E:\mjafm.exe
      E:\mqhnawe.bat
      E:\mranjm.exe
      E:\mt2.exe
      E:\nkv.bat
      E:\o9bxu.exe
      E:\p.exe
      E:\pkkwng.exe
      E:\t2hjo0.exe
      E:\t8s2x.exe
      E:\u0riu2.exe
      E:\ucivd6xi.bat
      E:\ukfbi3aw.exe
      E:\vk0w.exe
      E:\w9hw8.exe
      E:\wbj.exe
      E:\wcgswa.exe
      E:\xs6kpr0.exe
      E:\y.bat



      Bilgisayar virüs istilasına uğramış, iyiki log gönderdin. @serji halledecektir.


      _____________________________

    • iOS Beta Kullanıcısı
      2279 Mesaj
      14 Kasım 2009 16:23:01
      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 16:19:11, on 14.11.2009
      Platform: Unknown Windows (WinNT 6.01.3504)
      MSIE: Internet Explorer v8.00 (8.00.7600.16385)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskhost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
      C:\Users\AsiYakar\Desktop\oyunlokali101(2).exe
      C:\Users\AsiYakar\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
      O4 - HKLM\..\Run: [CircleVirtualCD] C:\Program Files\Circle\VirtualCD\HvcdUI.exe
      O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\torent\uTorrent.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
      O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O13 - Gopher Prefix:
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CS1\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CS2\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
      O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe
      O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 4391 bytes


      windows 7 yukledım sorun yok sadece bi bakıver burak ustadım :)

      saygılar


      _____________________________

      [link=http://forum.donanimhaber.com/m_8300642/tm.htm]
      [image]http://img517.imageshack.us/img517/5199/dhkonyallart
      ..::GONYA'lıyım, GONYA'lısın, GONYA'lı, GONYA'lıyız, GONYA'lısınız, GONYA'lılar::..
    • Yarbay
      6244 Mesaj
      14 Kasım 2009 18:13:30
      Hocam Counter vs. oyunları oynadığımda internette kopmalar oluyor. Sorun programlarla mı ilgili bir bakar mısın?
      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 18:11:36, on 14.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Documents and Settings\EmperoR\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
      C:\Program Files\Orbitdownloader\orbitdm.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
      C:\Program Files\4t Tray Minimizer\4t-min.exe
      C:\Program Files\Orbitdownloader\orbitnet.exe
      C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\CDBurnerXP\NMSAccessU.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Steam\Steam.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\EmperoR\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net
      O1 - Hosts: localhost pes7stun-e.winning-eleven.net
      O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
      O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [GEST] m|\ü
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\EmperoR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Startup: Cs Serverlar.lnk = E:\GAMES\Valve\platform\Cs Serverlar.url
      O4 - Startup: OtomatikServerList.lnk = C:\Program Files\Valve\platform\baslangic_serverlist.exe
      O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe
      O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
      O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
      O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
      O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{4089DC2F-E32C-4077-9720-59A4C3FCA00F}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CCS\Services\Tcpip\..\{CF2EAFD9-F24B-4D6F-9C88-CE43E02E95CB}: NameServer = 208.67.222.222,208.67.220.220
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

      --
      End of file - 11061 bytes



      _____________________________

    • Yüzbaşı
      844 Mesaj
      14 Kasım 2009 19:13:39
      Hocam benimkinede bakabilirmisiniz
       
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:09:32, on 14.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      C:\WINDOWS\system32\bgsvcgen.exe
      C:\Program Files\GameTracker\GSInGameService.exe
      C:\WINDOWS\System32\svchost.exe
      c:\program files\mouse recorder\MacroService.exe
      C:\WINDOWS\System32\dmadmin.exe
      c:\program files\mouse recorder\MacroServiceWnd.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\A4Tech\Mouse\Amoumain.exe
      C:\WINDOWS\system32\UnlockerAssistant.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\Program Files\Evidence Eliminator\ee.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
      C:\Documents and Settings\Administrator\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: s127.0.0.1 localhost
      O1 - Hosts: Youtube Jacker 4 :)
      O1 - Hosts: 209.85.229.100 www.youtube.com
      O1 - Hosts: 209.85.229.100 youtube.com
      O1 - Hosts: 209.85.229.100 tr.youtube.com
      O1 - Hosts: 209.85.229.100 fr.youtube.com
      O1 - Hosts: 209.85.229.100 au.youtube.com
      O1 - Hosts: 209.85.229.100 ca.youtube.com
      O1 - Hosts: 208.117.236.71 m.youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 209.85.165.102 gdata.youtube.com
      O1 - Hosts: 208.117.236.71 ru.youtube.com
      O1 - Hosts: 208.117.236.70 youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 88.255.41.21 fr.youtube.com
      O1 - Hosts: 88.255.41.21 www.fr.youtube.com
      O1 - Hosts: 74.125.95.138 de.youtube.com
      O1 - Hosts: 209.85.129.104 help.youtube.com
      O1 - Hosts: 209.85.129.104 www.help.youtube.com
      O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com
      O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com
      O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com
      O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com
      O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com
      O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com
      O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com
      O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com
      O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com
      O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com
      O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\WINDOWS\system32\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B23870ED-13F2-4FA2-979A-0F6C1A9728CB}: NameServer = 4.2.2.1,4.2.2.3
      O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
      O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: Macro Expert - Grass Software - c:\program files\mouse recorder\MacroService.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 11613 bytes




      _____________________________

    • Teğmen
      100 Mesaj
      14 Kasım 2009 22:27:05

      quote:

      Orijinalden alıntı: serji



      Alıntıları Göster


      Virustotal sitesini ziyaret edin.

      http://www.virustotal.com/tr/

      * Gözat tıklayın ve aşağıdaki dosyaları seçip Aç tıklayın.
      * Gönderme işlemi dosyanın boyutuna bağlı olarak zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * İşlem tamamlandıktan sonra sonuçları notdefterine kopyalayıp yapıştırın veya bir ekran görüntüsü alarak mesajınıza ekleyerek bize gönderin.

      c:\windows\system32\drivers\bbcap.sys


      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.






      Malwarebytes' Anti-Malware 1.41
      Veritabanı sürümü: 3161
      Windows 5.1.2600 Service Pack 3

      14.11.2009 22:16:04
      mbam-log-2009-11-14 (22-16-04).txt

      Tarama biçimi: Hızlı Tarama
      Taranan öğeler: 98389
      Geçen süre: 5 minute(s), 49 second(s)

      Etkilenmiş Hafıza İşlemleri: 0
      Etkilenmiş Hafıza Modülleri: 0
      Etkilenmiş Kayıt Anahtarları: 0
      Etkilenmiş Kayıt Değerleri: 0
      Etkilenmiş Kayıt Verisi Öğeleri: 3
      Etkilenmiş Klasörler: 0
      Etkilenmiş Dosyalar: 0

      Etkilenmiş Hafıza İşlemleri:
      (Herhangi bir tehlikeli öğe bulunmadı)

      Etkilenmiş Hafıza Modülleri:
      (Herhangi bir tehlikeli öğe bulunmadı)

      Etkilenmiş Kayıt Anahtarları:
      (Herhangi bir tehlikeli öğe bulunmadı)

      Etkilenmiş Kayıt Değerleri:
      (Herhangi bir tehlikeli öğe bulunmadı)

      Etkilenmiş Kayıt Verisi Öğeleri:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

      Etkilenmiş Klasörler:
      (Herhangi bir tehlikeli öğe bulunmadı)

      Etkilenmiş Dosyalar:
      (Herhangi bir tehlikeli öğe bulunmadı)


      Acaba ciddi tehlikemi var pc'mde lütfen yardım...



      _____________________________

    • Teğmen
      100 Mesaj
      14 Kasım 2009 22:30:46


      Dosya mbam-log-2009-11-14__22-16-04_.tx alýndýðý zaman 2009.11.14 20:24:55 (UTC)
      şimdiki Durumu: Yükleniyor ... sýrada bekleniyor taranýyor tamamlandý BULUNAMADI DURDU


      Sonuç: 0/41 (0%)
      Sunucu bilgisi yükleniyor...
      Dosyanýzýn sýradaki durumu: 1.
      Muhtemel başlangýç zamaný 43 veya 62 saniye.
      Tarama sonuçlanýncaya kadar lütfen bu pencereyi kapatmayýn.
      Tarayýcý sizin sonucunuzu çýkarýrken bir hata meydana geldi. Lütfen sonucu alana kadar bir kaç dakika bekleyin.
      Eðer beş dakikadan fazla bir zamandýr bekliyorsanýz lütfen dosyanýzý yeniden gönderin.
      Dosyanýz şu anda VirusTotal tarafýndan taranmaya başlandý,
      sonuçlar çýktýðý anda size bidirilecektir.
      Formatlanmýş Sonuçlarý yazdýr.
      Dosyanýzýn süresi doldu yada bulunamadý.
      Servis şu anda durdu. Dosyanýz tarama için bekliyor (pozisyonu: ) belirsiz bir zaman için.

      Web sonucu için bekleyebilirsiniz (otomatik yenileme) yada aşaðýdaki forma email adresinizi yazýp "Email sonucu iste" butonuna basarsanýz sistem size taramanýn bittiðini email adresinize bildirecektir.
      Email adresiniz:


      Antivirüs Versiyon Son Güncelleştirme Sonuç
      a-squared 4.5.0.41 2009.11.14 -
      AhnLab-V3 5.0.0.2 2009.11.13 -
      AntiVir 7.9.1.65 2009.11.13 -
      Antiy-AVL 2.0.3.7 2009.11.13 -
      Authentium 5.2.0.5 2009.11.14 -
      Avast 4.8.1351.0 2009.11.14 -
      AVG 8.5.0.425 2009.11.14 -
      BitDefender 7.2 2009.11.14 -
      CAT-QuickHeal 10.00 2009.11.13 -
      ClamAV 0.94.1 2009.11.14 -
      Comodo 2955 2009.11.14 -
      DrWeb 5.0.0.12182 2009.11.14 -
      eSafe 7.0.17.0 2009.11.12 -
      eTrust-Vet 35.1.7121 2009.11.14 -
      F-Prot 4.5.1.85 2009.11.14 -
      F-Secure 9.0.15370.0 2009.11.11 -
      Fortinet 3.120.0.0 2009.11.14 -
      GData 19 2009.11.14 -
      Ikarus T3.1.1.74.0 2009.11.14 -
      Jiangmin 11.0.800 2009.11.12 -
      K7AntiVirus 7.10.896 2009.11.13 -
      Kaspersky 7.0.0.125 2009.11.14 -
      McAfee 5802 2009.11.14 -
      McAfee+Artemis 5802 2009.11.14 -
      McAfee-GW-Edition 6.8.5 2009.11.14 -
      Microsoft 1.5202 2009.11.14 -
      NOD32 4608 2009.11.14 -
      Norman 6.03.02 2009.11.14 -
      nProtect 2009.1.8.0 2009.11.14 -
      Panda 10.0.2.2 2009.11.14 -
      PCTools 7.0.3.5 2009.11.13 -
      Prevx 3.0 2009.11.14 -
      Rising 22.21.05.04 2009.11.14 -
      Sophos 4.47.0 2009.11.14 -
      Sunbelt 3.2.1858.2 2009.11.12 -
      Symantec 1.4.4.12 2009.11.14 -
      TheHacker 6.5.0.2.070 2009.11.14 -
      TrendMicro 9.0.0.1003 2009.11.14 -
      VBA32 3.12.10.11 2009.11.13 -
      ViRobot 2009.11.14.2037 2009.11.14 -
      VirusBuster 4.6.5.0 2009.11.14 -
      Ýlave Bilgiler
      File size: 1373 bytes
      MD5...: 5761fe09cbe0ad274fe1462cbadda18f
      SHA1..: 632bf6dcf3d58cb66e8609101cb8b43502d020e3
      SHA256: 91a71c5187c27a920d4578c53fea857327a83cd22a626cf01ef7f8d288720047
      ssdeep: 24:zU9JejqJjSrYN5dKh8ye+y8yy8zFy8dIfG2C/IfQC/IfCCc7ygUyo:zUnejqJ
      jK8OGdpIxC/IYC/IKCc7PUP

      PEiD..: -
      PEInfo: -
      RDS...: NSRL Reference Data Set
      -
      pdfid.: -
      trid..: Unknown!
      sigcheck:
      publisher....: n/a
      copyright....: n/a
      product......: n/a
      description..: n/a
      original name: n/a
      internal name: n/a
      file version.: n/a
      comments.....: n/a
      signers......: -
      signing date.: -
      verified.....: Unsigned

      Ne demek istiyor ki...


      _____________________________

    • Teğmen
      100 Mesaj
      14 Kasım 2009 22:33:07


      Dosya mbam-log-2009-11-14__22-16-04_.tx alýndýðý zaman 2009.11.14 20:24:55 (UTC)
      şimdiki Durumu: Yükleniyor ... sýrada bekleniyor taranýyor tamamlandý BULUNAMADI DURDU


      Sonuç: 0/41 (0%)
      Sunucu bilgisi yükleniyor...
      Dosyanýzýn sýradaki durumu: 1.
      Muhtemel başlangýç zamaný 43 veya 62 saniye.
      Tarama sonuçlanýncaya kadar lütfen bu pencereyi kapatmayýn.
      Tarayýcý sizin sonucunuzu çýkarýrken bir hata meydana geldi. Lütfen sonucu alana kadar bir kaç dakika bekleyin.
      Eðer beş dakikadan fazla bir zamandýr bekliyorsanýz lütfen dosyanýzý yeniden gönderin.
      Dosyanýz şu anda VirusTotal tarafýndan taranmaya başlandý,
      sonuçlar çýktýðý anda size bidirilecektir.
      Formatlanmýş Sonuçlarý yazdýr.
      Dosyanýzýn süresi doldu yada bulunamadý.
      Servis şu anda durdu. Dosyanýz tarama için bekliyor (pozisyonu: ) belirsiz bir zaman için.

      Web sonucu için bekleyebilirsiniz (otomatik yenileme) yada aşaðýdaki forma email adresinizi yazýp "Email sonucu iste" butonuna basarsanýz sistem size taramanýn bittiðini email adresinize bildirecektir.
      Email adresiniz:


      Antivirüs Versiyon Son Güncelleştirme Sonuç
      a-squared 4.5.0.41 2009.11.14 -
      AhnLab-V3 5.0.0.2 2009.11.13 -
      AntiVir 7.9.1.65 2009.11.13 -
      Antiy-AVL 2.0.3.7 2009.11.13 -
      Authentium 5.2.0.5 2009.11.14 -
      Avast 4.8.1351.0 2009.11.14 -
      AVG 8.5.0.425 2009.11.14 -
      BitDefender 7.2 2009.11.14 -
      CAT-QuickHeal 10.00 2009.11.13 -
      ClamAV 0.94.1 2009.11.14 -
      Comodo 2955 2009.11.14 -
      DrWeb 5.0.0.12182 2009.11.14 -
      eSafe 7.0.17.0 2009.11.12 -
      eTrust-Vet 35.1.7121 2009.11.14 -
      F-Prot 4.5.1.85 2009.11.14 -
      F-Secure 9.0.15370.0 2009.11.11 -
      Fortinet 3.120.0.0 2009.11.14 -
      GData 19 2009.11.14 -
      Ikarus T3.1.1.74.0 2009.11.14 -
      Jiangmin 11.0.800 2009.11.12 -
      K7AntiVirus 7.10.896 2009.11.13 -
      Kaspersky 7.0.0.125 2009.11.14 -
      McAfee 5802 2009.11.14 -
      McAfee+Artemis 5802 2009.11.14 -
      McAfee-GW-Edition 6.8.5 2009.11.14 -
      Microsoft 1.5202 2009.11.14 -
      NOD32 4608 2009.11.14 -
      Norman 6.03.02 2009.11.14 -
      nProtect 2009.1.8.0 2009.11.14 -
      Panda 10.0.2.2 2009.11.14 -
      PCTools 7.0.3.5 2009.11.13 -
      Prevx 3.0 2009.11.14 -
      Rising 22.21.05.04 2009.11.14 -
      Sophos 4.47.0 2009.11.14 -
      Sunbelt 3.2.1858.2 2009.11.12 -
      Symantec 1.4.4.12 2009.11.14 -
      TheHacker 6.5.0.2.070 2009.11.14 -
      TrendMicro 9.0.0.1003 2009.11.14 -
      VBA32 3.12.10.11 2009.11.13 -
      ViRobot 2009.11.14.2037 2009.11.14 -
      VirusBuster 4.6.5.0 2009.11.14 -
      Ýlave Bilgiler
      File size: 1373 bytes
      MD5...: 5761fe09cbe0ad274fe1462cbadda18f
      SHA1..: 632bf6dcf3d58cb66e8609101cb8b43502d020e3
      SHA256: 91a71c5187c27a920d4578c53fea857327a83cd22a626cf01ef7f8d288720047
      ssdeep: 24:zU9JejqJjSrYN5dKh8ye+y8yy8zFy8dIfG2C/IfQC/IfCCc7ygUyo:zUnejqJ
      jK8OGdpIxC/IYC/IKCc7PUP

      PEiD..: -
      PEInfo: -
      RDS...: NSRL Reference Data Set
      -
      pdfid.: -
      trid..: Unknown!
      sigcheck:
      publisher....: n/a
      copyright....: n/a
      product......: n/a
      description..: n/a
      original name: n/a
      internal name: n/a
      file version.: n/a
      comments.....: n/a
      signers......: -
      signing date.: -
      verified.....: Unsigned

      Ne demek istiyor ki...


      _____________________________

    • Yarbay
      2469 Mesaj
      16 Kasım 2009 02:39:43
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 02:35:47, on 16.11.2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v7.00 (7.00.6002.18005)
      Boot mode: Normal

      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\CursorXP\CursorXP.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\Program Files\Apoint2K\ApMsgFwd.exe
      C:\Windows\system32\agrsmsvc.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
      C:\Windows\system32\TODDSrv.exe
      C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Windows\system32\wbem\wmiprvse.exe
      C:\Program Files\Internet Explorer\iexplore.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OGUZHAN
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O13 - Gopher Prefix:
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{71A7F614-71E8-4EA9-94F1-6516B5E89A5A}: NameServer = 208.67.222.222,208.67.220.220
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
      O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
      O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
      O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

      --
      End of file - 7375 bytes



      _____________________________

    • Er
      1 Mesaj
      16 Kasım 2009 03:27:56
      merhaba,

      bilgisayarımda kendiliğinden silinen programlar ve yavaşlama var. firefox açılmıyor ve virüs taramaları temiz çıkıyor. log dosyalarını inceleyebilirmisiniz acaba.
      şimdiden teşekkürler..

      ComboFix 09-11-16.03 - Administrator 16.11.2009 3:07..2 - FAT32x86
      Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.2046.1570 [GMT 2:00]
      Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
      AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\scrrntr.dll

      .
      ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
      .

