DonanımHaber'de AraYENİ GELİŞMİŞ ARAMA
ForumBu Bölümde Ara
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
9.877
Cevap
20
Favori
1.191.872
Tıklama
Tüm Forumlar >> İşletim Sistemleri ve Yazılımlar >> Yazılım Genel >> Güvenlik Programları >> HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Sayfaya Git:
Sayfa: <<< önceki 89 90 91 92 93 94 95 96 97 98 sonraki >>>
Giriş
Mesaj
    • Er
      12 Mesaj
      22 Ekim 2008 21:44:31

      quote:

      Orjinalden alıntı: serji



      Alıntıları Göster


      Rica ederim. Takildiginiz bir yer olursa sormaktan cekinmeyin. Elimden geldigi kadar yardimci olurum. En azindan denerim Hepsini fixlemek bazen sorun yaratabilir. Cnku baslangictra suruculerin vs yuklendigi oluyor. O yuzden bilen birine yaptirmak cok daha iyi. Ki zaten yavas yavas cozmeye de baslamissiniz sorun yok. Site hakkindaki yorum icin de tesekkurler. Burada olmadigim zamanlarda orada oluyorum. Ve guzellestirmeye calsiiyorum. Siteyi de cevrenizdeki kullanicilara sorunlari olanlara vs. tavsiye ederseniz bana en buyuk yardimi yapmis olursunuz. Tesekkurler. Kolay gelsin.



      Merak etmeyin Msnede iletime yaziyorum :) uzun bir sürede orda kalır.. ;) o yardımıda yapalım yapmazsak olmaz zaten..


      _____________________________

    • Er
      12 Mesaj
      22 Ekim 2008 21:52:43
      ahh unutmusum bu arada birde benim bilgisyarda wowexec.exe diye birşey calısıyor bunun ne oldugunu cözemedim ? bir fikrin varmı?


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      22 Ekim 2008 22:05:06

      quote:

      Orjinalden alıntı: sezgin57
      Merak etmeyin Msnede iletime yaziyorum :) uzun bir sürede orda kalır.. ;) o yardımıda yapalım yapmazsak olmaz zaten..

      O zaman tesekkurler


      quote:

      Orjinalden alıntı: sezgin57
      ahh unutmusum bu arada birde benim bilgisyarda wowexec.exe diye birşey calısıyor bunun ne oldugunu cözemedim ? bir fikrin varmı?

      wowexec.exe Windows'un bir bleseni normal sartlarda. Ama hic karsilasmamis olmama ragmen trojan oldugunu da duymustum. Wowexec.exe dosyasini www.virustotal.com sitesinde taratabilirsin.


      _____________________________

    • Er
      12 Mesaj
      22 Ekim 2008 22:09:20
      Anladım ama bu dosya şeklinde değil nerde oldugunu bilmiyorum ctrl alt del yaptigimda işlemler kısmında cıkıyor sadece Wowexec.exe yaziyor karşisinda ne kullanici adi nede başka birşey yaziyor.. kaç kb ile calıştığı bile yazmiyor..


      _____________________________

    • Teğmen
      176 Mesaj
      23 Ekim 2008 00:18:18
      s.a. dostum.. aşağıda göndermiş olduum log dosyası internetcafemdeki bi bilgisayara ait.. inceleme ve yorumlarını bekliyorum.. şimdiden teşekkü ederim..