      2009-11-16 00:39 . 2009-11-16 00:39 -------- d-----w- c:\program files\Trend Micro
      2009-11-16 00:33 . 2009-11-16 00:33 -------- d-----w- c:\program files\NOS
      2009-11-15 21:19 . 2009-11-15 21:21 -------- d-----w- C:\$AVG
      2009-11-15 21:19 . 2009-11-15 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-16 00:34 . 2009-07-11 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
      2009-11-15 23:58 . 2009-02-02 19:43 -------- d-----w- c:\program files\eMule
      2009-11-15 21:19 . 2009-02-02 18:57 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
      2009-11-15 21:19 . 2009-02-02 18:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
      2009-11-15 21:19 . 2009-02-02 18:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
      2009-11-15 21:19 . 2009-02-02 18:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
      2009-11-15 21:19 . 2009-02-02 18:57 -------- d-----w- c:\program files\AVG
      2009-11-15 21:10 . 2009-08-16 18:44 -------- d-----w- c:\program files\Hattrick Coach Professional
      2009-11-15 20:57 . 2009-11-15 20:57 0 ----a-w- c:\windows\system32\atiicdxx.dat
      2009-11-15 20:57 . 2009-11-15 20:57 0 ----a-w- c:\windows\ativpsrm.bin
      2009-11-15 20:55 . 2009-11-15 20:53 -------- d-----w- c:\program files\Microsoft
      2009-11-15 20:55 . 2009-11-15 20:55 -------- d-----w- c:\program files\Common Files\Apple
      2009-11-15 20:54 . 2009-11-15 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
      2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\ATI Technologies
      2009-11-15 20:53 . 2009-08-02 22:48 -------- d-----w- c:\program files\OpenAL
      2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\MSBuild
      2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\QuickTime
      2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\K-Lite Codec Pack
      2009-11-15 20:52 . 2009-11-15 18:53 -------- d-----w- c:\program files\HiGames
      2009-11-15 20:52 . 2009-11-15 18:53 -------- d-----w- c:\program files\Emoti Match
      2009-11-15 20:52 . 2009-02-02 18:30 -------- d-----w- c:\program files\NetLimiter
      2009-11-15 20:52 . 2009-02-02 19:25 -------- d-----w- c:\program files\FileZilla FTP Client
      2009-11-15 19:02 . 2009-11-15 19:02 -------- d-----w- c:\program files\WildSnake Software
      2009-11-15 18:49 . 2009-11-15 18:49 -------- d-----w- c:\program files\Hasbro Interactive
      2009-11-15 18:34 . 2009-11-15 18:34 -------- d-----w- c:\program files\MyPlayCity.com
      2009-11-09 15:57 . 2009-02-11 18:55 -------- d-----w- c:\program files\Microsoft Works
      2009-11-07 14:43 . 2009-02-02 17:58 84704 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-11-06 19:12 . 2009-11-03 18:03 -------- d-----w- c:\program files\Roxio
      2009-11-06 19:12 . 2009-11-03 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
      2009-11-06 19:12 . 2009-11-06 19:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
      2009-11-06 19:08 . 2009-11-03 17:59 -------- d-----w- c:\program files\Common Files\Roxio Shared
      2009-11-06 19:01 . 2009-11-03 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
      2009-11-04 04:41 . 2009-10-11 00:37 256 ----a-w- c:\windows\system32\pool.bin
      2009-11-03 22:44 . 2009-11-03 22:44 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe
      2009-11-03 18:05 . 2009-11-03 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
      2009-11-03 18:05 . 2009-11-03 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
      2009-11-03 17:59 . 2009-11-03 17:58 -------- d-----w- c:\program files\Research In Motion
      2009-11-03 17:59 . 2009-10-11 00:36 -------- d-----w- c:\program files\Common Files\Research In Motion
      2009-10-29 19:15 . 2001-11-22 12:00 82540 ----a-w- c:\windows\system32\perfc01F.dat
      2009-10-29 19:15 . 2001-11-22 12:00 430960 ----a-w- c:\windows\system32\perfh01F.dat
      2009-10-11 00:37 . 2009-10-11 00:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Research In Motion
      2009-10-01 14:55 . 2009-02-02 19:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
      2009-09-21 12:00 . 2009-02-02 18:19 -------- d--h--w- c:\program files\InstallShield Installation Information
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
      2007-05-24 07:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "c:\\Program Files\\eMule\\emule.exe"=
      "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
      "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
      "c:\\WINDOWS\\system32\\dplaysvr.exe"=
      "d:\\oyunlar\\age of 2\\age\\aoe20a_crk.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
      "d:\\oyunlar\\age of 2\\age\\empires2.EXE"=
      "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
      "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
      "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
      "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
      "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
      "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
      "c:\\Program Files\\The Creative Assembly\\Medieval - Total War - Gold Edition\\Medieval_TW.exe"=
      "c:\\OYUNLAR SETUP (DEVAM)\\World in Conflict Complete Edition\\wic.exe"=
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
      "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

      R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [02.02.2009 20:38 11264]
      R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02.02.2009 20:57 333192]
      R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02.02.2009 20:57 360584]
      R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [24.05.2007 09:13 2234800]
      R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15.11.2009 23:46 906520]
      R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.11.2009 23:19 285392]
      R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [24.05.2007 09:13 36368]
      R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [24.05.2007 09:13 110032]
      R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [24.05.2007 09:13 673456]
      S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04.08.2004 00:45 14336]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      getPlusHelper REG_MULTI_SZ getPlusHelper
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com.tr/
      LSP: c:\program files\NetLimiter\nl_lsp.dll
      FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ee3o23as.default\
      FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

      ---- FIREFOX POLICIES ----
      c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
      .
      - - - - ORPHANS REMOVED - - - -

      WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



      **************************************************************************
      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files:

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_USERS\S-1-5-21-1220945662-1383384898-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
      "??"=hex:92,6a,83,6b,e1,24,fa,73,46,48,ce,0e,4f,db,c5,58,7b,6d,30,32,b6,30,5a,
      6d,e3,ae,ab,9d,d2,d0,c9,06,58,75,57,b0,54,a8,98,cf,b0,36,12,6e,2e,ed,1c,d5,\
      "??"=hex:9d,1b,ff,ec,47,01,e5,b2,d1,12,e2,67,ec,4d,cd,18

      [HKEY_USERS\S-1-5-21-1220945662-1383384898-839522115-500\Software\SecuROM\License information*]
      "datasecu"=hex:4f,d4,61,2e,2a,0a,f1,15,7d,8b,0b,76,2b,68,c3,12,6a,f6,5d,46,48,
      c6,ec,78,4f,28,b5,8f,b6,8c,0b,84,54,e8,56,b3,88,16,15,d8,6e,60,81,d7,7d,f0,\
      "rkeysecu"=hex:a9,80,3b,fa,d9,15,45,b5,56,d2,b6,b4,aa,27,04,1f
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'winlogon.exe'(756)
      c:\windows\system32\Ati2evxx.dll

      - - - - - - - > 'lsass.exe'(812)
      c:\program files\NetLimiter\nl_lsp.dll
      c:\windows\system32\nl_msgc.dll

      - - - - - - - > 'explorer.exe'(3492)
      c:\windows\system32\msi.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\windows\system32\Ati2evxx.exe
      c:\windows\system32\Ati2evxx.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\AVG\AVG9\avgnsx.exe
      c:\program files\AVG\AVG9\avgrsx.exe
      c:\program files\AVG\AVG9\avgchsvx.exe
      c:\program files\AVG\AVG9\avgcsrvx.exe
      c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
      c:\windows\system32\wdfmgr.exe
      c:\program files\AVG\AVG9\avgcsrvx.exe
      c:\windows\system32\imapi.exe
      c:\windows\system32\wscntfy.exe
      .
      **************************************************************************
      .
      Completion time: 2009-11-16 03:14 - machine was rebooted
      ComboFix-quarantined-files.txt 2009-11-16 01:13

      Pre-Run: 53.765.787.648 bayt boş
      Post-Run: 54.221.762.560 bayt boş

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

      - - End Of File - - 0F40BCEBFFDE991FB6C582B26682D6CE



      _____________________________

    • Yüzbaşı
      564 Mesaj
      16 Kasım 2009 04:26:36
      Merhaba kardeşim bu başlığı ilk kez bugün gördüm indirip proğramı çalıştırdım sonuçlar aşağıda bi bakarmısın fizlenmeyi gerektiren var mı?


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 04:21:29, on 16.11.2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18828)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
      C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
      C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Windows\system32\wbem\unsecapp.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Opera\opera.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Windows\system32\wuauclt.exe
      C:\Program Files\uTorrent\uTorrent.exe
      C:\Users\fatih\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.131.10:3128
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
      O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
      O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
      O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - Global Startup: Bluetooth.lnk = ?
      O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
      O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
      O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
      O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O13 - Gopher Prefix:
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Rezip - Unknown owner - C:\Windows\SYSTEM32\Rezip.exe
      O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
      O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
      O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

      --
      End of file - 6537 bytes


      _____________________________

      OYUN VEYA İTEM SATTIĞIM ÜYELER
      Drmel , Hawk-Claw , Markus Schulz , arasmustafaoglu , grkcm , Takumi , cikitare , black37 , Keanexx , Cr!M!N4L , Frobisher , Bu bir kullanıcı adı , MyReSPeT , lp.papercut , Winston Blue , Yaşayan Canlı , quarters , Degisik Kahya , Dark_Stone_TR , roebenewa , berkke , Gargemelus , yusufahmet16 , dr.halil , TR_LegendOfWar , slckssmz , Grain35 , slajer, Yggdrasil , dunklerpaladin , Kael_ , Blasted35, demirkaanersin , capcup74 , Arthionnn , SchwarzMoto , xVengeance , capcup74 , Leeroy Genghis , mustafa982 , fat33 , DoDoking , anorexia , Crashlone , Psicolog , QarekTyphon , AurumLuna , hsnpyn11111 , Gold D. Roger , Mckenziee , Markus Schulz , Ŀeoп , judge1986 , GuitarxtanbuL , Leeroy Genghis , Kronoss2510 , ExMilitary , Jellal Fernandes , Unshaken Darkness , GuitarxtanbuL , John Constantine

      Dr_nike_kaddafi
    • Teğmen
      213 Mesaj
      16 Kasım 2009 12:45:01

      quote:

      Orijinalden alıntı: serji



      Alıntıları Göster


      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      kardes combofixle tarama yaptırdım exe dosyası asagıdadır.birsey yapmam gereklimidir?

      ComboFix 09-11-16.05 - Administrator 16.11.2009 12:20:41..1 - FAT32x86
      Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.510.252 [GMT 2:00]
      Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
      AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
      * Created a new restore point
      * Resident AV is active

      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\scrrntr.dll

      .
      ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
      .

      2009-11-08 15:39:47 . 2009-11-08 15:40:04 0 d-----w- C:\Program Files\Windows Live
      2009-11-08 15:34:57 . 2009-11-08 16:20:09 0 d-----w- C:\WINDOWS\SxsCaPendDel
      2009-11-08 15:27:33 . 2009-11-08 15:27:33 0 d-----w- C:\WINDOWS\system32\wbem\Repository
      2009-11-08 07:24:12 . 2009-11-08 15:33:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2009-11-07 17:27:04 . 2009-11-07 17:34:41 35528152 ----a-w- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F2363T1L1\setup_gF2363T1L1_d685289173_l1_s1.exe
      2009-11-07 17:19:17 . 2009-11-07 17:34:17 0 d-----w- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
      2009-11-06 05:40:51 . 2009-11-16 08:59:41 0 d-----w- C:\Documents and Settings\Administrator\Tracing
      2009-11-06 05:39:46 . 2009-11-06 05:39:46 0 d-----w- C:\Program Files\Microsoft
      2009-11-06 05:20:13 . 2009-11-06 05:20:13 0 d-----w- C:\Program Files\Common Files\Windows Live
      2009-11-06 05:20:09 . 2009-11-08 15:39:06 18440 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-11-04 13:01:03 . 2009-11-12 06:53:21 0 d-----w- C:\Program Files\Total Video Converter
      2009-11-04 12:43:33 . 2009-04-23 19:25:08 8704 ----a-w- C:\WINDOWS\system32\kbdjpn.dll
      2009-11-04 12:43:33 . 2009-04-23 19:25:08 8192 ----a-w- C:\WINDOWS\system32\kbdkor.dll
      2009-11-04 12:43:33 . 2009-04-23 19:25:08 6144 ----a-w- C:\WINDOWS\system32\kbd101c.dll
      2009-11-04 12:43:33 . 2009-04-23 19:25:08 5632 ----a-w- C:\WINDOWS\system32\kbd103.dll
      2009-11-04 12:43:32 . 2009-04-23 19:25:26 6144 ----a-w- C:\WINDOWS\system32\kbd106.dll
      2009-11-04 12:43:32 . 2009-04-23 19:25:08 6144 ----a-w- C:\WINDOWS\system32\kbd101b.dll
      2009-11-01 13:09:34 . 2009-11-01 13:09:34 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-11 11:00:18 . 2009-10-03 10:26:26 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
      2009-11-08 15:30:19 . 2008-04-15 12:00:00 44212 ----a-w- C:\WINDOWS\system32\perfc01F.dat
      2009-11-08 15:30:19 . 2008-04-15 12:00:00 297642 ----a-w- C:\WINDOWS\system32\perfh01F.dat
      2009-11-07 07:14:39 . 2009-09-28 08:06:23 0 d-----w- C:\Documents and Settings\Administrator\Application Data\LimeWire
      2009-10-09 06:06:04 . 2009-10-09 06:06:04 0 ----a-w- C:\WINDOWS\nsreg.dat
      2009-09-28 08:04:25 . 2009-09-28 08:05:08 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
      2009-09-28 08:03:52 . 2009-09-28 08:03:52 0 d-----w- C:\Program Files\Java
      2009-09-28 08:03:06 . 2009-09-28 08:03:06 152576 ----a-w- C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
      2009-09-28 07:59:47 . 2009-09-28 07:58:32 0 d-----w- C:\Program Files\LimeWire
      2009-09-27 13:32:33 . 2009-09-19 07:03:02 0 d-----w- C:\Program Files\Common Files\Adobe
      2009-09-19 07:08:28 . 2009-09-19 07:08:26 0 d-----w- C:\Program Files\CCleaner
      2009-09-19 06:58:34 . 2009-09-19 06:58:34 0 d-----w- C:\Documents and Settings\Administrator\Application Data\IObit
      2009-09-19 06:58:22 . 2009-09-19 06:58:22 0 d-----w- C:\Program Files\IObit
      2009-09-19 06:57:12 . 2009-09-19 06:57:12 0 d--h--w- C:\Program Files\InstallShield Installation Information
      2009-09-19 06:57:06 . 2009-09-18 15:18:02 0 d-----w- C:\Program Files\Common Files\InstallShield
      2009-09-19 06:42:54 . 2009-09-19 06:42:54 0 d-----w- C:\Program Files\ESET
      2009-09-19 06:42:54 . 2009-09-19 06:42:54 0 d-----w- C:\Documents and Settings\All Users\Application Data\ESET
      2009-09-19 06:21:14 . 2009-09-19 06:21:14 29926 ----a-r- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{13E7F4A4-33A0-16B0-6486-FAA38C2A7067}\ARPPRODUCTICON.exe
      2009-09-19 06:21:02 . 2009-09-19 06:21:02 0 d-----w- C:\Program Files\Nero
      2009-09-19 06:21:02 . 2009-09-19 06:21:02 0 d-----w- C:\Program Files\Common Files\Ahead
      2009-09-19 06:10:20 . 2009-09-19 06:09:18 0 dcsh--w- C:\Program Files\Common Files\WindowsLiveInstaller
      2009-09-19 06:09:06 . 2009-09-19 06:09:06 0 d-----w- C:\Documents and Settings\All Users\Application Data\WLInstaller
      2009-09-18 15:27:41 . 2009-09-18 14:58:16 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
      2009-09-18 15:14:57 . 2009-09-18 15:14:57 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Conceptworld
      2009-09-18 15:00:05 . 2009-09-18 15:00:05 2 ----a-w- C:\WINDOWS\HFSLIP.TMP
      2009-09-18 14:55:34 . 2009-09-18 14:55:34 21736 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
      .

      ------- Sigcheck -------

      [-] 2009-04-23 18:18:14 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\drivers\tcpip.sys

      [-] 2009-04-23 20:14:35 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe

      [-] 2009-04-23 20:07:59 . 2E1BE2B73E406E85211B0CC306BB1E56 . 662528 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\comctl32.dll

      [-] 2009-04-23 20:11:22 . FBC4C5F06D7397B749D887F84A6CF519 . 2389248 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\system32\ntoskrnl.exe

      [-] 2009-04-23 20:14:18 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll

      [-] 2009-04-23 20:08:38 . 6996F4174D83FB076851095E8C070BC4 . 2326016 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe

      [-] 2009-04-23 20:08:21 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 13:48:30 1443072]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 09:20:00 6803456]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2009-04-23 20:08:21 40960]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "_nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2009-04-23 18:22:02 128512]






      _____________________________

    • Binbaşı
      1121 Mesaj
      17 Kasım 2009 14:46:48
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:44:33, on 17.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
      C:\WINDOWS\Explorer.EXE
      C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      C:\PROGRA~1\AVG\AVG8\avgfws8.exe
      C:\PROGRA~1\AVG\AVG8\avgam.exe
      C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
      C:\PROGRA~1\AVG\AVG8\avgrsx.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
      C:\WINDOWS\system32\svchost.exe
      C:\PROGRA~1\AVG\AVG8\avgemc.exe
      C:\Program Files\AVG\AVG8\avgcsrvx.exe
      C:\PROGRA~1\AVG\AVG8\avgtray.exe
      C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
      C:\Program Files\Unlocker\UnlockerAssistant.exe
      C:\WINDOWS\VMSnap3.EXE
      C:\WINDOWS\Domino.EXE
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\PROGRA~1\AVG\AVG8\avgnsx.exe
      C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Documents and Settings\windows\Belgelerim\Downloads\HiJackThis.exe
      C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: TT Jacker :)
      O1 - Hosts: 195.8.214.141 dailymotion.com
      O1 - Hosts: 195.8.214.142 dailymotion.com
      O1 - Hosts: 195.8.214.140 www.dailymotion.com
      O1 - Hosts: 208.117.236.70 youtube.com
      O1 - Hosts: 208.117.236.70 www.youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
      O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
      O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
      O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
      O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
      O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
      O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
      O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
      O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
      O1 - Hosts: 67.228.223.62 mp3hanesi.com
      O1 - Hosts: 67.228.223.62 mp3hanesi.net
      O1 - Hosts: 67.228.223.62 mp3hanesi.org
      O1 - Hosts: 67.228.223.62 www.mp3hanesi.com
      O1 - Hosts: 67.228.223.62 www.mp3hanesi.net
      O1 - Hosts: 67.228.223.62 www.mp3hanesi.org
      O1 - Hosts: 75.126.2.88 forumtr.com
      O1 - Hosts: 75.126.2.88 www.forumtr.com
      O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
      O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
      O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
      O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
      O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
      O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
      O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
      O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
      O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
      O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
      O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
      O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
      O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
      O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
      O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
      O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
      O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
      O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
      O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
      O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
      O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
      O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
      O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
      O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
      O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
      O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
      O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
      O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
      O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
      O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
      O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
      O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
      O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
      O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
      O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
      O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
      O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
      O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
      O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
      O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
      O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
      O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
      O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
      O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
      O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
      O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
      O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
      O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
      O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
      O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
      O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
      O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
      O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
      O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
      O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
      O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
      O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
      O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
      O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
      O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
      O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
      O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
      O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
      O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
      O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
      O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
      O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
      O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
      O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
      O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
      O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
      O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
      O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
      O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
      O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
      O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
      O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
      O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
      O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [AirTiesWUS-300] C:\Program Files\AirTies\AirTiesWUS-300\WUS300.exe
      O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
      O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8F796048-1029-414F-8702-06F946394F01}: NameServer = 208.67.222.222,208.67.220.220
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
      O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
      O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
      O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
      O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

      --
      End of file - 14619 bytes


      şimdi ne yapmam gerekiyor acaba arkadaşlar ???


      _____________________________

    • Er
      12 Mesaj
      18 Kasım 2009 14:22:26
      Bilgisayarda ne kadar virus varsa taradım ve kaldırdım hepsini fakat virus programıyla taradığımda bulduğu bir hata var ve bu hatayı düzeltmiyor virus programı. Hata şu verdiği network adresi güvenlik açıkları diye bir hata. Bilgisayarımda internet hızım yavaşladı. Ayrıca her gün girdiğim mahkeme kararıyla engellenmemiş siteler var yani herkesin girebildiği fakat bunlara herkes girebilirken ben giremiyorum, açılmıyorlar ve hoparlörlerden şişe kapağı açılırmış gibi bir ses geliyor düzensiz aralıklarla. Yardımlarınız için şimdiden teşekkür ederim.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:11:54, on 18.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\WINDOWS\arservice.exe
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\vVX1000.exe
      C:\Program Files\WebMoney Agent\wmagent.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Registry Clean Expert\RCHelper.exe
      C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
      C:\Program Files\DNA\btdna.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      C:\Program Files\Microsoft LifeCam\MSCamS32.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\System32\svchost.exe
      C:\HP\KBD\KBD.EXE
      c:\windows\system\hpsysdrv.exe
      C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Documents and Settings\HP_Sahibi\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: TBSB03223 - {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
      O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
      O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
      O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
      O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
      O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
      O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
      O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
      O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
      O4 - S-1-5-18 Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe (User 'SYSTEM')
      O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
      O4 - .DEFAULT Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe (User 'Default user')
      O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
      O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
      O4 - Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
      O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
      O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
      O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
      O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Otomatik LiveUpdate Zamanlayıcı (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

      --
      End of file - 10880 bytes



      _____________________________

    • Binbaşı
      1146 Mesaj
      18 Kasım 2009 19:00:04
      Belki bir ihtimal cevap veren olur.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 21:28:22, on 18.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.5730.0013)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\VistaDrive\VistaDrive.exe
      C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
      C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Opera\opera.exe
      C:\DOCUME~1\Home\LOCALS~1\Temp\winrifew.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Documents and Settings\Home\Belgelerim\Downloads\Programs\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
      O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
      O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
      O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O17 - HKLM\System\CCS\Services\Tcpip\..\{56AB6F80-D31A-4D30-8E19-77A00848C9E6}: NameServer = 208.67.222.222 208.67.220.220
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
      O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

      --
      End of file - 5188 bytes



      _____________________________

    • Yarbay
      4883 Mesaj
      18 Kasım 2009 20:00:16
      Bilgisayarı her açışta tanımadığım bir link çalışıyor, ad awer ve nod 32 ile kaldıramadım görünmüyor başlangıç programlarındada yok internet özelliklerindenmi komut alıyor diye baktım oradada yok en sonunda HijackThis yükleyip çalıştırdım çıkan liste bu hangisini fix lemem lağzım yardımlar için teşekkür ederim.
      link: meetlocalpeople.org


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:44:56, on 18.11.2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18828)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Logitech\Gaming Software\LWEMon.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Windows\Samsung\PanelMgr\SSMMgr.exe
      C:\Program Files\QuickTime\QTTask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\ehome\ehtray.exe
      C:\Program Files\Windows Media Player\wmpnscfg.exe
      C:\Program Files\LimeWire\LimeWire.exe
      C:\Windows\ehome\ehmsas.exe
      C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
      C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: TT Jacker 3 :)
      O1 - Hosts: TTNET Kiss Kiss :p
      O1 - Hosts: 208.117.236.71 ru.youtube.com
      O1 - Hosts: 208.117.236.71 fr.youtube.com
      O1 - Hosts: 208.117.236.71 youtube.com
      O1 - Hosts: 208.117.236.71 www.youtube.com
      O1 - Hosts: 208.117.236.71 au.youtube.com
      O1 - Hosts: 208.117.236.71 ca.youtube.com
      O1 - Hosts: 208.117.236.71 m.youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 209.85.165.102 gdata.youtube.com
      O1 - Hosts: 208.117.236.71 ru.youtube.com
      O1 - Hosts: 208.117.236.70 youtube.com
      O1 - Hosts: 208.117.236.70 www.youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
      O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
      O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
      O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
      O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
      O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
      O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
      O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
      O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
      O1 - Hosts: 72.14.205.104 help.youtube.com
      O1 - Hosts: 72.14.205.147 help.youtube.com
      O1 - Hosts: 72.14.205.99 help.youtube.com
      O1 - Hosts: 58.27.3.132 www.sopcast.com
      O1 - Hosts: 58.27.3.132 sopcast.com
      O1 - Hosts: 119.110.96.136 www.sopcast.org
      O1 - Hosts: 119.110.96.136 sopcast.org
      O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
      O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
      O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
      O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
      O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
      O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
      O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
      O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
      O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
      O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
      O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
      O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
      O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
      O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
      O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
      O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
      O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
      O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
      O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
      O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
      O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
      O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
      O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
      O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
      O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
      O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
      O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
      O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
      O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
      O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
      O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
      O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
      O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
      O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
      O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
      O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
      O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
      O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
      O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
      O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
      O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
      O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
      O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
      O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
      O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
      O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
      O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
      O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
      O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
      O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
      O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
      O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
      O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
      O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
      O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
      O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
      O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
      O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
      O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
      O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
      O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
      O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
      O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
      O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
      O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
      O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
      O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
      O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
      O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
      O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
      O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F711CC09-7C42-46FD-9193-E2A76D99E962}: NameServer = 208.67.222.222,208.67.220.220
      O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
      O23 - Service: DFServ - Unknown owner - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (file missing)
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
      O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

      --
      End of file - 12194 bytes



      _____________________________



    • Onbaşı
      16 Mesaj
      18 Kasım 2009 20:52:54
      sayın hocalarım, bilgisyarımda c ve e sürücüleri var, e sürücüsünde fotoğ. müzikler var son zamanlarda ne fotoğraflara bakabiliyorom ne de müzik dinleyebiliyorum, bilgisyar direk donuyor. e sürücüsünü hem avastla hem de not 32 ile taramaya çalışıyorum ama olmuyor belli bir yere gelip o programlar da bilgisyar da donuyor. combofix raporu aşağıda ilgilenirseniz sevinirim. bir de ne yapmam gerektiğini detaylı açıklarsanız sevinirim, biraz acemiyim zorlanıyorum. saygılarımla

      ComboFix 08-08-03.05 - mahmut 2009-11-18 18:46:10.1 - NTFSx86
      Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1254.1.1055.18.1328 [GMT 2:00]
      Running from: C:\Users\mahmut\Desktop\18628-ComboFix.exe
      * Created a new restore point
      .
      - REDUCED FUNCTIONALITY MODE -
      .

      ((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
      .

      No new files created in this timespan

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-18 12:21 --------- d-----w C:\ProgramData\ESET
      2009-11-17 21:01 --------- d-----w C:\Program Files\Alwil Software
      2009-11-12 01:07 --------- d-----w C:\Program Files\Windows Mail
      2009-11-08 01:21 --------- d-----w C:\Program Files\Windows Calendar
      2009-11-03 15:35 268,800 ----a-w C:\Windows\System32\es.dll
      2009-11-03 01:02 2,048 ----a-w C:\Windows\System32\tzres.dll
      2009-11-03 01:00 61,440 ----a-w C:\Windows\System32\winipsec.dll
      2009-11-03 01:00 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
      2009-11-03 01:00 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
      2009-11-03 01:00 272,896 ----a-w C:\Windows\System32\polstore.dll
      2009-11-02 21:06 96,760 ----a-w C:\Windows\System32\dfshim.dll
      2009-11-02 21:06 83,968 ----a-w C:\Windows\System32\mscories.dll
      2009-11-02 21:06 41,984 ----a-w C:\Windows\System32\netfxperf.dll
      2009-11-02 21:06 282,112 ----a-w C:\Windows\System32\mscoree.dll
      2009-11-02 21:06 158,720 ----a-w C:\Windows\System32\mscorier.dll
      2009-11-02 20:36 174 --sha-w C:\Program Files\desktop.ini
      2009-11-02 20:30 --------- d-----w C:\Program Files\Windows Sidebar
      2009-11-02 20:01 95,232 ----a-w C:\Windows\System32\PortableDeviceClassExtension.dll
      2009-11-02 20:01 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll
      2009-11-02 20:01 160,768 ----a-w C:\Windows\System32\PortableDeviceTypes.dll
      2009-11-02 19:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
      2009-11-02 19:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
      2009-11-02 19:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
      2009-11-02 19:56 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
      2009-11-02 19:56 542,720 ----a-w C:\Windows\System32\sysmain.dll
      2009-11-02 19:56 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
      2009-11-02 19:56 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
      2009-11-02 19:56 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
      2009-11-02 19:56 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
      2009-11-02 19:56 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
      2009-11-02 19:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2009-11-02 19:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2009-11-02 19:54 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
      2009-11-02 19:54 502,784 ----a-w C:\Windows\System32\wlansvc.dll
      2009-11-02 19:54 47,104 ----a-w C:\Windows\System32\wlanapi.dll
      2009-11-02 19:54 299,520 ----a-w C:\Windows\System32\wlansec.dll
      2009-11-02 19:54 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
      2009-11-02 19:54 123,904 ----a-w C:\Windows\System32\L2SecHC.dll
      2009-11-02 19:51 72,704 ----a-w C:\Windows\System32\fontsub.dll
      2009-11-02 19:51 34,304 ----a-w C:\Windows\System32\atmlib.dll
      2009-11-02 19:51 289,792 ----a-w C:\Windows\System32\atmfd.dll
      2009-11-02 19:51 24,064 ----a-w C:\Windows\System32\lpk.dll
      2009-11-02 19:51 156,160 ----a-w C:\Windows\System32\t2embed.dll
      2009-11-02 19:51 10,240 ----a-w C:\Windows\System32\dciman32.dll
      2009-11-02 19:50 72,704 ----a-w C:\Windows\System32\secur32.dll
      2009-11-02 19:50 7,680 ----a-w C:\Windows\System32\lsass.exe
      2009-11-02 19:50 408,136 ----a-w C:\Windows\system32\drivers\ksecdd.sys
      2009-11-02 19:50 216,576 ----a-w C:\Windows\System32\msv1_0.dll
      2009-11-02 19:50 175,104 ----a-w C:\Windows\System32\wdigest.dll
      2009-11-02 19:50 1,233,920 ----a-w C:\Windows\System32\lsasrv.dll
      2009-11-02 19:48 98,816 ----a-w C:\Windows\System32\mfps.dll
      2009-11-02 19:48 52,736 ----a-w C:\Windows\System32\rrinstaller.exe
      2009-11-02 19:48 24,576 ----a-w C:\Windows\System32\mfpmp.exe
      2009-11-02 19:48 2,855,424 ----a-w C:\Windows\System32\mf.dll
      2009-11-02 19:48 2,048 ----a-w C:\Windows\System32\mferror.dll
      2009-11-02 19:46 376,832 ----a-w C:\Windows\System32\winhttp.dll
      2009-11-02 19:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2009-11-02 19:41 71,680 ----a-w C:\Windows\System32\atl.dll
      2009-11-02 19:39 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
      2009-11-02 19:39 297,472 ----a-w C:\Windows\System32\gdi32.dll
      2009-11-02 19:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
      2009-11-02 19:35 3,502,152 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2009-11-02 19:35 3,467,864 ----a-w C:\Windows\System32\ntoskrnl.exe
      2009-11-02 19:34 211,456 ----a-w C:\Windows\system32\drivers\mrxsmb10.sys
      2009-11-02 19:33 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
      2009-11-02 19:32 500,736 ----a-w C:\Windows\System32\msdtcprx.dll
      2009-11-02 19:32 30,208 ----a-w C:\Windows\System32\xolehlp.dll
      2009-11-02 19:32 156,160 ----a-w C:\Windows\System32\wkssvc.dll
      2009-11-02 19:31 36,352 ----a-w C:\Windows\System32\tsgqec.dll
      2009-11-02 19:31 116,736 ----a-w C:\Windows\System32\aaclient.dll
      2009-11-02 19:31 1,871,872 ----a-w C:\Windows\System32\mstscax.dll
      2009-11-02 19:30 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
      2009-11-02 19:29 2,048 ----a-w C:\Windows\System32\msxml3r.dll
      2009-11-02 19:29 1,194,496 ----a-w C:\Windows\System32\msxml3.dll
      2009-11-02 19:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
      2009-11-02 19:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll
      2009-11-02 19:27 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
      2009-11-02 19:27 61,952 ----a-w C:\Windows\System32\cmifw.dll
      2009-11-02 19:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
      2009-11-02 19:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
      2009-11-02 19:27 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
      2009-11-02 19:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
      2009-11-02 19:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll
      2009-11-02 19:27 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
      2009-11-02 19:25 428,032 ----a-w C:\Windows\System32\EncDec.dll
      2009-11-02 19:25 292,352 ----a-w C:\Windows\System32\psisdecd.dll
      2009-11-02 19:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2009-11-02 19:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
      2009-11-02 19:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
      2009-11-02 19:22 696,832 ----a-w C:\Windows\System32\localspl.dll
      2009-11-02 19:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
      2009-11-02 19:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
      2009-11-02 19:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
      2009-11-02 19:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
      2009-11-02 19:21 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2009-11-02 19:21 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2009-11-02 19:21 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2009-11-02 19:21 2,923,520 ----a-w C:\Windows\explorer.exe
      2009-11-02 19:21 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
      2009-11-02 19:21 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
      2009-11-02 20:52 458736 --a------ C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:35 413696]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 20:52 39408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:53 894512]
      "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 16:00 571024]
      "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872]
      "MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
      "Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-02 20:52 122368]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 13:56 81000]
      "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
      --a------ 2007-05-22 15:32 538744 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
      --a------ 2007-04-10 16:40 413696 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
      --a------ 2007-01-09 23:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
      --a------ 2007-06-18 09:51 1507328 C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
      --a------ 2006-11-02 14:35 125440 C:\Windows\ehome\ehtray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
      --a------ 2006-12-07 15:49 55416 C:\Program Files\TOSHIBA\TBS\HSON.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
      --a------ 2007-01-12 20:28 431752 C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
      --a------ 2006-11-06 16:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
      --a------ 2007-05-23 14:57 509496 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
      --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
      --a------ 2006-03-22 20:42 438272 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
      --a------ 2007-04-02 11:48 577536 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
      --a------ 2007-05-28 14:39 1826816 C:\Windows\SkyTel.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
      R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2009-09-15 13:55]
      R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 13:55]
      R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 13:55]
      R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 11:36]
      S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
      S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 00:48]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      getPlusHelper REG_MULTI_SZ getPlusHelper

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d86f7a85-c88e-11de-af41-001b3843f3e3}]
      \shell\AutoRun\command - D:\mwfubaob.exe
      \shell\open\Command - D:\mwfubaob.exe

      *Newly Created Service* - COMHOST

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
      "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
      .
      - - - - ORPHANS REMOVED - - - -

      MSConfigStartUp-HWSetup - \HWSetup.exe
      MSConfigStartUp-NDSTray - NDSTray.exe


      .
      ------- Supplementary Scan -------
      .
      R0 -: HKCU-Main,Start Page = hxxp://www.google.com.tr/
      O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} - http://www.webtip.ch/cg...oshiba/tracker_url.pl?TR

      O16 -: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
      C:\Windows\Downloaded Program Files\JaguarEditControl.INF
      C:\Windows\Downloaded Program Files\JaguarEditControl.dll

      O16 -: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
      C:\Windows\Downloaded Program Files\PhotoUploader55.inf
      C:\Windows\System32\unicows.dll
      C:\Windows\Downloaded Program Files\PhotoUploader55.ocx

      O16 -: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      C:\Windows\Downloaded Program Files\gp.inf
      C:\Windows\System32\atl.dll
      C:\Windows\Downloaded Program Files\gp.ocx


      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-18 18:46:48
      Windows 6.0.6000 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      HKCU\Software\Microsoft\Windows\CurrentVersion\Run
      TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????{???8???`????????????

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2009-11-18 18:49:19
      ComboFix-quarantined-files.txt 2009-11-18 16:48:57

      Pre-Run: Sistem, Application için ileti dosyası içinde 0x2379 ileti numarası için ileti metnini bulamıyor.
      Post-Run: 46,679,150,592 bayt boş

      221 --- E O F --- 2009-11-18 14:43:54



      _____________________________

    • Çavuş
      56 Mesaj
      19 Kasım 2009 00:03:54
      evet güzel


      _____________________________

    • Teğmen
      135 Mesaj
      19 Kasım 2009 02:10:54
      Üstad bir de benim loglara bakabilirmisin,bir sorun varmı acaba.Çok tesekkurler...




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 02:05:31, on 19.11.2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Microsoft LifeCam\MSCamS32.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\nvraidservice.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\WINDOWS\vVX3000.exe
      C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
      C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
      C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
      C:\Program Files\Logitech\Gaming Software\LWEMon.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe
      C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
      C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Sony\SonicStage\Omgjbox.exe
      C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\Piaggio\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
      O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
      O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
      O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
      O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
      O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [2F4Yrqatray] "C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe" -tray
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
      O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\international\PhysX_9.09.0814_SystemSoftware.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: HP Akıllı Seçim - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
      O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/c...rl_bin/sysreqlab_nvd.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A57FD8C3-0920-4C47-B729-4DB95997FC28}: NameServer = 4.2.2.5,4.2.2.6
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
      O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
      O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

      --
      End of file - 10163 bytes




      _____________________________

    • Teğmen
      133 Mesaj
      19 Kasım 2009 20:10:15
      Serji senide yoruyoruz ama bide buna bi bakabilirmisin...
      Windows görev yöneticisinde garip şeyler görüyorum(mesela explorer.exe:userini.exe gibi)


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 20:07:00, on 19.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\LEXBCES.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\LEXPPS.EXE
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\WINDOWS\system32\taskmgr.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\taskswitch.exe
      C:\Program Files\AvaFind\AvaFind.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\DAEMON Tools\daemon.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      E:\Yedek D\Prog\serhan program dvd\anti virüs\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
      O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
      O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O4 - Global Startup: AutorunsDisabled
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - AutorunsDisabled - (no file)
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequir...rl_bin/sysreqlab_srl.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft...b_site.cab?1247544337328
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft...b_site.cab?1247544298750
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx1.hotmail.com...loadcontrol/MSNPUpld.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5
      O17 - HKLM\System\CS1\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5
      O17 - HKLM\System\CS2\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
      O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

      --
      End of file - 5998 bytes



      _____________________________

    • Yüzbaşı
      335 Mesaj
      19 Kasım 2009 23:33:33
      Sana zahmet bi benim bilgisayara bakarmısın. YouTube tarzı Steam video yüklemelerinde bir yavaşlık söz konusu. Kullandığım Tarayıcıdan da olabilir. Yardımcı olursan sevinirim.

      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 23:30:24, on 19.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Eset\nod32kui.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\Program Files\Norton Ghost\Agent\VProTray.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
      C:\Program Files\cFosSpeed\cFosSpeed.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\DNA\btdna.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
      C:\Program Files\Pando Networks\Media Booster\PMB.exe
      C:\program files\steam\steam.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\cFosSpeed\spd.exe
      C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
      C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Microsoft LifeCam\MSCamS32.exe
      C:\Program Files\Eset\nod32krn.exe
      C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Microsoft LifeCam\LifeTray.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      D:\Programlar\HijackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
      O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe"
      O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
      O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
      O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S6F.tmp" /EF "HKCU"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
      O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe
      O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251470904984
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{72D8E278-20CF-455E-9CBB-358937289715}: NameServer = 208.67.222.222,208.67.220.220
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
      O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
      O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe
      O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 9877 bytes



      _____________________________

    • Er
      4 Mesaj
      20 Kasım 2009 14:35:59
      Merhaba Kaspersky İnternet Security 8 kullanıyorum.Pc her açılıştan sonra kis tarafından Win32 Agent.amjd saptayıp siliyor.İçeren klasör olarak system32 /drvstore gösteriyor.Ekteki Log dosyasını inceleyebilirmisiniz.Teşekkürler...
      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 15:36:18, on 20.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
      C:\Program Files\Intel\AMT\atchksrv.exe
      C:\WINDOWS\etlisrv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Intel\AMT\LMS.exe
      C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Intel\AMT\UNS.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\Program Files\Intel\AMT\atchk.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\VMSnap3.exe
      C:\WINDOWS\Domino.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
      C:\Program Files\Microsoft ActiveSync\wcescomm.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\PROGRA~1\MICROS~3\rapimgr.exe
      C:\Documents and Settings\term1\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
      C:\WINDOWS\system32\etlitr50.exe
      M:\Tiger2\LENGINE1.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R3 - URLSearchHook: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll
      O1 - Hosts: 193.202.221.20 webserver
      O1 - Hosts: 193.202.221.20 webserver.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.36 ulpa1_boot
      O1 - Hosts: 193.202.221.94 ulpdb ulpvip
      O1 - Hosts: 193.202.221.100 ulpdb_boot
      O1 - Hosts: 193.202.221.101 ulpa1
      O1 - Hosts: 193.202.221.103 ulpa2
      O1 - Hosts: 193.202.221.104 ulpa3
      O1 - Hosts: 193.202.221.105 ulpa4
      O1 - Hosts: 193.202.221.221 ulpa5
      O1 - Hosts: 193.202.221.252 ulpa6
      O1 - Hosts: 193.202.221.93 ulpa7
      O1 - Hosts: 193.202.221.118 ulpa8
      O1 - Hosts: 193.202.221.116 ulpa9
      O1 - Hosts: 193.202.221.119 ulpa10
      O1 - Hosts: 193.202.221.124 ulpa11
      O1 - Hosts: 193.202.221.133 ulpa12
      O1 - Hosts: 194.27.120.6 bogazici
      O1 - Hosts: 194.27.120.7 portland
      O1 - Hosts: 145.55.45.7 cgiu029a.eu.unilever.com
      O1 - Hosts: 145.55.45.7 cgiu029a
      O1 - Hosts: 145.55.68.64 ar1s002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 ar1d002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 ar1q002a.eu.unilever.com
      O1 - Hosts: 145.55.68.65 ab2d002a.eu.unilever.com
      O1 - Hosts: 145.55.64.71 ab2p002a.eu.unilever.com
      O1 - Hosts: 145.55.68.65 ab2q002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 ar1r002a.eu.unilever.com
      O1 - Hosts: 145.55.64.73 ar1p002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 psiu014a.eu.unilever.com
      O1 - Hosts: 152.109.232.234 istsemb20001
      O1 - Hosts: 152.109.232.234 istsemb20001.s2.ms.unilever.com
      O1 - Hosts: 193.202.205.182 univpn
      O1 - Hosts: 193.202.205.182 univpn.ho.u2638.unilever.com
      O1 - Hosts: 193.202.205.182 istsapp20002
      O1 - Hosts: 193.202.205.182 istsapp20002.s2.ms.unilever.com
      O1 - Hosts: 145.17.109.233 istsapp20015
      O1 - Hosts: 145.17.109.233 istsapp20015.s2.ms.unilever.com
      O1 - Hosts: 161.193.116.238 im.unilever.com
      O1 - Hosts: 194.133.173.159 istsapp20009
      O1 - Hosts: 194.133.173.159 istsapp20009.s2.ms.unilever.com
      O1 - Hosts: 193.202.205.177 istsapp20022
      O1 - Hosts: 193.202.205.177 istsapp20022.s2.ms.unilever.com
      O1 - Hosts: 193.202.221.126 unisat
      O1 - Hosts: 193.202.221.126 unisat.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.220 pera
      O1 - Hosts: 193.202.221.220 pera.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.126 istsapp20008
      O1 - Hosts: 193.202.221.126 istsapp20008.s2.ms.unilever.com
      O1 - Hosts: 193.202.221.220 istsapp20004
      O1 - Hosts: 193.202.221.220 istsapp20004.s2.ms.unilever.com
      O1 - Hosts: 193.202.221.20 creditcards
      O1 - Hosts: 193.202.221.20 creditcards.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.31 ist-cmi
      O1 - Hosts: 193.202.221.31 ist-fci
      O1 - Hosts: 193.202.221.31 ist-fusion
      O1 - Hosts: 193.202.221.31 ist-genesis
      O1 - Hosts: 193.202.221.31 ist-hukuk
      O1 - Hosts: 193.202.221.31 ist-imagesolutions
      O1 - Hosts: 193.202.221.31 ist-mc
      O1 - Hosts: 193.202.221.31 ist-merchandising
      O1 - Hosts: 193.202.221.31 ist-npibuying
      O1 - Hosts: 193.202.221.31 ist-sctr
      O1 - Hosts: 193.202.221.31 ist-taxnotes
      O1 - Hosts: 193.202.221.31 ist-teknoport
      O1 - Hosts: 193.202.221.31 ist-ufsportal
      O1 - Hosts: 193.202.221.31 ist-universe
      O1 - Hosts: 193.202.221.31 univert
      O1 - Hosts: 193.202.221.20 uniselweb
      O1 - Hosts: 193.202.221.20 uniselweb.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.102 mevlana
      O1 - Hosts: 193.202.221.20 pmstr
      O1 - Hosts: 193.202.221.20 pmstr.ho.u2638.unilever.com
      O2 - BHO: (no name) - {04DE8C6E-B6BF-405E-ACAB-9877068E35Ad} - C:\WINDOWS\System32\ddeml32.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe
      O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
      O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
      O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
      O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.27_Safari/532.0" -"http://www.miniclip.com/games/masters-of-wrestling/en/master_of_wrestling.dcr"
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
      O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe
      O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
      O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll
      O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
      O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
      O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) - http://pera/Reserved.ReportViewerWebControl.axd?ReportSession=fmyqfxmvoetneu555zwpyj45&ControlID=b7a636084f784c4bbb18811b0a783059&Culture=1055&UICulture=1055&ReportStack=1&OpType=PrintCab
      O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://88.247.223.172:8090/webgis/adapazari/activex/mgaxctrl.cab
      O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
      O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
      O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
      O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe
      O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
      O23 - Service: Google Update Service (gupdate1c9a9624c8f6588) (gupdate1c9a9624c8f6588) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
      O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe
      O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe