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:08:09, on 23.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Vtune\TBPanel.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\SOUNDMAN.EXE
      C:\WINDOWS\VM303_STI.EXE
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\AKINSOFT\Cplus7\Client7\ClientKontrol.Exe
      C:\WINDOWS\system32\csrsm.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\System.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ghsfilt.exe
      C:\Documents and Settings\pc-01\Desktop\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: 127.1 localhost
      O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
      O1 - Hosts: 127.1 61.134.37.12
      O1 - Hosts: 127.1 ko.ssa387.cn
      O1 - Hosts: 127.1 www.ndxrr.cn
      O1 - Hosts: 127.1 12345.ssa387.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 wwwwhf.cn
      O1 - Hosts: 127.1 a89369093.sq.u9idc.com
      O1 - Hosts: 127.1 www.mmd178.cn
      O1 - Hosts: 127.1 www.178mmd.cn
      O1 - Hosts: 127.1 www.wenzhuoyyy.cn
      O1 - Hosts: 127.1 tw.lovechina.tw.cn
      O1 - Hosts: 127.1 222.189.238.151
      O1 - Hosts: 127.1 222.179.185.78
      O1 - Hosts: 127.1 www.wq9q.cn
      O1 - Hosts: 127.1 593ffcey.cn
      O1 - Hosts: 127.1 set.yay520.cn
      O1 - Hosts: 127.1 tenmoc999.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 121.kcuf-01.com
      O1 - Hosts: 127.1 www.ew1q.cn
      O1 - Hosts: 127.1 www.b3sk.cn
      O1 - Hosts: 127.1 up.bizmd.cn
      O1 - Hosts: 127.1 www.ms2a.cn
      O1 - Hosts: 127.1 www.wo9188.cn
      O1 - Hosts: 127.1 www.fgetchr.cn
      O1 - Hosts: 127.1 www.e6zx.cn
      O1 - Hosts: 127.1 hai067.com
      O1 - Hosts: 127.1 hai088.com
      O1 - Hosts: 127.1 778899.jd8j.cn
      O1 - Hosts: 127.1 sql.78-11.net
      O1 - Hosts: 127.1 www.bbbirdy.com
      O1 - Hosts: 127.1 www.s1na1.com.cn
      O1 - Hosts: 127.1 www.dianyinjzd.cn
      O1 - Hosts: 127.1 www.dj5201314dj.com
      O1 - Hosts: 127.1 max-2.cn
      O1 - Hosts: 127.1 a.asp-o.cn
      O1 - Hosts: 127.1 b.asp-o.cn
      O1 - Hosts: 127.1 c.asp-o.cn
      O1 - Hosts: 127.1 x.kprobb.cn
      O1 - Hosts: 127.1 js.php-k.cn
      O1 - Hosts: 127.1 max-1.cn
      O1 - Hosts: 127.1 max-3.cn
      O1 - Hosts: 127.1 max-4.cn
      O1 - Hosts: 127.1 max-5.cn
      O1 - Hosts: 127.1 max-6.cn
      O1 - Hosts: 127.1 max-7.cn
      O1 - Hosts: 127.1 max-8.cn
      O1 - Hosts: 127.1 max-9.cn
      O1 - Hosts: 127.1 max-10.cn
      O1 - Hosts: 127.1 max-11.cn
      O1 - Hosts: 127.1 max-12.cn
      O1 - Hosts: 127.1 twocannon250.com.cn
      O1 - Hosts: 127.1 www.133mm.cn
      O1 - Hosts: 127.1 www.51vmm.cn
      O1 - Hosts: 127.1 www.7mmoo.cn
      O1 - Hosts: 127.1 www.99mmm.org.cn
      O1 - Hosts: 127.1 www.hdec.cn
      O1 - Hosts: 127.1 www.picc18.com
      O1 - Hosts: 127.1 www.kissdh.com
      O1 - Hosts: 127.1 www.x7v.cn
      O1 - Hosts: 127.1 biqulu.cn
      O1 - Hosts: 127.1 2008.qq2006.com.cn
      O1 - Hosts: 127.1 giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrituoitre.net
      O1 - Hosts: 127.1 mekiep.com
      O1 - Hosts: 127.1 www.1sex1day.com
      O1 - Hosts: 127.1 a.9ymm.com
      O1 - Hosts: 127.1 bobo.7wyt.com
      O1 - Hosts: 127.1 www.591caobi.cn
      O1 - Hosts: 127.1 www.hrz008.cn
      O1 - Hosts: 127.1 asp-15.cn
      O1 - Hosts: 127.1 asp-12.cn
      O1 - Hosts: 127.1 www.jb88.net
      O1 - Hosts: 127.1 6.a88a.com
      O1 - Hosts: 127.1 w.b2c3.cn
      O1 - Hosts: 127.1 m.c5x8.com
      O1 - Hosts: 127.1 www.518sfw.cn
      O1 - Hosts: 127.1 www.jjyyzmj.cn
      O1 - Hosts: 127.1 u.cnmrx.net
      O1 - Hosts: 127.1 duowan.czm.cn
      O1 - Hosts: 127.1 xccxcxcxcxcx.cn
      O1 - Hosts: 127.1 google-yahoo.org.cn
      O1 - Hosts: 127.1 tudou-net.org.cn
      O1 - Hosts: 127.1 downloads.zango.com
      O1 - Hosts: 127.1 ftp.surfnet.nl
      O1 - Hosts: 127.1 bis.180solutions.com
      O1 - Hosts: 127.1 installs.hotbar.com
      O1 - Hosts: 127.1 www.hbdownloads.com
      O1 - Hosts: 127.1 static.zangocash.com
      O1 - Hosts: 127.1 www.qq-songli.cn
      O1 - Hosts: 127.1 aa.9234.net
      O1 - Hosts: 127.1 www.97love.info
      O1 - Hosts: 127.1 97love.info
      O1 - Hosts: 127.1 www.zyzhuiku.cn
      O1 - Hosts: 127.1 zyzhuiku.cn
      O1 - Hosts: 127.1 www.lang18.com
      O1 - Hosts: 127.1 lang18.com
      O1 - Hosts: 127.1 sao6666.com
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
      O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
      O4 - HKLM\..\Run: [HBService32] System.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs:HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,
      HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,
      HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,
      HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
      HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,
      HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
      O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
      O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll
      O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
      O23 - Service: CafePlusServiceMain - Unknown owner - C:\Program Files\AKINSOFT\Cplus7\Client7\cplusinject.exe
      O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 9537 bytes