      --
      End of file - 14709 bytes

      ComboFix 09-11-19.05 - Term1 20.11.2009 13:35.2.2 - x86 
      Microsoft Windows XP Professional 5.1.2600.3.1254.90.1033.18.2002.1534 [GMT 2:00]
      Running from: c:\documents and settings\term1\My Documents\New Programs\Anti virüs\ComboFix.exe
      AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\LocalService
      .
      ---- Previous Run -------
      .
      c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk
      c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk
      c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk
      c:\documents and settings\term1\Application Data\02000000ff2ed2ed684C.manifest
      c:\documents and settings\term1\Application Data\02000000ff2ed2ed684O.manifest
      c:\documents and settings\term1\Application Data\02000000ff2ed2ed684P.manifest
      c:\documents and settings\term1\Application Data\02000000ff2ed2ed684S.manifest
      c:\program files\Spyware Cease\AutoUpdate.exe
      c:\program files\Spyware Cease\bmgac
      c:\program files\Spyware Cease\dxddd
      c:\program files\Spyware Cease\fp.fpl
      c:\program files\Spyware Cease\hrdb.hrl
      c:\program files\Spyware Cease\idamx
      c:\program files\Spyware Cease\iflee
      c:\program files\Spyware Cease\LSR.lsr
      c:\program files\Spyware Cease\md5.dll
      c:\program files\Spyware Cease\mtools.dll
      c:\program files\Spyware Cease\networkdll.dll
      c:\program files\Spyware Cease\opfile.dll
      c:\program files\Spyware Cease\QAreaDLL.dll
      c:\program files\Spyware Cease\rgp.tmp
      c:\program files\Spyware Cease\RkHitApi.dll
      c:\program files\Spyware Cease\sctools.dll
      c:\program files\Spyware Cease\spkdll.dll
      c:\program files\Spyware Cease\SpywareCease.chm
      c:\program files\Spyware Cease\SpywareCease.exe
      c:\program files\Spyware Cease\SpywareCease.url
      c:\program files\Spyware Cease\tmp5
      c:\program files\Spyware Cease\udefend.dll
      c:\program files\Spyware Cease\unins000.dat
      c:\program files\Spyware Cease\unins000.exe
      c:\program files\Spyware Cease\update\Update.ini
      c:\program files\Spyware Cease\update\uplist.up
      c:\program files\Spyware Cease\update1
      c:\program files\Spyware Cease\update2
      c:\program files\Spyware Cease\update3
      c:\program files\Spyware Cease\ussafe.dll
      c:\program files\Spyware Cease\vf
      c:\program files\Spyware Cease\vsn.lst
      c:\program files\Spyware Cease\wl.swl
      c:\program files\Spyware Cease\xxcum
      c:\program files\Spyware Cease\zlib1.dll
      c:\windows\system32\D3D8THK32.DLL
      c:\windows\system32\drivers\RKHit.sys
      c:\windows\system32\GroupPolicy000.dat
      c:\windows\system32\Ijl11.dll
      c:\windows\system32\LocalService\329.crack.zip
      c:\windows\system32\LocalService\329.crack.zip.kwd
      c:\windows\system32\LocalService\330.keygen.zip
      c:\windows\system32\LocalService\330.keygen.zip.kwd
      c:\windows\system32\LocalService\331.serial.zip
      c:\windows\system32\LocalService\331.serial.zip.kwd
      c:\windows\system32\LocalService\332.setup.zip
      c:\windows\system32\LocalService\332.setup.zip.kwd
      c:\windows\system32\LocalService\333.music.au
      c:\windows\system32\LocalService\333.music.au.kwd
      c:\windows\system32\LocalService\334.music2.au
      c:\windows\system32\LocalService\334.music2.au.kwd
      c:\windows\system32\LocalService\335.music3.au
      c:\windows\system32\LocalService\335.music3.au.kwd
      c:\windows\system32\LocalService\336.music4.au
      c:\windows\system32\LocalService\336.music4.au.kwd

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_RKHIT
      -------\Service_RkHit


      ((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
      .

      2009-11-20 11:35 . 2008-04-13 18:40 96512 -c--a-w- c:\windows\system32\dllcache\atapi.sys
      2009-11-20 11:35 . 2008-04-13 18:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
      2009-11-20 07:28 . 2009-11-20 07:28 187904 ----a-w- c:\windows\system32\ddeml32.dll
      2009-11-19 14:51 . 2009-11-19 14:51 187904 ----a-w- c:\windows\system32\hccoin32.dll
      2009-11-19 14:45 . 2009-11-19 14:45 187904 ----a-w- c:\windows\system32\etmimres32.dll
      2009-11-19 10:40 . 2009-11-19 10:40 187904 ----a-w- c:\windows\system32\dpnwsock32.dll
      2009-11-19 07:35 . 2009-11-19 07:35 187904 ----a-w- c:\windows\system32\dxtmeta232.dll
      2009-11-18 15:10 . 2009-11-18 15:10 187904 ----a-w- c:\windows\system32\drmclien32.dll
      2009-11-18 07:38 . 2009-11-18 07:38 187904 ----a-w- c:\windows\system32\etdsk32.dll
      2009-11-17 09:13 . 2009-11-17 09:13 187904 ----a-w- c:\windows\system32\d3drm32.dll
      2009-11-17 08:51 . 2009-11-18 12:15 -------- d-----w- c:\program files\Loaris Trojan Remover
      2009-11-17 07:59 . 2009-11-17 07:59 187904 ----a-w- c:\windows\system32\esent32.dll
      2009-11-17 07:39 . 2009-11-17 07:39 187904 ----a-w- c:\windows\system32\dot3cfg32.dll
      2009-11-16 09:01 . 2009-11-16 09:01 187904 ----a-w- c:\windows\system32\cryptdlg32.dll
      2009-11-14 07:45 . 2006-09-16 17:44 314368 ----a-w- c:\windows\system32\avisynth.dll
      2009-11-14 07:45 . 2004-05-26 19:37 719872 ----a-w- c:\windows\system32\devil.dll
      2009-11-14 07:45 . 2009-11-14 07:46 -------- d-----w- c:\program files\Video Convert Master
      2009-11-04 07:42 . 2009-11-04 07:42 152576 ----a-w- c:\documents and settings\term1\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
      2009-11-04 07:33 . 2009-11-04 07:34 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Temp
      2009-11-03 14:23 . 2009-11-03 14:23 -------- d-----w- c:\documents and settings\term1\Local Settings\Application Data\IsolatedStorage
      2009-11-03 09:52 . 2009-11-03 09:52 -------- d-----w- c:\windows\system32\wbem\Repository
      2009-11-02 14:47 . 2009-11-14 08:05 -------- d-----w- c:\program files\PDF Password Remover v3.1
      2009-11-02 14:32 . 2009-11-14 08:06 -------- d-----w- c:\program files\ElcomSoft
      2009-11-02 13:37 . 2009-11-02 13:37 -------- d-----w- c:\program files\Your Uninstaller
      2009-10-31 15:14 . 2009-10-31 15:15 1455930 ----a-w- c:\documents and settings\term1\Application Data\Move Networks\MoveMediaPlayerWinSilent_071504000001.exe
      2009-10-31 15:13 . 2009-10-31 15:13 127872 ----a-w- c:\documents and settings\term1\Application Data\Move Networks\uninstall.exe
      2009-10-31 15:13 . 2009-11-02 12:16 -------- d-----w- c:\documents and settings\term1\Application Data\Move Networks
      2009-10-24 11:44 . 2009-10-24 11:44 -------- d-----w- c:\program files\NCT
      2009-10-24 11:43 . 2009-10-24 11:50 -------- d-----w- c:\program files\Text to Speech Maker

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-20 11:25 . 2009-08-25 14:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
      2009-11-20 11:22 . 2009-08-25 14:26 630816 --sha-w- c:\windows\system32\drivers\fidbox2.dat
      2009-11-20 11:22 . 2009-08-25 14:26 3236 --sha-w- c:\windows\system32\drivers\fidbox2.idx
      2009-11-20 11:22 . 2009-08-25 14:26 2569760 --sha-w- c:\windows\system32\drivers\fidbox.dat
      2009-11-20 11:22 . 2009-08-25 14:26 21156 --sha-w- c:\windows\system32\drivers\fidbox.idx
      2009-11-19 14:50 . 2009-04-06 15:06 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
      2009-11-19 14:44 . 2009-10-07 10:29 -------- d-----w- c:\program files\kikin
      2009-11-16 09:01 . 2009-11-16 09:01 0 ----a-w- c:\windows\system32\21.tmp
      2009-11-16 07:38 . 2009-11-16 07:38 0 ----a-w- c:\windows\system32\5.tmp
      2009-11-14 07:45 . 2009-04-25 06:34 -------- d-----w- c:\documents and settings\term1\Application Data\Vso
      2009-11-14 07:45 . 2009-04-25 06:34 81920 ----a-w- c:\documents and settings\term1\Application Data\ezpinst.exe
      2009-11-14 07:45 . 2009-04-25 06:34 81920 ----a-w- c:\documents and settings\term1\Application Data\ezpinst.exe
      2009-11-14 07:45 . 2009-04-25 06:34 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
      2009-11-14 07:45 . 2009-04-25 06:34 47360 ----a-w- c:\documents and settings\term1\Application Data\pcouffin.sys
      2009-11-14 07:45 . 2009-04-25 06:34 47360 ----a-w- c:\documents and settings\term1\Application Data\pcouffin.sys
      2009-11-14 05:10 . 2009-11-14 05:10 0 ----a-w- c:\windows\system32\1AD.tmp
      2009-11-09 07:56 . 2008-11-29 12:24 -------- d-----w- c:\program files\Messenger Plus! Live
      2009-11-04 07:43 . 2008-12-29 11:53 -------- d-----w- c:\program files\Java
      2009-11-04 07:35 . 2009-03-20 13:46 -------- d-----w- c:\program files\Google
      2009-11-02 13:34 . 2009-06-10 08:01 -------- d-----w- c:\program files\Your Uninstaller 2008
      2009-11-02 12:23 . 2008-11-25 07:36 -------- d-----w- c:\program files\Opera
      2009-10-31 15:13 . 2009-06-16 06:35 4183416 ----a-w- c:\documents and settings\term1\Application Data\Move Networks\plugins\npqmp071503000010.dll
      2009-10-22 07:29 . 2008-01-23 14:14 -------- d-----w- c:\program files\Common Files\Adobe
      2009-10-14 13:31 . 2009-08-25 14:27 95259 ----a-w- c:\windows\system32\drivers\klick.dat
      2009-10-14 13:31 . 2009-08-25 14:27 108059 ----a-w- c:\windows\system32\drivers\klin.dat
      2009-10-11 02:17 . 2008-12-29 11:53 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-10-10 15:51 . 2009-10-10 15:51 -------- d-----w- c:\program files\ConvertHelper
      2009-10-07 13:04 . 2009-10-07 10:29 -------- d-----w- c:\documents and settings\term1\Application Data\kikin
      2009-10-07 06:26 . 2009-09-04 14:51 -------- d-----w- c:\program files\Spreng- und Abriss-Simulator
      2009-10-06 15:05 . 2009-10-06 14:49 -------- d-----w- c:\documents and settings\term1\Application Data\LimeWire
      2009-10-06 15:03 . 2009-10-06 15:03 0 ----a-w- c:\windows\system32\BF.tmp
      2009-10-06 14:51 . 2009-10-06 14:51 7680 ----a-w- c:\documents and settings\term1\Application Data\Thinstall\LimeWire PRO 5.3.6\10000001000003i\ipconfig.exe
      2009-10-05 15:08 . 2009-10-05 15:08 -------- d-----w- c:\program files\WatermarkSoftware
      2009-09-30 11:18 . 2009-09-30 11:18 -------- d-----w- c:\program files\Microsoft
      2009-09-25 16:31 . 2009-09-16 09:02 -------- d-----w- c:\program files\Landwirtschafts-Simulator 2009 Demo
      2009-09-25 16:03 . 2009-09-25 16:03 -------- d-----w- c:\documents and settings\term1\Application Data\DAEMON Tools Pro
      2009-09-23 07:10 . 2009-09-23 07:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
      2009-09-23 07:10 . 2009-09-23 07:10 -------- d-----w- c:\documents and settings\term1\Application Data\Office Genuine Advantage
      2009-09-22 14:13 . 2009-03-16 14:09 -------- d-----w- c:\documents and settings\term1\Application Data\Winamp
      2009-09-22 13:52 . 2009-09-22 13:52 -------- d-----w- c:\program files\Aiseesoft Studio
      2009-09-22 13:34 . 2008-12-12 15:39 -------- d-----w- c:\program files\XnView
      2009-09-22 13:26 . 2009-03-18 15:01 -------- d-----w- c:\program files\FlashFXP
      2009-09-22 13:26 . 2009-01-31 13:55 -------- d-----w- c:\program files\GoldWave
      2009-09-22 13:25 . 2009-08-25 13:29 -------- d-----w- c:\program files\Audacity
      2009-09-22 13:23 . 2008-12-22 12:45 -------- d-----w- c:\program files\Image Mender
      2009-09-22 13:17 . 2009-09-22 12:28 -------- d-----w- c:\documents and settings\term1\Application Data\Leawo
      2009-09-22 13:10 . 2009-09-22 12:28 -------- d-----w- c:\program files\Leawo
      2009-09-11 14:18 . 1980-01-01 00:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
      2009-09-04 21:03 . 1980-01-01 00:00 58880 ----a-w- c:\windows\system32\msasn1.dll
      2009-09-04 14:50 . 2009-09-04 14:50 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
      2009-09-04 14:45 . 2009-09-04 14:45 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
      2009-09-03 12:56 . 2009-09-03 12:56 2560 ----a-w- c:\windows\_MSRSTRT.EXE
      2009-08-29 08:08 . 1980-01-01 00:00 916480 ----a-w- c:\windows\system32\wininet.dll
      2009-08-26 08:00 . 1980-01-01 00:00 247326 ----a-w- c:\windows\system32\strmdll.dll
      2009-08-25 14:43 . 2008-01-29 14:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
      2009-08-25 14:43 . 2009-08-25 14:43 109072 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll
      2009-08-25 14:43 . 2009-08-25 14:43 59920 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll
      2009-08-25 14:43 . 2009-08-25 14:43 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
      2009-08-25 14:43 . 2009-08-25 14:43 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
      2009-08-25 14:43 . 2009-08-25 14:43 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
      "{954155f1-68a2-4246-8ba7-3165a4eb213f}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296]

      [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}]

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04DE8C6E-B6BF-405E-ACAB-9877068E35Ad}]
      2009-11-20 07:28 187904 ----a-w- c:\windows\system32\ddeml32.dll

      [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954155f1-68a2-4246-8ba7-3165a4eb213f}]
      2009-11-03 10:38 2166296 ----a-w- c:\program files\TurkeyForum_Yeni\tbTur1.dll

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
      "{954155f1-68a2-4246-8ba7-3165a4eb213f}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296]

      [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}]

      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
      "{954155F1-68A2-4246-8BA7-3165A4EB213F}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296]

      [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072]
      "Google Update"="c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-30 133104]
      "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080]
      "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288]
      "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848]
      "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424]
      "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752]
      "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344]
      "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-01-22 36352]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
      "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-25 208616]
      "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
      "Domino"="c:\windows\Domino.exe" [2006-07-04 49152]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      "LayoutM"="KLayMgr.exe" - c:\windows\KLayMgr.exe [2004-08-26 45056]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
      2004-07-13 20:14 24673 ----a-w- c:\windows\system32\ckpNotify.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001
      "FirewallOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
      "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
      "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
      "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
      "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
      "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

      R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 16:29 33808]
      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.09.2009 16:45 721904]
      R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [12.01.2009 09:30 11264]
      R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [23.01.2008 16:20 17456]
      R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [25.01.2008 08:21 2521880]
      R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [23.01.2008 16:20 670128]
      R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [23.01.2008 16:21 2041904]
      R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 17:02 26640]
      R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 16:06 24592]
      S2 gupdate1c9a9624c8f6588;Google Update Service (gupdate1c9a9624c8f6588);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2009 15:46 133104]
      S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [25.01.2008 08:12 46976]
      S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [23.01.2008 16:21 14924]
      S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25.10.2004 00:04 7796]
      S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [03.10.2009 15:02 480128]
      S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys --> c:\windows\system32\Drivers\usbVM303.sys [?]

      --- Other Services/Drivers In Memory ---

      *NewlyCreated* - CLASSPNP_2
      *Deregistered* - CLASSPNP_2

      [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
      "c:\program files\Common Files\LightScribe\LSRunOnce.exe"
      .
      Contents of the 'Scheduled Tasks' folder

      2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:46]

      2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:46]

      2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1078145449-725345543-1003Core.job
      - c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 11:23]

      2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1078145449-725345543-1003UA.job
      - c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 11:23]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = about:blank
      uInternet Settings,ProxyOverride = local
      IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
      DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
      DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://pera/Reserved.ReportViewerWebControl.axd?ReportSession=fmyqfxmvoetneu555zwpyj45&ControlID=b7a636084f784c4bbb18811b0a783059&Culture=1055&UICulture=1055&ReportStack=1&OpType=PrintCab
      .
      - - - - ORPHANS REMOVED - - - -

      BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll
      HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe
      HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe
      Notify-6cae463d684 - c:\windows\System32\d3d8thk32.dll
      AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe



      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-20 13:38
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvb.sys >>UNKNOWN [0x8A5D0938]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28
      \Driver\ACPI -> ACPI.sys @ 0xb9e66cb8
      \Driver\atapi -> atapi.sys @ 0xb9dfbb40
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
      ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
      ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
      NDIS: -> SendCompleteHandler -> 0x0
      PacketIndicateHandler -> 0x0
      SendHandler -> 0x0
      user & kernel MBR OK
      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      atapi.sys @ 0x0 0x0 bytes

      \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFBB40 atapi.sys
      \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFBB40 atapi.sys
      \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFBB40 atapi.sys
      \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFBB40 atapi.sys
      \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFBB40 atapi.sys
      \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFBB40 atapi.sys
      \Driver\atapi IRP hooks detected !

      **************************************************************************
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_USERS\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Local AppWizard-Generated Applications\S*T*B*L*i*n*k*_*2*.*0*1* *D*ü*z*e*n*l*e*m*e* *v*e* *Ç*e*v*i*r*i*:*T*a*s*a*r*1m*"!\Recent File List]
      "File1"="c:\\Documents and Settings\\term1\\My Documents\\yedek\\My Documents\\next ye 2000 cx s.plus\\PROGRAM\\UserDataBase_12042008_2.UDB"
      "File2"="c:\\Documents and Settings\\term1\\My Documents\\yedek\\My Documents\\next ye 2000 cx s.plus\\PROGRAM\\UserDataBase_12042008_1.UDB"
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'explorer.exe'(3332)
      c:\windows\system32\WININET.dll
      c:\windows\system32\ieframe.dll
      c:\windows\system32\webcheck.dll
      .
      Completion time: 2009-11-20 13:40
      ComboFix-quarantined-files.txt 2009-11-20 11:40

      Pre-Run: 131.032.530.944 bytes free
      Post-Run: 130.987.986.944 bytes free

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

      - - End Of File - - 2FB367F2CEB40F213376AFAA26302212




      < Bu mesaj bu kişi tarafından değiştirildi playup -- 20 Kasım 2009; 15:37:47 >
      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:40:01

      quote:

      Orijinalden alıntı: sato_re

      fixledikten sonra bilgisayarı yeniden başlattım ve az önce fixlediklerimi yeni raporda tekrar çıkardı. ben internete girdiğimde sürekli bir hata oluştu yazısı geliyor ve beni atıyor msnde donuyo ve bağlantı kapatıyor ve bende avg olmadığı halde sildiğim halde avg olduğunu yazıp başka anti virüs yüklemiyor

      ComboFix ile taratin bir de.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:42:16

      quote:

      Orijinalden alıntı: BabyIcey
      Selamlar Serji Bey. Kontrol edebilirmisiniz ?

      Bunlari fixleseniz yeterli.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
      O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe





      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:44:26

      quote:

      Orijinalden alıntı: ozgsata
      ŞİMDİDEN TEŞEKKÜRLER
      NOT:MNS MESSENGER BAĞLANTI YAPILDIKTAN SONRA HEMEN DÜŞÜYORRR

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
      R3 - URLSearchHook: Winamp Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O1 - Hosts: YOUTUBE JACKER Ozkan ATA
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: moneycharger browser enhancer - {F6640E18-7CEF-A8F6-85E8-6B1F633D5A11} - C:\WINDOWS\system32\cbbuuglsbogqy.dll
      O3 - Toolbar: QT Breadcrumbs Address Bar - {af83e43c-dd2b-4787-826b-31b17dee52ed} - mscoree.dll (file missing)
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [nohtvhbswhlyoh] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\cbbuuglsbogqy.dll"
      O4 - HKCU\..\Run: [drvicon] C:\WINDOWS\system32\DrvIcon.exe
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
      O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\herss.exe


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:47:07

      quote:

      Orijinalden alıntı: sancar1992

      kardeşim banada yardımcı olurmusun bi combofix tarama sonucum bu sistem32 deki PnkBstrB exe dosya olduğu konusunda sürekli uyarı alıyorum ne yapmalıyım

      The Avenger adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/avenger.exe

      1. Aşağıda renkli yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.

      Drivers to disable: 
      NTAKRNL

      Drivers to delete:
      NTAKRNL


      2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

      * Load Script altında Paste from Clipboard seçin.
      * Execute butonuna basın.
      * Program soru sorarsa Evet tıklayın.

      3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
      4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
      5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin. [code][/code]

      Malwarebytes Antimalware adlı programı indirin.

      http://www.buraksonmez.com/dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:49:20

      quote:

      Orijinalden alıntı: djinn_inc

      Merhabalar, dediğiniz gibi hijackthisle gerekli satırları fixledim ve combofixle söylediğiniz işlemleri gerçekleştirdim aşağıda combofix logunu gönderiyorum, bu arada gizli dosyaları göstermeme sorunum ortadan kalktı.

      Malwarebytes Antimalware adlı programı indirin.

      http://www.buraksonmez.com/dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


      quote:

      Orijinalden alıntı: hellboy_7
      windows 7 yukledım sorun yok sadece bi bakıver burak ustadım :)

      saygılar

      Bunlar fixlense yeterli. Kolay gelsin.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:51:32

      quote:

      Orijinalden alıntı: ησ¢яу

      Hocam Counter vs. oyunları oynadığımda internette kopmalar oluyor. Sorun programlarla mı ilgili bir bakar mısın?

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/ 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.localstrike.com.ar/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.localstrike.com.ar/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.localstrike.com.ar/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.localstrike.com.ar/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe



      quote:

      Orijinalden alıntı: burak_166

      Hocam benimkinede bakabilirmisiniz

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: s127.0.0.1 localhost
      O1 - Hosts: Youtube Jacker 4 :)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:53:37

      quote:

      Orijinalden alıntı: big_printer
      Acaba ciddi tehlikemi var pc'mde lütfen yardım...

      Hayir bir problem gozukmuyor.



      Alıntıları Göster


      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OGUZHAN
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll



      quote:

      Orijinalden alıntı: darksers

      merhaba,

      bilgisayarımda kendiliğinden silinen programlar ve yavaşlama var. firefox açılmıyor ve virüs taramaları temiz çıkıyor. log dosyalarını inceleyebilirmisiniz acaba.
      şimdiden teşekkürler..

      Evet cok da bir sorun gozukmuyor. MBAM ile taratalim.

      Malwarebytes Antimalware adlı programı indirin.

      http://www.buraksonmez.com/dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:55:47

      quote:

      Orijinalden alıntı: doktorum60

      Merhaba kardeşim bu başlığı ilk kez bugün gördüm indirip proğramı çalıştırdım sonuçlar aşağıda bi bakarmısın fizlenmeyi gerektiren var mı?

      Bunlarin disinda bir sorun yok.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.131.10:3128
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"



      quote:

      Orijinalden alıntı: persona
      şimdi ne yapmam gerekiyor acaba arkadaşlar ???

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: TT Jacker :)
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
      O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 15:58:13

      quote:

      Orijinalden alıntı: sercawres

      Bilgisayarda ne kadar virus varsa taradım ve kaldırdım hepsini fakat virus programıyla taradığımda bulduğu bir hata var ve bu hatayı düzeltmiyor virus programı. Hata şu verdiği network adresi güvenlik açıkları diye bir hata. Bilgisayarımda internet hızım yavaşladı. Ayrıca her gün girdiğim mahkeme kararıyla engellenmemiş siteler var yani herkesin girebildiği fakat bunlara herkes girebilirken ben giremiyorum, açılmıyorlar ve hoparlörlerden şişe kapağı açılırmış gibi bir ses geliyor düzensiz aralıklarla. Yardımlarınız için şimdiden teşekkür ederim.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: TBSB03223 - {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - C:\Program Files\WebMoney ****or\wmadvisor.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: WebMoney ****or - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney ****or\wmadvisor.dll
      O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
      O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: WebMoney ****or - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney ****or\wmadvisor.dll
      O9 - Extra 'Tools' menuitem: WebMoney ****or - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney ****or\wmadvisor.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 16:00:25

      quote:

      Orijinalden alıntı: Lordmaster

      Belki bir ihtimal cevap veren olur.

      Hepsine cevap yaziliyor zaten.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.bearshare.com/ 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h



      quote:

      Orijinalden alıntı: bozcaadalı

      Bilgisayarı her açışta tanımadığım bir link çalışıyor, ad awer ve nod 32 ile kaldıramadım görünmüyor başlangıç programlarındada yok internet özelliklerindenmi komut alıyor diye baktım oradada yok en sonunda HijackThis yükleyip çalıştırdım çıkan liste bu hangisini fix lemem lağzım yardımlar için teşekkür ederim.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: TT Jacker 3 :)
      O1 - Hosts: TTNET Kiss Kiss :p
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 16:02:43

      quote:

      Orijinalden alıntı: mcekinir

      sayın hocalarım, bilgisyarımda c ve e sürücüleri var, e sürücüsünde fotoğ. müzikler var son zamanlarda ne fotoğraflara bakabiliyorom ne de müzik dinleyebiliyorum, bilgisyar direk donuyor. e sürücüsünü hem avastla hem de not 32 ile taramaya çalışıyorum ama olmuyor belli bir yere gelip o programlar da bilgisyar da donuyor. combofix raporu aşağıda ilgilenirseniz sevinirim. bir de ne yapmam gerektiğini detaylı açıklarsanız sevinirim, biraz acemiyim zorlanıyorum. saygılarımla

      Perlovga Removal Tool adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/perlovga.exe

      Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.

      Malwarebytes Antimalware adlı programı indirin.

      http://www.buraksonmez.com/dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.



      quote:

      Orijinalden alıntı: evon610c

      Üstad bir de benim loglara bakabilirmisin,bir sorun varmı acaba.Çok tesekkurler...

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - HKCU\..\Run: [2F4Yrqatray] "C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe" -tray
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 16:04:53

      quote:

      Orijinalden alıntı: byrmlbrbr

      Serji senide yoruyoruz ama bide buna bi bakabilirmisin...
      Windows görev yöneticisinde garip şeyler görüyorum(mesela explorer.exe:userini.exe gibi)

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
      O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
      O4 - Global Startup: AutorunsDisabled
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - AutorunsDisabled - (no file)
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 16:08:37
      quote:

      Orijinalden alıntı: taco_paso_24

      Sana zahmet bi benim bilgisayara bakarmısın. YouTube tarzı Steam video yüklemelerinde bir yavaşlık söz konusu. Kullandığım Tarayıcıdan da olabilir. Yardımcı olursan sevinirim.

      Cok sorun gozukmuyor tarayicidan olabilir. Baska bir tanesiyle deneyin bakalim.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun



      quote:

      Orijinalden alıntı: playup

      Merhaba Kaspersky İnternet Security 8 kullanıyorum.Pc her açılıştan sonra kis tarafından Win32 Agent.amjd saptayıp siliyor.İçeren klasör olarak system32 /drvstore gösteriyor.Ekteki Log dosyasını inceleyebilirmisiniz.Teşekkürler...

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.


      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R3 - URLSearchHook: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll
      O1 - Hosts: 193.202.221.20 webserver
      O1 - Hosts: 193.202.221.20 webserver.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.36 ulpa1_boot
      O1 - Hosts: 193.202.221.94 ulpdb ulpvip
      O1 - Hosts: 193.202.221.100 ulpdb_boot
      O1 - Hosts: 193.202.221.101 ulpa1
      O1 - Hosts: 193.202.221.103 ulpa2
      O1 - Hosts: 193.202.221.104 ulpa3
      O1 - Hosts: 193.202.221.105 ulpa4
      O1 - Hosts: 193.202.221.221 ulpa5
      O1 - Hosts: 193.202.221.252 ulpa6
      O1 - Hosts: 193.202.221.93 ulpa7
      O1 - Hosts: 193.202.221.118 ulpa8
      O1 - Hosts: 193.202.221.116 ulpa9
      O1 - Hosts: 193.202.221.119 ulpa10
      O1 - Hosts: 193.202.221.124 ulpa11
      O1 - Hosts: 193.202.221.133 ulpa12
      O1 - Hosts: 194.27.120.6 bogazici
      O1 - Hosts: 194.27.120.7 portland
      O1 - Hosts: 145.55.45.7 cgiu029a.eu.unilever.com
      O1 - Hosts: 145.55.45.7 cgiu029a
      O1 - Hosts: 145.55.68.64 ar1s002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 ar1d002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 ar1q002a.eu.unilever.com
      O1 - Hosts: 145.55.68.65 ab2d002a.eu.unilever.com
      O1 - Hosts: 145.55.64.71 ab2p002a.eu.unilever.com
      O1 - Hosts: 145.55.68.65 ab2q002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 ar1r002a.eu.unilever.com
      O1 - Hosts: 145.55.64.73 ar1p002a.eu.unilever.com
      O1 - Hosts: 145.55.68.64 psiu014a.eu.unilever.com
      O1 - Hosts: 152.109.232.234 istsemb20001
      O1 - Hosts: 152.109.232.234 istsemb20001.s2.ms.unilever.com
      O1 - Hosts: 193.202.205.182 univpn
      O1 - Hosts: 193.202.205.182 univpn.ho.u2638.unilever.com
      O1 - Hosts: 193.202.205.182 istsapp20002
      O1 - Hosts: 193.202.205.182 istsapp20002.s2.ms.unilever.com
      O1 - Hosts: 145.17.109.233 istsapp20015
      O1 - Hosts: 145.17.109.233 istsapp20015.s2.ms.unilever.com
      O1 - Hosts: 161.193.116.238 im.unilever.com
      O1 - Hosts: 194.133.173.159 istsapp20009
      O1 - Hosts: 194.133.173.159 istsapp20009.s2.ms.unilever.com
      O1 - Hosts: 193.202.205.177 istsapp20022
      O1 - Hosts: 193.202.205.177 istsapp20022.s2.ms.unilever.com
      O1 - Hosts: 193.202.221.126 unisat
      O1 - Hosts: 193.202.221.126 unisat.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.220 pera
      O1 - Hosts: 193.202.221.220 pera.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.126 istsapp20008
      O1 - Hosts: 193.202.221.126 istsapp20008.s2.ms.unilever.com
      O1 - Hosts: 193.202.221.220 istsapp20004
      O1 - Hosts: 193.202.221.220 istsapp20004.s2.ms.unilever.com
      O1 - Hosts: 193.202.221.20 creditcards
      O1 - Hosts: 193.202.221.20 creditcards.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.31 ist-cmi
      O1 - Hosts: 193.202.221.31 ist-fci
      O1 - Hosts: 193.202.221.31 ist-fusion
      O1 - Hosts: 193.202.221.31 ist-genesis
      O1 - Hosts: 193.202.221.31 ist-hukuk
      O1 - Hosts: 193.202.221.31 ist-imagesolutions
      O1 - Hosts: 193.202.221.31 ist-mc
      O1 - Hosts: 193.202.221.31 ist-merchandising
      O1 - Hosts: 193.202.221.31 ist-npibuying
      O1 - Hosts: 193.202.221.31 ist-sctr
      O1 - Hosts: 193.202.221.31 ist-taxnotes
      O1 - Hosts: 193.202.221.31 ist-teknoport
      O1 - Hosts: 193.202.221.31 ist-ufsportal
      O1 - Hosts: 193.202.221.31 ist-universe
      O1 - Hosts: 193.202.221.31 univert
      O1 - Hosts: 193.202.221.20 uniselweb
      O1 - Hosts: 193.202.221.20 uniselweb.ho.u2638.unilever.com
      O1 - Hosts: 193.202.221.102 mevlana
      O1 - Hosts: 193.202.221.20 pmstr
      O1 - Hosts: 193.202.221.20 pmstr.ho.u2638.unilever.com
      O2 - BHO: (no name) - {04DE8C6E-B6BF-405E-ACAB-9877068E35Ad} - C:\WINDOWS\System32\ddeml32.dll
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll
      O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing)
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


      < Bu mesaj bu kişi tarafından değiştirildi serji -- 20 Kasım 2009; 16:09:24 >
      _____________________________

    • Yarbay
      6281 Mesaj
      20 Kasım 2009 20:52:13
      Üstad bu yaptıgın yardım sayesinde, internette bir sayfa girdiğim zaman, gidip onu icq.search ten bulup bana sonuç göstermesi sorununu çözermiyiz? öyle görünüyor. Muhteşem bir hizmet veriyorsunuz üstad. Şimdi yaptıgım taramada tonla Youtube jacker hostları çıktı. Program ekle kaldırdan jacker i kaldırınca o hostlar gitti. burada kalabalık olmasın dedim. Son durum şu şekilde üstad. ICQ.search illetinden kurtulmak istiyorum

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:50:01, on 20.11.2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v8.00 (8.00.6001.18828)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\System32\rundll32.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAB8SWK.EXE
      C:\Users\Serhan\AppData\Local\Temp\RtkBtMnt.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\ICQ6.5\ICQ.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\EDGE\EDGE MODEM\EdgeMdm.exe
      C:\Windows\explorer.exe
      C:\Users\Serhan\Desktop\HiJackThis.exe
      C:\Windows\system32\DllHost.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [Skytel] Skytel.exe
      O4 - HKLM\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [CNAP2 Launcher] C:\Windows\system32\spool\DRIVERS\W32X86\3\CNAP2LAK.EXE
      O4 - Global Startup: Bluetooth.lnk = ?
      O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
      O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
      O13 - Gopher Prefix:
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{15F85B61-968C-4EAB-9583-5AE116AAF6B2}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B1A4179D-D4CF-462E-AB04-8AADE456E515}: NameServer = 10.192.17.1 197.40.1.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{15F85B61-968C-4EAB-9583-5AE116AAF6B2}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CS2\Services\Tcpip\..\{15F85B61-968C-4EAB-9583-5AE116AAF6B2}: NameServer = 208.67.222.222,208.67.220.220
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Google Güncelleme Hizmeti (gupdate1ca0ac2ca0cf21c) (gupdate1ca0ac2ca0cf21c) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
      O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe

      --
      End of file - 8812 bytes


      Eline Sağlık




      _____________________________

      Serhan UYGUR
      Dunya'yi Geziyorum - Beni Takip edin :)) Sosyal medyalarda: dunyanineglencesi
      Tek Aşk BEŞİKTAŞK
    • Emekli Yönetici
      8906 Mesaj
      20 Kasım 2009 22:18:02

      quote:

      Orijinalden alıntı: serhanuygur

      Üstad bu yaptıgın yardım sayesinde, internette bir sayfa girdiğim zaman, gidip onu icq.search ten bulup bana sonuç göstermesi sorununu çözermiyiz? öyle görünüyor. Muhteşem bir hizmet veriyorsunuz üstad. Şimdi yaptıgım taramada tonla Youtube jacker hostları çıktı. Program ekle kaldırdan jacker i kaldırınca o hostlar gitti. burada kalabalık olmasın dedim. Son durum şu şekilde üstad. ICQ.search illetinden kurtulmak istiyorum
      Eline Sağlık

      Bunlari fixlesen yeterli.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - - (no file)
      O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
      O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe



      _____________________________

    • Er
      2 Mesaj
      20 Kasım 2009 23:54:55
      merhaba benim pc bikaç gündür kendi kendine internetten veri alışverişi yapıyor.. hatta şuanda bile bişeyler upload-download edip duruyor.. bu sorunu nasıl halledebiliriz?

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:35:21, on 11/20/2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20772)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\a-squared Free\a2service.exe
      C:\Program Files\DU Meter\DUMeterSvc.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\V0330Mon.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\RocketDock\RocketDock.exe
      C:\Program Files\Turkcell Connect\Turkcell Connect.exe
      C:\Program Files\DU Meter\DUMeter.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\MSN Messenger\usnsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
      O4 - HKCU\..\Run: [Mobile Partner] "C:\Program Files\Turkcell Connect\Turkcell Connect.exe"
      O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [aero_cursor_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Cursors\Aero Cursors\aero_cursor_register.inf (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [aero_cursor_register.inf] rundll32.exe setupapi.dll,InstallHinfSection DefaultInstall 128 C:\WINDOWS\Cursors\Aero Cursors\aero_cursor_register.inf (User 'Default user')
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.m...nt/tr/uno1/GAME_UNO1.cab
      O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook....ebookPhotoUploader55.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...atsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{9A9919E5-1CFB-4785-B926-CB06000F0E86}: NameServer = 86.108.130.111 86.108.130.112
      O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe (file missing)
      O23 - Service: Avira Upgrade Service (AntiVirUpgradeService) - Unknown owner - C:\DOCUME~1\Cevahir\LOCALS~1\Temp\AVSETUP_4a841b0c\basic\avupgsvc.exe (file missing)
      O23 - Service: Cisvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
      O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

      --
      End of file - 6675 bytes

      teşekkürler..


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      21 Kasım 2009 11:53:53

      quote:

      Orijinalden alıntı: cvhrthrgl

      merhaba benim pc bikaç gündür kendi kendine internetten veri alışverişi yapıyor.. hatta şuanda bile bişeyler upload-download edip duruyor.. bu sorunu nasıl halledebiliriz?
      teşekkürler..

      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll 
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [V0330Mon.exe] C:\WINDOWS\V0330Mon.exe


      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Yüzbaşı
      564 Mesaj
      21 Kasım 2009 15:10:21

      quote:

      Orijinalden alıntı: serji



      Alıntıları Göster


      Bunlarin disinda bir sorun yok.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.131.10:3128
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"



      sağol üstat...


      _____________________________

      OYUN VEYA İTEM SATTIĞIM ÜYELER
      Drmel , Hawk-Claw , Markus Schulz , arasmustafaoglu , grkcm , Takumi , cikitare , black37 , Keanexx , Cr!M!N4L , Frobisher , Bu bir kullanıcı adı , MyReSPeT , lp.papercut , Winston Blue , Yaşayan Canlı , quarters , Degisik Kahya , Dark_Stone_TR , roebenewa , berkke , Gargemelus , yusufahmet16 , dr.halil , TR_LegendOfWar , slckssmz , Grain35 , slajer, Yggdrasil , dunklerpaladin , Kael_ , Blasted35, demirkaanersin , capcup74 , Arthionnn , SchwarzMoto , xVengeance , capcup74 , Leeroy Genghis , mustafa982 , fat33 , DoDoking , anorexia , Crashlone , Psicolog , QarekTyphon , AurumLuna , hsnpyn11111 , Gold D. Roger , Mckenziee , Markus Schulz , Ŀeoп , judge1986 , GuitarxtanbuL , Leeroy Genghis , Kronoss2510 , ExMilitary , Jellal Fernandes , Unshaken Darkness , GuitarxtanbuL , John Constantine

      Dr_nike_kaddafi
    • Er
      2 Mesaj
      21 Kasım 2009 18:56:49
      combofix.txt dosyam bu şekilde..

      ComboFix 09-11-20.02 - Cevahir 11/21/2009 18:29.8.2 - x86
      Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.503.126 [GMT 2:00]
      Running from: c:\documents and settings\Cevahir\Desktop\ComboFix.exe
      AV: Avira AntiVir PersonalEdition Classic *On-access scanning disabled* (Outdated) {00000000-0000-0000-0000-000000000000}
      AV: ESET NOD32 Antivirus 4.0 *On-access scanning disabled* (Outdated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      c:\windows\system32\drivers\pciide.sys

      Infected copy of c:\windows\system32\drivers\ndis.sys was found and disinfected
      Restored copy from - c:\system volume information\_restore{E46C5B83-89F9-4164-BBBA-F6D3683A480B}\RP138\A0155108.sys
      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_TCPSR
      -------\Service_tcpsr


      ((((((((((((((((((((((((( Files Created from 2009-10-21 to 2009-11-21 )))))))))))))))))))))))))))))))
      .

      2009-11-21 16:29 . 2008-04-13 08:40 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
      2009-11-21 16:29 . 2008-04-13 08:40 96512 ----a-w- c:\windows\system32\dllcache\atapi.sys
      2009-11-21 13:02 . 2009-11-21 13:02 -------- d-----w- c:\documents and settings\Cevahir\Application Data\ICQ
      2009-11-21 12:16 . 2009-11-21 12:16 -------- d-----r- c:\documents and settings\LocalService\Sık Kullanılanlar
      2009-11-21 12:08 . 2009-11-21 12:08 -------- d-----w- c:\documents and settings\Cevahir\Application Data\Locktime
      2009-11-21 12:06 . 2009-11-21 12:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Locktime
      2009-11-20 20:04 . 2009-11-20 20:04 -------- d-----w- c:\program files\Trend Micro
      2009-11-20 16:54 . 2009-11-21 11:47 -------- d-----w- c:\program files\a-squared Free
      2009-11-01 13:16 . 2009-11-20 19:11 -------- d--h--w- c:\windows\system32\578C88
      2009-11-01 13:16 . 2009-11-20 19:11 -------- d--h--w- c:\windows\system32\3A734D
      2009-11-01 13:16 . 2009-11-05 20:18 -------- d--h--w- c:\windows\system32\1073F9
      2009-11-01 13:16 . 2009-11-01 13:16 -------- d--h--w- c:\windows\system32\8CB91C
      2009-10-28 16:37 . 2009-11-20 19:12 -------- d-----w- C:\TurkLive
      2009-10-25 17:45 . 2009-10-25 17:45 -------- d-----w- c:\program files\Windows Live SkyDrive

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-21 16:39 . 2008-12-24 22:38 -------- d-----w- c:\documents and settings\Cevahir\Application Data\DMCache
      2009-11-21 15:46 . 2008-11-16 16:07 -------- d-----w- c:\documents and settings\Admin\Application Data\DMCache
      2009-11-21 15:07 . 2009-09-15 23:14 -------- d-----w- c:\program files\MSN Messenger
      2009-11-21 11:45 . 2009-08-22 15:55 -------- d-----w- c:\program files\MercaN Online Istanbul v2.0
      2009-11-21 11:44 . 2009-08-06 14:40 -------- d-----w- c:\program files\Google
      2009-11-20 20:24 . 2008-11-24 10:50 -------- d-----w- c:\program files\Common Files\InstallShield
      2009-11-20 19:12 . 2009-08-08 09:42 -------- d-----w- c:\program files\Türkçe mIRC 6.32
      2009-11-20 19:11 . 2009-06-20 14:33 -------- d-----w- c:\program files\Quake III Arena
      2009-11-19 20:56 . 2009-11-19 20:56 -------- d-----w- c:\program files\DVDVideoSoft
      2009-11-19 20:56 . 2009-11-19 20:56 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
      2009-11-19 20:56 . 2009-11-19 18:28 -------- d-----w- c:\program files\Common Files\DVDVideoSoft(2)
      2009-11-19 20:39 . 2008-04-14 06:00 976384 ----a-w- c:\windows\explorer(2).exe
      2009-11-19 19:52 . 2008-04-13 09:20 212224 ----a-w- c:\windows\system32\drivers\ndis.sys
      2009-11-19 18:28 . 2009-11-19 18:28 -------- d-----w- c:\program files\DVDVideoSoft(2)
      2009-11-19 18:22 . 2008-04-14 06:00 976384 ----a-w- c:\windows\explorer(3).exe
      2009-11-17 20:58 . 2008-04-14 06:00 976384 ----a-w- c:\windows\explorer.exe
      2009-11-14 17:12 . 2009-11-14 17:07 -------- d-----w- c:\program files\YouTube Video Downloader
      2009-11-12 22:05 . 2008-10-27 15:43 -------- d-----w- c:\program files\K-Lite Codec Pack
      2009-11-09 18:00 . 2009-08-27 02:58 85504 ----a-w- c:\windows\system32\ff_vfw.dll
      2009-11-05 22:08 . 2009-08-07 09:59 -------- d-----w- c:\documents and settings\Admin\Application Data\LimeWire
      2009-11-04 21:50 . 2009-06-05 09:17 0 ----a-w- c:\windows\Infob.dat
      2009-11-04 21:50 . 2009-06-05 09:17 0 ----a-w- c:\windows\Infoa.dat
      2009-11-01 21:55 . 2009-08-15 13:15 7680 ----a-r- c:\documents and settings\Cevahir\Application Data\Microsoft\Installer\{0172A372-339F-481D-9CF3-E6B5829AED36}\VSWBA8A_0172A372.exe
      2009-11-01 21:55 . 2009-08-15 13:15 5120 ----a-r- c:\documents and settings\Cevahir\Application Data\Microsoft\Installer\{0172A372-339F-481D-9CF3-E6B5829AED36}\VSWBA76_0172A372.exe
      2009-11-01 21:55 . 2009-08-15 13:15 36864 ----a-r- c:\documents and settings\Cevahir\Application Data\Microsoft\Installer\{0172A372-339F-481D-9CF3-E6B5829AED36}\VSWB9CC_0172A372.exe
      2009-11-01 21:55 . 2009-08-15 13:15 17408 ----a-r- c:\documents and settings\Cevahir\Application Data\Microsoft\Installer\{0172A372-339F-481D-9CF3-E6B5829AED36}\VSWB9A4_0172A372.exe
      2009-11-01 16:45 . 2008-11-27 20:59 128 ----a-w- c:\windows\MEDUK20.DAT
      2009-10-29 08:30 . 2001-11-22 13:00 65850 ----a-w- c:\windows\system32\perfc01F.dat
      2009-10-29 08:30 . 2001-11-22 13:00 375864 ----a-w- c:\windows\system32\perfh01F.dat
      2009-10-28 00:07 . 2009-06-04 12:06 -------- d-----w- c:\program files\Total Video Converter
      2009-10-21 17:25 . 2009-10-18 15:15 -------- d-----w- c:\program files\Internet Download Manager
      2009-10-20 19:07 . 2009-10-20 19:07 -------- d-----w- c:\documents and settings\Cevahir\Application Data\avidemux
      2009-10-20 18:32 . 2009-10-18 15:15 -------- d-----w- c:\documents and settings\Cevahir\Application Data\IDM
      2009-10-19 17:26 . 2009-09-09 22:04 -------- d-----w- c:\documents and settings\Cevahir\Application Data\LimeWire
      2009-10-18 21:23 . 2008-12-27 16:00 -------- d-----w- c:\program files\Sony Ericsson
      2009-10-18 15:16 . 2009-10-18 15:16 198064 ----a-w- c:\documents and settings\Cevahir\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
      2009-09-28 16:50 . 2008-10-29 11:03 -------- d--h--w- c:\program files\InstallShield Installation Information
      2009-09-28 16:46 . 2009-09-28 16:46 -------- d-----w- c:\program files\Macmillan Dictionaries
      2009-09-19 22:57 . 2009-09-19 22:57 198064 ----a-w- c:\documents and settings\Admin\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
      2009-09-19 22:57 . 2009-09-19 22:57 3095008 ----a-w- c:\documents and settings\Admin\Application Data\IDM\idmupdt.exe
      2009-09-16 09:57 . 2008-12-21 13:08 64512 ----a-w- c:\documents and settings\Cevahir\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-15 21:47 . 2008-11-08 10:40 64512 ----a-w- c:\documents and settings\Admin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
      2009-09-09 22:04 . 2009-09-09 22:04 8192 ----a-w- c:\documents and settings\Cevahir\Application Data\LimeWire\browser\xulrunner\AccessibleMarshal.dll
      2009-09-09 22:04 . 2009-09-09 22:04 20480 ----a-w- c:\documents and settings\Cevahir\Application Data\LimeWire\browser\xulrunner\IA2Marshal.dll
      2009-09-09 10:43 . 2009-09-16 12:26 210352 ----a-w- c:\windows\system32\idmmbc.dll
      2009-08-31 15:47 . 2008-10-27 17:19 98304 ----a-w- c:\windows\DUMP64a5.tmp
      2009-08-27 03:34 . 2009-08-27 03:34 51572 ---ha-w- c:\windows\system32\mlfcache.dat
      2009-08-27 02:59 . 2009-08-27 02:59 823296 ----a-w- c:\windows\system32\ppsynthesis.dll
      .

      ------- Sigcheck -------


      [-] 2009-11-19 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys
      [-] 2009-11-19 . 1DF7F42665C94B825322FAE71721130D . 212224 . . [5.1.2600.5512] . . c:\windows\system32\dllcache\ndis.sys

      [-] 2008-05-12 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys


      [-] 2008-03-01 . FBBA0A417511A8DFAC0C91A695AE8238 . 818176 . . [7.00.6000.20772] . . c:\windows\system32\wininet.dll

      [-] 2009-11-17 . BDF500F38016C7E1DD490E00DA28CD30 . 976384 . . [6.00.2900.5512] . . c:\windows\explorer.exe


      [-] 2008-05-12 06:37 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll

      c:\windows\system32\drivers\beep.sys ... is missing !!
      c:\windows\system32\wuauclt.exe ... is missing !!
      c:\windows\system32\regsvc.dll ... is missing !!
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
      "Mobile Partner"="c:\program files\Turkcell Connect\Turkcell Connect.exe" [2009-06-05 114688]
      "DU Meter"="c:\program files\DU Meter\DUMeter.exe" [2008-06-10 2645528]
      "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-10-18 3118512]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "V0330Mon.exe"="c:\windows\V0330Mon.exe" [2007-04-29 32768]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-05-14 2029640]
      "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-11-14 16270848]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "RocketDock"="c:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "aero_cursor_register.inf"="setupapi.dll" - c:\windows\system32\setupapi.dll [2008-04-14 988160]
      "nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "ForceClassicControlPanel"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      "NoSMMyPictures"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      "NoStrCmpLogical"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      "NoSMMyPictures"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoStrCmpLogical"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "c:\\Program Files\\LimeWire\\LimeWire.exe"=
      "c:\\KELEBEK\\mirc.exe"=
      "c:\\WINDOWS\\system32\\sessmgr.exe"=
      "c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "c:\\Program Files\\MSN Messenger\\livecall.exe"=

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
      "4617:TCP"= 4617:TCP:*:Disabled:djntlrnj

      R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/27/2008 17:38 717296]
      R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [5/14/2009 14:47 107256]
      R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [5/14/2009 14:49 94360]
      R2 DUMeterSvc;DU Meter Service;c:\program files\DU Meter\DUMeterSvc.exe [9/8/2009 15:26 1386008]
      R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [5/14/2009 14:47 731840]
      R3 V0330VID;WebCam Vista/Live! Cam Chat;c:\windows\system32\drivers\V0330Vid.sys [8/6/2009 23:40 157696]
      S2 AntiVirUpgradeService;Avira Upgrade Service;"c:\docume~1\Cevahir\LOCALS~1\Temp\AVSETUP_4a841b0c\basic\avupgsvc.exe" /TEMPSTART:""c:\docume~1\Cevahir\LOCALS~1\Temp\AVSETUP_4a841b0c\basic\setup.exe" /NOTEMPCLEANUP /CROSSUPGRADE" --> c:\docume~1\Cevahir\LOCALS~1\Temp\AVSETUP_4a841b0c\basic\avupgsvc.exe [?]
      S2 E2ECAP;e2eCap - WDM Video Capture;c:\windows\system32\drivers\e2eCap.sys [8/8/2009 15:22 126208]
      S2 zcolppw;Driver Helper;c:\windows\system32\svchost.exe -k netsvcs [4/14/2008 08:00 14336]
      S3 gggen;Generic USB Flash Driver;c:\windows\system32\drivers\gggen.sys [8/11/2009 20:48 11648]
      S4 UPnPService;UPnPService;c:\program files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [12/20/2008 22:24 544768]

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      zcolppw
      .
      Contents of the 'Scheduled Tasks' folder

      2009-10-28 c:\windows\Tasks\malmısın.job
      - c:\kelebek\OyunLar\ABCD.EXE [2009-08-08 12:58]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com.tr/
      IE: Bütün linkleri IDM ile indir - c:\program files\Internet Download Manager\IEGetAll.htm
      IE: FLV video içeriğini IDM ile indir - c:\program files\Internet Download Manager\IEGetVL.htm
      IE: IDM ile indir - c:\program files\Internet Download Manager\IEExt.htm
      IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      TCP: {9A9919E5-1CFB-4785-B926-CB06000F0E86} = 86.108.130.111 86.108.130.112
      Handler: ic32pp - {BBCA9F81-8F4F-11D2-90FF-0080C83D3571} - c:\windows\wc98pp.dll
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-21 18:40
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...


      c:\windows\explorer(2).exe:userini.exe 44544 bytes executable
      c:\windows\explorer(3).exe:userini.exe 44544 bytes executable

      scan completed successfully
      hidden files: 2

      **************************************************************************

      Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

      device: opened successfully
      user: MBR read successfully
      called modules: ntkrnlpa.exe >>UNKNOWN [0x82D2F500]<<
      kernel: MBR read successfully
      detected MBR rootkit hooks:
      \Driver\Disk -> CLASSPNP.SYS @ 0xf854ef28
      \Driver\ACPI -> ACPI.sys @ 0xf82d9cb8
      \Driver\atapi -> atapi.sys @ 0xf826eb40
      IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
      ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
      \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8
      ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
      NDIS: -> SendCompleteHandler -> 0x0
      PacketIndicateHandler -> 0x0
      SendHandler -> 0x0
      user & kernel MBR OK

      **************************************************************************

      [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\DUMeterSvc]
      "ImagePath"="c:\program files\DU Meter\DUMeterSvc.exe /startedbyscm:E1F6D4BE-40E33354-DUMeterService"

      [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\zcolppw]
      "ServiceDll"="c:\windows\system32\okajs.dll"
      .
      --------------------- LOCKED REGISTRY KEYS ---------------------

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):a1,a3,3d,97,3c,75,7f,0e,28,aa,c4,5a,a1,2a,a3,50,44,2b,d2,22,84,
      43,4a,65,4c,67,e1,5d,11,b3,a1,ad,59,a5,a6,ab,06,32,ce,31,00,00,00,00,00,00,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{758851e6-4b41-4600-92a0-fbee352b4fb8}]
      @Denied: (Full) (Everyone)
      "Model"=dword:00000122
      "Therad"=dword:0000001e
      "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
      38,95,44,ab,9e,50,1b,eb,77,d1,ab,b8,63,80,6e,b2,62,2e,7d,83,e0,8b,c5,07,bb,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
      @Denied: (Full) (Everyone)
      "scansk"=hex(0):aa,4e,61,37,a7,a6,1b,7f,63,cd,1e,f3,70,70,5e,0b,1e,9c,be,b5,b8,
      9a,12,83,23,09,a1,87,0c,bd,3c,af,ef,9a,a2,5a,60,31,53,51,00,00,00,00,00,00,\

      [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{a72d3442-13cc-4f05-a76e-17656ec1dcc1}]
      @Denied: (Full) (Everyone)
      "Model"=dword:000000b4
      "Therad"=dword:00000019
      "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
      df,1c,2f,27,85,0d,4c,f7,1b,0f,39,4a,38,bc,37,a8,b1,87,48,c3,4f,7d,c6,0c,45,\
      .
      --------------------- DLLs Loaded Under Running Processes ---------------------

      - - - - - - - > 'explorer.exe'(3488)
      c:\program files\RocketDock\RocketDock.dll
      c:\program files\Windows Media Player\wmpband.dll
      c:\windows\system32\ntshrui.dll
      c:\program files\Internet Download Manager\idmmkb.dll
      c:\windows\system32\msi.dll
      c:\windows\system32\wpdshserviceobj.dll
      c:\windows\system32\portabledevicetypes.dll
      c:\windows\system32\portabledeviceapi.dll
      c:\windows\system32\credui.dll
      .
      ------------------------ Other Running Processes ------------------------
      .
      c:\program files\a-squared Free\a2service.exe
      c:\program files\Java\jre6\bin\jqs.exe
      c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      c:\windows\system32\wbem\wmiapsrv.exe
      c:\program files\Internet Download Manager\IEMonitor.exe
      .
      **************************************************************************
      .
      Completion time: 2009-11-21 18:43 - machine was rebooted
      ComboFix-quarantined-files.txt 2009-11-21 16:43

      Pre-Run: 82,498,236,416 bayt boş
      Post-Run: 82,507,767,808 bayt boş

      WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
      [boot loader]
      timeout=2
      default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
      [operating systems]
      c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
      multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

      - - End Of File - - 3262842C89BCAA839E660F2435ADB8D6



      _____________________________

    • Yarbay
      4883 Mesaj
      22 Kasım 2009 11:11:02
      quote:



      Orjinalden alıntı:serji


      Orijinalden alıntı: bozcaadalı

      Bilgisayarı her açışta tanımadığım bir link çalışıyor, ad awer ve nod 32 ile kaldıramadım görünmüyor başlangıç programlarındada yok internet özelliklerindenmi komut alıyor diye baktım oradada yok en sonunda HijackThis yükleyip çalıştırdım çıkan liste bu hangisini fix lemem lağzım yardımlar için teşekkür ederim.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: TT Jacker 3 :)
      O1 - Hosts: TTNET Kiss Kiss :p
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.



      İlgilendiğin için teşekkür ederim. İstediğin TXT 'yi gönderiyorum.



      ComboFix 09-11-21.01 - Gürhan 22.11.2009 10:35.5.2 - x86
      Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1254.90.1055.18.2046.1186 [GMT 2:00]
      Running from: c:\users\Gürhan\Desktop\ComboFix.exe
      SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
      .

      ((((((((((((((((((((((((( Files Created from 2009-10-22 to 2009-11-22 )))))))))))))))))))))))))))))))
      .

      2009-11-22 08:44 . 2009-11-22 08:44 -------- d-----w- c:\users\Public\AppData\Local\temp
      2009-11-22 08:44 . 2009-11-22 08:44 -------- d-----w- c:\users\Elif\AppData\Local\temp
      2009-11-22 08:44 . 2009-11-22 08:44 -------- d-----w- c:\users\Default\AppData\Local\temp
      2009-11-22 08:44 . 2009-11-22 08:44 -------- d-----w- c:\users\Anahid\AppData\Local\temp
      2009-11-19 15:02 . 2009-11-19 15:02 4045528 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
      2009-11-19 14:54 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
      2009-11-19 14:54 . 2009-11-19 15:02 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
      2009-11-19 14:54 . 2009-11-19 14:54 -------- d-----w- c:\programdata\Malwarebytes
      2009-11-19 14:54 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
      2009-11-18 17:40 . 2009-11-18 17:40 -------- d-----w- c:\program files\Trend Micro
      2009-11-18 06:37 . 2009-11-18 06:37 -------- d-----w- c:\program files\Windows Portable Devices
      2009-11-18 06:33 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
      2009-11-18 06:33 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
      2009-11-18 06:33 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
      2009-11-18 06:30 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
      2009-11-18 06:30 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
      2009-11-18 06:30 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
      2009-11-11 07:35 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
      2009-11-11 07:32 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
      2009-11-07 07:40 . 2009-11-07 07:40 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
      2009-11-06 10:49 . 2009-11-06 11:06 4096 d-----w- c:\program files\Common Files\SolidWorks Shared
      2009-11-06 10:49 . 2009-11-06 10:49 -------- d-----w- c:\program files\lang
      2009-11-06 10:49 . 2009-11-06 11:10 -------- d-----w- c:\programdata\SolidWorks
      2009-11-06 10:49 . 2009-11-06 11:07 4096 d-----w- c:\program files\SolidWorks Corp
      2009-11-06 10:49 . 2009-11-06 10:55 4096 d-----w- c:\program files\Browser
      2009-11-06 10:48 . 2009-11-06 10:48 -------- d-----w- c:\program files\MSECache
      2009-11-06 10:47 . 2009-11-06 10:47 4096 d-----w- c:\program files\Microsoft Visual Studio 8
      2009-11-06 10:43 . 2009-11-06 10:43 -------- d-----w- c:\program files\Common Files\SolidWorks Installation Manager
      2009-11-06 10:43 . 2009-11-06 10:46 -------- d-----w- c:\windows\SolidWorks
      2009-11-05 17:07 . 2009-11-05 17:13 -------- d-----w- c:\windows\Downloaded Installations
      2009-10-31 19:57 . 2007-08-28 08:42 466944 ----a-w- c:\windows\ssndii.exe
      2009-10-31 19:57 . 2009-10-31 19:57 -------- d-----w- c:\windows\Samsung
      2009-10-31 19:53 . 2007-01-03 15:57 22723 ----a-w- c:\windows\system32\sugs1l3.dll
      2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\windows\system32\drivers\Samsung
      2009-10-31 19:53 . 2007-01-03 15:56 151552 ----a-w- c:\windows\system32\sugs1ci.exe
      2009-10-31 19:53 . 2007-01-03 15:56 65536 ----a-w- c:\windows\system32\sugs1ci.dll
      2009-10-31 19:53 . 2007-01-03 13:09 5120 ------w- c:\windows\system32\drivers\SSPORT.SYS
      2009-10-31 19:53 . 2009-10-31 19:53 -------- d-----w- c:\program files\Samsung
      2009-10-29 16:01 . 2009-08-16 23:32 4223008 ----a-w- c:\windows\system32\NVStWiz.exe
      2009-10-29 09:23 . 2009-10-29 09:26 -------- d-----w- c:\users\Elif\AppData\Local\Microsoft Games
      2009-10-29 09:22 . 2009-10-29 09:22 56472 ----a-w- c:\users\Elif\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-10-29 06:58 . 2009-10-29 07:01 4096 d-----w- c:\users\Elif\AppData\Local\Google
      2009-10-28 18:58 . 2009-10-28 18:58 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
      2009-10-28 06:51 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
      2009-10-28 06:51 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
      2009-10-26 14:19 . 2009-10-26 14:19 -------- d-----w- c:\program files\GameSpy
      2009-10-26 14:17 . 2009-10-26 14:17 -------- d-----w- c:\windows\system32\URTTEMP
      2009-10-26 14:16 . 2009-10-26 14:16 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
      2009-10-26 14:15 . 2009-10-26 14:15 103736 ----a-w- c:\windows\system32\PnkBstrB.exe
      2009-10-26 14:15 . 2009-10-26 14:15 669184 ----a-w- c:\windows\system32\pbsvc.exe
      2009-10-26 14:15 . 2009-10-26 14:15 66872 ----a-w- c:\windows\system32\PnkBstrA.exe
      2009-10-26 14:15 . 2007-07-19 16:14 444776 ----a-w- c:\windows\system32\d3dx10_35.dll
      2009-10-26 14:15 . 2007-07-19 16:14 1358192 ----a-w- c:\windows\system32\D3DCompiler_35.dll
      2009-10-26 14:15 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll
      2009-10-26 14:15 . 2007-05-16 14:45 443752 ----a-w- c:\windows\system32\d3dx10_34.dll
      2009-10-26 14:15 . 2007-05-16 14:45 1124720 ----a-w- c:\windows\system32\D3DCompiler_34.dll
      2009-10-26 14:15 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\system32\d3dx9_34.dll
      2009-10-26 14:15 . 2007-04-04 16:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
      2009-10-26 14:14 . 2009-10-26 14:14 -------- d-----w- c:\programdata\Media Center Programs
      2009-10-26 14:05 . 2009-10-26 14:05 -------- d-----w- c:\program files\Electronic Arts
      2009-10-25 12:07 . 2009-10-25 12:07 -------- d-----w- c:\program files\ESET

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2009-11-22 07:52 . 2009-09-27 14:10 34990 ----a-w- c:\programdata\nvModes.dat
      2009-11-22 07:50 . 2009-09-27 10:20 4096 d-----w- c:\programdata\NVIDIA
      2009-11-21 22:52 . 2009-10-16 19:40 4096 d-----w- c:\programdata\Test Drive Unlimited
      2009-11-21 14:49 . 2009-10-12 11:59 32768 d-----w- c:\program files\GTR2
      2009-11-18 06:47 . 2007-01-05 05:14 598312 ----a-w- c:\windows\system32\perfh01F.dat
      2009-11-18 06:47 . 2007-01-05 05:14 120110 ----a-w- c:\windows\system32\perfc01F.dat
      2009-11-18 06:37 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
      2009-11-18 06:37 . 2009-11-18 06:37 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
      2009-11-11 15:37 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
      2009-11-11 15:29 . 2009-10-05 06:35 8192 d-----w- c:\programdata\Microsoft Help
      2009-11-09 15:24 . 2009-10-19 14:42 -------- d-----w- c:\program files\Java
      2009-11-09 11:30 . 2009-09-30 18:42 -------- d-----w- c:\program files\Common Files\Adobe
      2009-11-08 09:44 . 2009-09-27 11:16 4096 d-----w- c:\program files\Google
      2009-11-06 10:49 . 2009-09-27 14:07 8192 d-----w- c:\program files\AGEIA Technologies
      2009-11-05 17:45 . 2009-11-05 17:45 4096 d-----w- c:\program files\iTunes
      2009-11-05 17:45 . 2009-11-05 17:45 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
      2009-11-05 17:45 . 2009-11-05 17:41 -------- d-----w- c:\program files\Common Files\Apple
      2009-11-05 17:45 . 2009-11-05 17:11 -------- d-----w- c:\program files\iPod
      2009-11-05 17:43 . 2009-11-05 17:43 -------- d-----w- c:\program files\Bonjour
      2009-11-05 17:43 . 2009-11-05 17:43 4096 d-----w- c:\program files\QuickTime
      2009-11-05 17:43 . 2009-11-05 17:22 -------- d-----w- c:\programdata\Apple Computer
      2009-11-05 17:42 . 2009-11-05 17:42 4096 d-----w- c:\program files\Apple Software Update
      2009-11-05 17:41 . 2009-11-05 17:41 -------- d-----w- c:\programdata\Apple
      2009-11-05 17:23 . 2009-09-30 18:15 4096 d--h--w- c:\program files\InstallShield Installation Information
      2009-11-05 17:22 . 2009-11-05 17:22 -------- d-----w- c:\programdata\QuickTime
      2009-11-04 17:12 . 2009-10-19 14:40 4096 d-----w- c:\program files\LimeWire
      2009-11-02 18:42 . 2009-10-03 08:07 195456 ------w- c:\windows\system32\MpSigStub.exe
      2009-10-31 19:57 . 2009-09-27 12:00 -------- d-----w- c:\program files\Common Files\InstallShield
      2009-10-22 12:12 . 2009-10-22 12:12 -------- d-----w- c:\programdata\KONAMI
      2009-10-22 12:12 . 2009-10-19 17:13 -------- d-----w- c:\program files\KONAMI
      2009-10-16 14:11 . 2009-10-02 14:11 3695616 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AutoLaunch.exe
      2009-10-16 14:11 . 2009-10-02 14:10 2353992 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
      2009-10-16 13:18 . 2009-10-16 13:18 -------- d-----w- c:\program files\Atari
      2009-10-15 07:56 . 2009-10-15 07:56 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
      2009-10-14 06:05 . 2009-10-14 06:05 -------- d-----w- c:\program files\Auslogics
      2009-10-13 11:46 . 2009-10-13 11:20 4096 d-----w- c:\program files\GTR Evolution
      2009-10-13 11:06 . 2009-10-13 11:06 -------- d-----w- c:\programdata\WindowsSearch
      2009-10-11 02:17 . 2009-10-19 14:42 411368 ----a-w- c:\windows\system32\deploytk.dll
      2009-10-08 06:57 . 2009-10-05 06:37 4096 d-----w- c:\program files\Microsoft Works
      2009-10-06 18:47 . 2009-10-06 18:47 -------- d-----w- c:\programdata\Trymedia
      2009-10-06 18:46 . 2009-10-06 18:44 4096 d-----w- c:\program files\ARCA Remax
      2009-10-05 14:25 . 2009-10-05 14:23 53248 ----a-w- c:\windows\PSEXESVC.EXE
      2009-10-05 06:50 . 2009-10-01 21:35 -------- d-----w- c:\programdata\DassaultSystemes
      2009-10-05 06:37 . 2009-10-05 06:37 -------- d-----w- c:\program files\Microsoft.NET
      2009-10-05 06:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
      2009-10-05 06:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
      2009-10-05 06:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
      2009-10-05 06:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
      2009-10-05 06:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
      2009-10-05 06:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
      2009-10-05 06:10 . 2009-10-05 06:10 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
      2009-10-03 17:09 . 2009-10-03 17:09 61064 ----a-w- c:\users\Anahid\AppData\Local\GDIPFONTCACHEV1.DAT
      2009-10-03 12:39 . 2009-10-02 11:06 12288 d-----w- c:\program files\PnG2
      2009-10-02 15:27 . 2009-10-02 15:27 -------- d-----w- c:\program files\MSXML 4.0
      2009-10-02 14:10 . 2009-10-02 14:10 562552 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
      2009-10-02 14:10 . 2009-10-02 14:10 566632 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
      2009-10-02 14:10 . 2009-10-02 14:10 640760 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWWSC.exe
      2009-10-02 14:10 . 2009-10-02 14:10 520024 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWTray.exe
      2009-10-02 14:10 . 2009-10-02 14:10 1028432 ----a-w- c:\programdata\Lavasoft\Ad-Aware\Update\AAWService.exe
      2009-10-02 14:07 . 2009-10-02 14:07 4096 dc-h--w- c:\programdata\{EF63305C-BAD7-4144-9208-D65528260864}
      2009-10-02 14:07 . 2009-10-02 14:07 -------- d-----w- c:\program files\Lavasoft
      2009-10-01 22:14 . 2009-10-01 21:48 137 ----a-w- c:\windows\system32\winser.bin
      2009-10-01 22:04 . 2009-10-01 22:04 113 ----a-w- c:\windows\system32\accwiz.bin
      2009-10-01 21:43 . 2009-10-01 21:43 108 ----a-w- c:\windows\system32\dxwizard.bin
      2009-10-01 01:02 . 2009-11-18 06:32 2537472 ----a-w- c:\windows\system32\wpdshext.dll
      2009-10-01 01:02 . 2009-11-18 06:32 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
      2009-10-01 01:02 . 2009-11-18 06:32 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
      2009-10-01 01:02 . 2009-11-18 06:32 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
      2009-10-01 01:02 . 2009-11-18 06:32 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
      2009-10-01 01:01 . 2009-11-18 06:32 546816 ----a-w- c:\windows\system32\wpd_ci.dll
      2009-10-01 01:01 . 2009-11-18 06:32 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
      2009-10-01 01:01 . 2009-11-18 06:32 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
      2009-10-01 01:01 . 2009-11-18 06:32 350208 ----a-w- c:\windows\system32\WPDSp.dll
      2009-10-01 01:01 . 2009-11-18 06:32 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
      2009-10-01 01:01 . 2009-11-18 06:32 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
      2009-10-01 01:01 . 2009-11-18 06:32 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
      2009-09-30 21:33 . 2009-09-30 18:36 4096 d-----w- c:\programdata\NOS
      2009-09-30 18:39 . 2009-09-30 18:39 -------- d-----w- c:\program files\Common Files\Adobe AIR
      2009-09-30 18:36 . 2009-09-30 18:36 86016 ----a-w- c:\programdata\NOS\Adobe_Downloads\arh.exe
      2009-09-30 18:15 . 2009-09-27 12:00 319456 ----a-w- c:\windows\DIFxAPI.dll
      2009-09-30 18:15 . 2009-09-30 18:15 -------- d-----w- c:\program files\Realtek
      2009-09-30 15:34 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
      2009-09-30 15:34 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
      2009-09-29 11:05 . 2009-09-29 11:05 95896 ----a-w- c:\windows\system32\drivers\epfwwfpr.sys
      2009-09-29 11:02 . 2009-09-29 11:02 108792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
      2009-09-29 10:56 . 2009-09-29 10:56 116008 ----a-w- c:\windows\system32\drivers\eamon.sys
      2009-09-28 17:11 . 2009-09-28 17:11 75928 ----a-w- c:\windows\system32\drivers\ThwSpace.sys
      2009-09-28 15:41 . 2009-09-28 15:41 -------- d-----w- c:\program files\Microsoft
      2009-09-28 15:41 . 2009-09-28 15:40 -------- d-----w- c:\program files\Windows Live
      2009-09-28 15:41 . 2009-09-28 15:41 -------- d-----w- c:\program files\Windows Live SkyDrive
      2009-09-28 15:33 . 2009-09-28 15:33 -------- d-----w- c:\program files\Common Files\Windows Live
      2009-09-27 19:32 . 2009-09-27 19:32 -------- d-----w- c:\program files\Common Files\Logitech
      2009-09-27 19:32 . 2009-09-27 19:32 -------- d-----w- c:\program files\Logitech
      2009-09-27 15:46 . 2009-09-27 15:46 4942440 ----a-w- c:\windows\system32\nvdisps.dll
      2009-09-27 15:46 . 2009-09-27 15:46 13949544 ----a-w- c:\windows\system32\nvcpl.dll
      2009-09-27 15:23 . 2009-09-27 15:23 4096 d-----w- c:\program files\Jacker3
      2009-09-27 14:12 . 2009-09-27 14:12 9509832 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
      2009-09-27 14:12 . 2009-09-27 14:12 490088 ----a-w- c:\windows\system32\nvudisp.exe
      2009-09-27 14:12 . 2009-09-27 14:12 3310184 ----a-w- c:\windows\system32\nvwgf2um.dll
      2009-09-27 14:12 . 2009-09-27 14:12 2169448 ----a-w- c:\windows\system32\nvcuvid.dll
      .

      ((((((((((((((((((((((((((((( SnapShot@2009-11-19_10.25.07 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2009-09-27 10:21 . 2009-11-19 10:02 35004 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2009-09-27 10:21 . 2009-11-22 07:53 35004 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      - 2006-11-02 13:05 . 2009-11-19 10:02 52332 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2006-11-02 13:05 . 2009-11-22 07:53 52332 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2006-11-02 13:02 . 2009-11-19 10:00 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      + 2006-11-02 13:02 . 2009-11-22 07:50 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
      - 2006-11-02 13:02 . 2009-11-19 10:00 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      + 2006-11-02 13:02 . 2009-11-22 07:50 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
      - 2006-11-02 13:02 . 2009-11-19 10:00 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2006-11-02 13:02 . 2009-11-22 07:50 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
      + 2009-09-27 07:41 . 2009-11-22 07:53 8756 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3859704966-3601974497-4018524651-1000_UserData.bin
      + 2009-11-22 07:50 . 2009-11-22 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2009-11-19 10:00 . 2009-11-19 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
      - 2009-11-19 10:00 . 2009-11-19 10:00 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      + 2009-11-22 07:50 . 2009-11-22 07:50 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
      - 2009-09-30 15:16 . 2009-11-19 10:00 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
      + 2009-09-30 15:16 . 2009-11-22 07:51 245760 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
      "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-27 39408]
      "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
      "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
      "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-27 122368]
      "Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2008-04-04 88584]
      "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-29 2054360]
      "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2007-01-03 520192]
      "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-04 417792]
      "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
      "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
      "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
      "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
      "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-03-26 5369856]
      "Skytel"="Skytel.exe" - c:\windows\SkyTel.exe [2007-11-20 1826816]

      c:\users\Grhan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
      LimeWire On Startup.lnk - c:\program files\LimeWire\LimeWire.exe [2009-9-30 503808]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
      "EnableUIADesktopToggle"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
      @="Service"

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
      @="Service"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "VistaSp2"=hex(b):3e,de,14,62,83,45,ca,01

      R0 Lbd;Lbd;c:\windows\System32\drivers\Lbd.sys [02.10.2009 16:11 64160]
      R1 ehdrv;ehdrv;c:\windows\System32\drivers\ehdrv.sys [29.09.2009 13:02 108792]
      R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [29.09.2009 13:03 735960]
      R2 epfwwfpr;epfwwfpr;c:\windows\System32\drivers\epfwwfpr.sys [29.09.2009 13:05 95896]
      R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03.07.2009 16:49 1028432]
      R2 SSPORT;SSPORT;c:\windows\System32\drivers\SSPORT.SYS [31.10.2009 21:53 5120]
      R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27.09.2009 16:48 240232]
      S2 DFServ;DFServ;c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe --> c:\program files\Faronics\Deep Freeze\Install C-0\DFServ.exe [?]
      S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [07.11.2009 17:32 135664]
      S3 CoordinatorServiceHost;SW Distributed TS Coordinator Service;c:\program files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe [09.09.2008 06:01 79144]
      S3 FontCache;Windows Yazı Tipi Önbelleği Hizmeti;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [30.09.2009 16:50 21504]
      S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [23.09.2005 07:01 2799808]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
      .
      Contents of the 'Scheduled Tasks' folder

      2009-11-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job
      - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 14:10]

      2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 15:32]

      2009-11-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
      - c:\program files\Google\Update\GoogleUpdate.exe [2009-11-07 15:32]
      .
      .
      ------- Supplementary Scan -------
      .
      uStart Page = hxxp://www.google.com/tr
      uInternet Settings,ProxyOverride = *.local
      TCP: {F711CC09-7C42-46FD-9193-E2A76D99E962} = 208.67.222.222,208.67.220.220
      .

      **************************************************************************

      catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2009-11-22 10:44
      Windows 6.0.6002 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2009-11-22 10:46
      ComboFix-quarantined-files.txt 2009-11-22 08:46
      ComboFix2.txt 2009-11-19 10:27
      ComboFix3.txt 2009-10-05 14:17

      Pre-Run: 117.660.160.000 bayt boş
      Post-Run: 117.624.340.480 bayt boş

      - - End Of File - - 41500AB9E0EFF134E236BA2A117FF488



      _____________________________



    • Er
      1 Mesaj
      22 Kasım 2009 14:33:03
      Mehaba kardeş. benim explorer çok geç açıyordu forumda söylediklerini yaptım. aşağıdakiler çıktı. şimdi ne yapmam gerekiyor. işin acamisiyim. biraz detaylı anlatırsan minnettar kalırım. saygılarımla...
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 14:10, on 2009-11-22
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RunDLL32.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\WINDOWS\VMSnap3.EXE
      C:\WINDOWS\Domino.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\SERİSİSTEM BİLİŞİM\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
      O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -onlytray
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft...b_site.cab?1256382105953
      O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - http://reporteokul.meb....ntrols/activexviewer.cab
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{1964BC7C-6C97-4DCA-80A3-4A0D1EA9E5B6}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CS1\Services\Tcpip\..\{1964BC7C-6C97-4DCA-80A3-4A0D1EA9E5B6}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CS2\Services\Tcpip\..\{1964BC7C-6C97-4DCA-80A3-4A0D1EA9E5B6}: NameServer = 208.67.222.222,208.67.220.220
      O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 6952 bytes


      _____________________________

    • Yüzbaşı
      454 Mesaj
      22 Kasım 2009 15:33:24
      Selam benim sorunum bugün baş gösterdi, dün Eset'i silip Avast home kurdum, bugün film izlerken avast aniden "C:\Windows\Temp\[buradaki_klasör_adı_herzaman_değişiyor]\svchost.exe" şeklinde bir zararlı(Win32:Malware-gen) buldu sildirdim fakat her 5 dakikada bir Temp klasörünün içerisinde otomatik farklı farklı isimlerde klasör açılıyor içerisine "svchost.exe" dosyası oluşuyor. Ne kadar sildirsemde sürekli tekrar ediyor bu olay. Sistemde win7 32bit yüklü. Bu sorundan nasıl kurtulabilirim ?

      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 15:23:25, on 22.11.2009
      Platform: Unknown Windows (WinNT 6.01.3504)
      MSIE: Internet Explorer v8.00 (8.00.7600.16385)
      Boot mode: Normal

      Running processes:
      C:\Program Files\Steam\UnDead.Injector.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\VM303_STI.EXE
      C:\Windows\VMSnap3.exe
      C:\Windows\Domino.exe
      C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      C:\Program Files\Alwil Software\Avast4\ashDisp.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe
      C:\Windows\system32\taskhost.exe
      C:\Program Files\Opera\opera.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Users\LostSpace\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,,C:\Program Files\Steam\UnDead.Injector.exe
      O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
      O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.exe
      O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
      O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [SRS Audio Sandbox] "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
      O4 - HKCU\..\Run: [GizmoDriveDelegate] RUNDLL32.EXE C:\PROGRA~1\GIZMO\GDRIVE.DLL,Remount_Startup_Images
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
      O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
      O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
      O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
      O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
      O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL
      O13 - Gopher Prefix:
      O17 - HKLM\System\CCS\Services\Tcpip\..\{7856A966-7C48-4797-815E-719782BC6C42}: NameServer = 4.2.2.2,4.2.2.1
      O17 - HKLM\System\CS1\Services\Tcpip\..\{7856A966-7C48-4797-815E-719782BC6C42}: NameServer = 4.2.2.2,4.2.2.1
      O17 - HKLM\System\CS2\Services\Tcpip\..\{7856A966-7C48-4797-815E-719782BC6C42}: NameServer = 208.67.222.222,208.67.222.220
      O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: Apache2.2 - Apache Software Foundation - D:\AppServ\Apache2.2\bin\httpd.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Gizmo Central - Arainia Solutions - C:\Program Files\Gizmo\gservice.exe
      O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\Hamachi\hamachi-2.exe
      O23 - Service: mysql - Unknown owner - D:\AppServ\MySQL\bin\mysqld-nt.exe
      O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

      --
      End of file - 6599 bytes

      Bir de arkadaşlar .log'ları [code][/code] tagı içerisine alırsanız daha sağlıklı olur, mesajlar uzun olunca arada yazılanları görmek zor oluyor.


      < Bu mesaj bu kişi tarafından değiştirildi Moo-hyuk -- 22 Kasım 2009; 15:39:22 >
      _____________________________

      !!!...Laugh and the world laughs with you, Weep and you weep alone...!!!
      !!!...웃어라. 온 세상이 너와 함께 웃을 것이다. 울어라. 너 혼자만 울게 될 것이다...!!!
      !!!...oo seo rah. on se sahng yi neo wah haam kae oo seul geo shi dah. ool eoh rah. neoh hon jah maan ool ge del geo shi dah...!!!
    • Yüzbaşı
      630 Mesaj
      22 Kasım 2009 16:13:09
      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 16:12:44, on 22.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
      C:\PROGRA~1\SPEEDB~1\VideoAcceleratorEngine.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Opera\opera.exe
      C:\Documents and Settings\O_o\Desktop\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
      O1 - Hosts: 88.232.82.56 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 88.232.82.56 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 88.232.82.56 pes09pcgate-e.winning-eleven.net
      O1 - Hosts: 88.232.82.56 pes09pcgate-e.winning-eleven.net
      O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
      O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SoundMax] "C:\Program Files\Analog Devices\SoundMAX\smax4.exe" /tray
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [SpeedBitVideoAccelerator] C:\Program Files\SpeedBit Video Accelerator\VideoAccelerator.exe
      O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
      O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
      O10 - Unknown file in Winsock LSP: c:\progra~1\speedb~1\sblsp.dll
      O16 - DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} (DyynoX Class) - http://webserver.dyyno.com/tng/dyyno-client/DyynoCAB.CAB
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F850C2A4-B582-4EC6-8092-A35E0159B882}: NameServer = 208.67.222.222,208.67.220.220
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - D:\Spyware Doctor\Spyware Doctor\pctsAuxs.exe (file missing)
      O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - D:\Spyware Doctor\Spyware Doctor\pctsSvc.exe (file missing)
      O23 - Service: VideoAcceleratorService - Speedbit Ltd. - C:\PROGRA~1\SPEEDB~1\VideoAcceleratorService.exe

      --
      End of file - 5201 bytes


      Teşekkürler


      _____________________________



      Lok'tar ogar! Victory or death! It is these words that bind me to the Horde. For they are the most sacred and fundamental of truths to any warrior of the Horde.

      I give my flesh and blood freely to the Warchief. I am the instrument of my Warchief's desire. I am a weapon of my Warchief's command.

      From this moment until the end of days I live and die FOR THE HORDE!
    • Emekli Yönetici
      8906 Mesaj
      22 Kasım 2009 17:15:10

      quote:

      Orijinalden alıntı: doktorum60
      sağol üstat...

      Rica ederim kolay gelsin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      22 Kasım 2009 17:17:17

      quote:

      Orijinalden alıntı: cvhrthrgl

      combofix.txt dosyam bu şekilde..

      SDFix adlı programı masaüstünüze indirin. NOT: Yönetici haklarına sahip olan bir kullanıcı ile giriş yapmış olmalısınız.

      http://www.buraksonmez.com/dosyalar/SDFix.exe

      * SDFix.exe çift tıklayın ve program dosyaları sisteminizin kurulu olduğu dizine (Genellikle C:\SDFix) çıkartacaktır.
      * Henüz programı kullanmayın.

      Bilgisayarınızı Güvenli Modda başlatın. Bunu yapmak için bilgisayarınız açılırken bip sesini duyduktan sonra -fakat Windows Ekranı gözükmeden önce- F8 tuşuna basılı tutun. Çeşitli seçenekler içeren bir menüyle karşılaşacaksınız. Buradan ok tuşlarını kullanarak Güvenli Mod üzerine gelin ve Enter tuşuna basın.

      C:\SDFix klasörünü açın ve RunThis.bat adlı dosyaya çift tıklayarak çalıştırın.

      * Temizleme işlemine başlamak için Y tuşuna basın.
      * Bilgisayarınızda bulunan zararlı yazılımları temizledikten sonra bilgisayarınızı yeniden başlatmak için bir tuşa basmanız istenecek.
      * Bir tuşa basın ve bilgisayarınızı yeniden başlatın.
      * Bilgisayarınız yeniden başladığında, program otomatik olarak açılacak ve son işlemleri yapacaktır. İşlemler bittiğinde bir tuşa basın ve masaüstünüz yüklenecektir.
      * Masaüstünüz yüklendiğinde işlemlerin sonucunu içeren bir rapor sayfası açılacaktır. Bu rapor sayfasını SDFix'in kurulu olduğu dizinde Report.txt da bulabilirsiniz.
      * Report.txt dosyasını mesajınıza ekleyerek bize gönderin.

      Eğer SDFix çalıştırırken "Komut İstemi sistem yöneticiniz tarafından devre dışı bırakılmıştır. Lütfen sistem yöneticinizle irtibata geçin." şeklinde bir hata alırsanız; Başlat - Çalıştır'a aşağıdaki komutu girin:
      %systemdrive%\SDFix\apps\swreg IMPORT %systemdrive%\SDFix\apps\Enable_Command_Prompt.reg
      Tamam basın ve SDFix tekrar çalıştırın.

      Eğer komut istemi pencesesi açılıp hemen kapanıyorsa aşağıdaki komutu Başlat - Çalıştır'a girin:
      %systemdrive%\SDFix\apps\FixPath.exe /Q
      Tamam basın ve SDFix tekrar çalıştırın.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      22 Kasım 2009 17:19:24

      quote:

      Orijinalden alıntı: bozcaadalı

      Malwarebytes Antimalware adlı programı indirin.

      http://www.buraksonmez.com/dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.

      quote:

      Orijinalden alıntı: adıyamanlım02

      Mehaba kardeş. benim explorer çok geç açıyordu forumda söylediklerini yaptım. aşağıdakiler çıktı. şimdi ne yapmam gerekiyor. işin acamisiyim. biraz detaylı anlatırsan minnettar kalırım. saygılarımla...

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
      O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      22 Kasım 2009 17:21:34

      quote:

      Orijinalden alıntı: Moo-hyuk

      Selam benim sorunum bugün baş gösterdi, dün Eset'i silip Avast home kurdum, bugün film izlerken avast aniden "C:\Windows\Temp\[buradaki_klasör_adı_herzaman_değişiyor]\svchost.exe" şeklinde bir zararlı(Win32:Malware-gen) buldu sildirdim fakat her 5 dakikada bir Temp klasörünün içerisinde otomatik farklı farklı isimlerde klasör açılıyor içerisine "svchost.exe" dosyası oluşuyor. Ne kadar sildirsemde sürekli tekrar ediyor bu olay. Sistemde win7 32bit yüklü. Bu sorundan nasıl kurtulabilirim ?

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,,C:\Program Files\Steam\UnDead.Injector.exe
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [BigDog303] C:\Windows\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [VMSnap3] C:\Windows\VMSnap3.exe
      O4 - HKLM\..\Run: [Domino] C:\Windows\Domino.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MIF5BA~1\OFFICE11\REFIEBAR.DLL


      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      quote:

      Orijinalden alıntı: Leetcake
      Teşekkürler

      Rica ederim.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT1750559 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
      O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
      O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll



      _____________________________

    • Yüzbaşı
      436 Mesaj
      22 Kasım 2009 19:52:56
      Benim sorunum pc me bir sürü virüs girdi dün win32 trojan türevinde falan sistem dosyalarına girince kasper sildi ama sistem dosyalarıda etkilendi daha sonra pc hep acılısta run dll exe hatası falan verdi bende pc yi 4 gün öncesine geri aldım simdide win32 generic host hatası alıyorum pc im tam olarak düzelmiş deil sanırım.ve kasper calısmıyor sildim bastan yükliyecegim.win32 ... hatasını çözdüm simdide alg.exe hatası alıyorum ..

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:47:58, on 22.11.2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\VTTimer.exe
      C:\WINDOWS\system32\VTtrayp.exe
      C:\Program Files\Analog Devices\Core\smax4pnp.exe
      C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\msiexec.exe
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Program Files\Internet Explorer\IEXPLORE.EXE
      C:\Documents and Settings\Fury&Ely\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
      O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
      O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
      O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
      O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Fury&Ely\LOCALS~1\Temp\herss.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: HP Akıllı Seçim - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} (System Requirements Lab Class) - http://srtest-cdn.syste.../bin/sysreqlabdetect.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft...b_site.cab?1255032256562
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1257260686515
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{A3E86F9D-B910-4CAB-BC7D-B315EE43016E}: NameServer = 4.2.2.5,4.2.2.4
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
      O23 - Service: Sony SPTI Service for DVE (ICDSPTSV) - Sony Corporation - C:\WINDOWS\system32\IcdSptSv.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

      --
      End of file - 6509 bytes



      < Bu mesaj bu kişi tarafından değiştirildi furi544 -- 22 Kasım 2009; 21:25:36 >
      _____________________________

    • Yarbay
      7130 Mesaj
      23 Kasım 2009 10:44:35
      Benim asıl sorunum sistem kapatılıor hatası dier butun herseyi yapmama rağmen bir turlu su sorundan kurtulamadım inş bunda sorun cozuluor
      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 10:19:55, on 23.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.exe
      C:\WINDOWS\sm56hlpr.exe
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      C:\APPS\Powercinema\PCMService.exe
      C:\apps\ABoard\ABoard.exe
      C:\WINDOWS\emMon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\apps\ABoard\AOSD.exe
      C:\Program Files\Java\jre6\bin\jusched.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\LClock\lclock.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe
      c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Documents and Settings\Fatih\Belgelerim\İndirilenler\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netarar.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe printer
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [PCMService] "c:\APPS\Powercinema\PCMService.exe"
      O4 - HKLM\..\Run: [ACTIVBOARD] c:\apps\ABoard\ABoard.exe
      O4 - HKLM\..\Run: [emMonitor] C:\WINDOWS\emMon.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Fatih\restorer32_a.exe
      O4 - HKCU\..\Run: [LClock] C:\\\\Program Files\\\\LClock\\\\lclock.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft...b_site.cab?1252311151156
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{D544B7F1-B97F-49C0-AF92-3FFA1F5748D3}: NameServer = 208.67.220.220,208.67.222.222
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - c:\APPS\Powercinema\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      O23 - Service: USBDeviceService - Unknown owner - C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\USBDeviceService.exe

      --
      End of file - 7555 bytes




      < Bu mesaj bu kişi tarafından değiştirildi farti -- 23 Kasım 2009; 14:27:11 >
      _____________________________

    • Yarbay
      2469 Mesaj
      24 Kasım 2009 00:47:54
      Selamlar hayırlı çalışmlaar .. internet explorer sürekli kitleniyor özellikle donanımhaberde.. ne yapmam gerekiyor yardımlarınız için şimdiden teşekkürler


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:33:04, on 24.11.2009
      Platform: Windows Vista SP2 (WinNT 6.00.1906)
      MSIE: Internet Explorer v7.00 (7.00.6002.18005)
      Boot mode: Normal

      Running processes:
      C:\Windows\System32\smss.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\wininit.exe
      C:\Windows\system32\csrss.exe
      C:\Windows\system32\services.exe
      C:\Windows\system32\lsass.exe
      C:\Windows\system32\lsm.exe
      C:\Windows\system32\winlogon.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\System32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\SLsvc.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\System32\spoolsv.exe
      C:\Windows\system32\svchost.exe
      C:\Windows\system32\taskeng.exe
      C:\Windows\system32\Dwm.exe
      C:\Windows\Explorer.EXE
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Windows\RtHDVCpl.exe
      C:\Program Files\Apoint2K\Apoint.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\CursorXP\CursorXP.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Windows\system32\agrsmsvc.exe
      C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      C:\Windows\system32\svchost.exe
      C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
      C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
      C:\Windows\system32\TODDSrv.exe
      C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\Windows\System32\svchost.exe
      C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
      C:\Program Files\Apoint2K\ApMsgFwd.exe
      C:\Program Files\Apoint2K\Apntex.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      C:\Program Files\a-squared Anti-Malware\a2service.exe
      C:\Program Files\a-squared Anti-Malware\a2guard.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
      C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
      C:\Program Files\Windows Media Player\wmplayer.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
      C:\Windows\system32\wbem\wmiprvse.exe

      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OGUZHAN
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
      O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
      O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
      O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
      O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O13 - Gopher Prefix:
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{71A7F614-71E8-4EA9-94F1-6516B5E89A5A}: NameServer = 208.67.222.222,208.67.220.220
      O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
      O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
      O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
      O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
      O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
      O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
      O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
      O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
      O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

      --
      End of file - 6692 bytes



      _____________________________

    • Binbaşı
      1161 Mesaj
      25 Kasım 2009 00:02:12
      ya bendede pcde bi yavaşlık oldu benımkınede bı bakarmısınız sımdıden tesekkurler

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:01:13, on 25.11.2009
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\Messenger\msmsgs.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
      C:\PROGRA~1\WIDCOMM\Bluetooth Software\BtStackServer.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Windows Live\Contacts\wlcomm.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Documents and Settings\KaaN\Belgelerim\Downloads\Program\HiJackThis.exe

      O1 - Hosts: 208.117.236.69 www.youtube.com
      O1 - Hosts: 208.117.236.69 youtube.com
      O1 - Hosts: 208.117.236.70 youtube.com
      O1 - Hosts: 208.117.236.70 www.youtube.com
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
      O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
      O4 - Global Startup: Bluetooth.lnk = ?
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1257579555015
      O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe...S/getPlusPlus/1.6/gp.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{84AA770B-E523-4B1F-88CD-18DA823294C3}: NameServer = 208.67.222.222,208.67.220.220
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

      --
      End of file - 3624 bytes



      _____________________________

      PSN : Kaan_001
    • Yarbay
      6244 Mesaj
      25 Kasım 2009 10:09:36
      serji sağol hocam, sorunlarımı çözdün.


      _____________________________

    • Teğmen
      245 Mesaj
      25 Kasım 2009 12:23:21
      hocam benim bilgisayarda acayip yavaşlamıştı son zamanlarda senin deddiğin işlemi yaptım tarattım sonuç aşağıda şimdi ne yapmam gerekiyor acaba?kusura bakma fazla teknik bilgim yok ama fixleme ne demek?




      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 12:20:19, on 25.11.2009
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v8.00 (8.00.6001.18702)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\Program Files\IObit\IObit Security 360\IS360srv.exe
      C:\Program Files\Java\jre6\bin\jqs.exe
      c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
      c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
      c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\igfxtray.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\tsnp2std.exe
      C:\WINDOWS\vsnp2std.exe
      C:\Program Files\IObit\IObit Security 360\IS360tray.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\IObit\IObit Security 360\is360.exe
      C:\Documents and Settings\fatoş\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hacettepe.edu.tr:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
      O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
      O4 - HKCU\..\Run: [AROReminder] C:\Program Files\Advanced Registry Optimizer\ARO.exe -rem
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe (User 'Default user')
      O4 - Startup: VirtualExpander.lnk = C:\WINDOWS\system32\VirtualExpander\VirtualExpander.exe
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
      O17 - HKLM\System\CCS\Services\Tcpip\..\{06C0591D-2558-4421-AAF4-1EE1B95F9312}: NameServer = 4.2.2.4,4.2.2.5
      O17 - HKLM\System\CCS\Services\Tcpip\..\{F562EBEC-D7F3-4182-A799-3C184CB31BD2}: NameServer = 4.2.2.4,4.2.2.5
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O20 - AppInit_DLLs: c:\progra~1\google\google~2\goec62~1.dll
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
      O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
      O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

      --
      End of file - 9707 bytes




      _____________________________

      2006 CIVIC ES A/T
    • Emekli Yönetici
      8906 Mesaj
      25 Kasım 2009 13:40:29

      quote:

      Orijinalden alıntı: furi544

      Benim sorunum pc me bir sürü virüs girdi dün win32 trojan türevinde falan sistem dosyalarına girince kasper sildi ama sistem dosyalarıda etkilendi daha sonra pc hep acılısta run dll exe hatası falan verdi bende pc yi 4 gün öncesine geri aldım simdide win32 generic host hatası alıyorum pc im tam olarak düzelmiş deil sanırım.ve kasper calısmıyor sildim bastan yükliyecegim.win32 ... hatasını çözdüm simdide alg.exe hatası alıyorum ..

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [cdoosoft] C:\DOCUME~1\Fury&Ely\LOCALS~1\Temp\herss.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Kasım 2009 13:42:44

      quote:

      Orijinalden alıntı: farti

      Benim asıl sorunum sistem kapatılıor hatası dier butun herseyi yapmama rağmen bir turlu su sorundan kurtulamadım inş bunda sorun cozuluor

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.netarar.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      F2 - REG:system.ini: Shell=Explorer.exe rundll32.exe printer
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O4 - HKLM\..\Run: [Vade Retro Outlook Express] "C:\PROGRA~1\GOTOSO~1\VADERE~1\Vaderetro_oe.exe"
      O4 - HKLM\..\Run: [DetectorApp] C:\Program Files\Sonic\DigitalMedia LE v7\MyDVD LE\DetectorApp.exe
      O4 - HKLM\..\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [restorer32_a] C:\Documents and Settings\Fatih\restorer32_a.exe
      O4 - HKCU\..\Run: [LClock] C:\\\\Program Files\\\\LClock\\\\lclock.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Kasım 2009 13:44:50

      quote:

      Orijinalden alıntı: ozzyouz

      Selamlar hayırlı çalışmlaar .. internet explorer sürekli kitleniyor özellikle donanımhaberde.. ne yapmam gerekiyor yardımlarınız için şimdiden teşekkürler

      Burda bir sorun gozukmuyor MBAM ile taratmayi deneyin.



      Alıntıları Göster


      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OGUZHAN
      O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background


      ComboFix adlı programı masaüstünüze indirin.

      http://www.buraksonmez.com/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      quote:

      Orijinalden alıntı: ησ¢яу

      serji sağol hocam, sorunlarımı çözdün.

      Rica ederim. Kolay gelsin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Kasım 2009 13:48:03

      quote:

      Orijinalden alıntı: piasemen

      hocam benim bilgisayarda acayip yavaşlamıştı son zamanlarda senin deddiğin işlemi yaptım tarattım sonuç aşağıda şimdi ne yapmam gerekiyor acaba?kusura bakma fazla teknik bilgim yok ama fixleme ne demek?

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.hacettepe.edu.tr:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      R3 - URLSearchHook: (no name) - {c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
      O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
      O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
      O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
      O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
      O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
      O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
      O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
      O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.


      _____________________________

    • Teğmen
      245 Mesaj
      25 Kasım 2009 14:32:03
      hocam teşekkürler dediklerinizi yaptım...

      yanlız bir sorum daha olacak bu onularda bilgi sahibi olduğunuzu düşünerek soruyorum..benim bilgisayarımda msn mesengerı çalıştıramıyorum daha doğrusu indiriyorum kuruyrum sigesini açmak için tıklıyorum harddisk çalışıyor ışığı yanıyor bilgisayar tıır tıkır bişeyler yapıyor ama oturum açma penceresi ekrana gelmiyor live writer live mail diğer tüm live dosyalarını açabiliyorum ama mesenger perncersi açılmıyor defalarca program ekle kaldırddan kaldırıp terar yükledim ama oturum açma penceresini göremiyorum.dediğim gibi simgeyi tıklayınca bilgisayar çalışıyor tıkır tıkır bişeylr yapıyor ama açılmıyor ne yapabilirim? şimdiden teşekkürler...


      _____________________________

      2006 CIVIC ES A/T
Sayfa:   <<     < önceki   146 147 148 149 [150] 151 152 153 154 155   sonraki >     >>
Tüm Forumlar >> İşletim Sistemleri ve Yazılımlar >> Yazılım Genel >> Güvenlik Programları >> HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Sayfaya Git:
Sayfa:
Facebook Sayfamız
Foruma Git
Bölümde Ara
Reklamlar
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.