      < Bu mesaj bu kişi tarafından değiştirildi vampoo -- 24 Ekim 2008; 1:48:02 >
      _____________________________





      İmzam gural dışıymış...
    • Yüzbaşı
      798 Mesaj
      23 Ekim 2008 00:41:30
      @Serji, yardımlarınız için tşk ederim.Bunların hepsini teker teker araştırıp öğrenebilecek vaktim yokdu ama sizin bu konudaki deneyimleriniz bana çok yardımcı oldu.Dediğiniz işlemleri yaptım tekrardan log dosyalarını gonderin demişsiniz gonderiyorum.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 00:34:43, on 23.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\WINDOWS\system32\CTsvcCDA.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Downloads\HiJackThis.exe

      O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
      O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
      O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1221532028828
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1221542903031
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com...-6u7-windows-i586-jc.cab
      O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
      O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
      O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 4070 bytes



      _____________________________

    • Er
      1 Mesaj
      23 Ekim 2008 10:57:52
      merhaba hocam kolay gelsin.benim log file budur :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 09:44:30, on 23.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\ZCfgSvc.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\system32\1XConfig.exe
      C:\WINDOWS\system32\cisvc.exe
      C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\WINDOWS\system32\inetsrv\inetinfo.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
      C:\oracle\ora92\bin\omtsreco.exe
      C:\WINDOWS\system32\PGPsdkServ.exe
      C:\WINDOWS\system32\RegSrvc.exe
      C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\hkcmd.exe
      C:\WINDOWS\system32\igfxpers.exe
      C:\WINDOWS\FixCamera.exe
      C:\WINDOWS\vsnp2std.exe
      C:\WINDOWS\system32\igfxsrvc.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\ServGate\ServGate VPN Client\SafeCfg.exe
      C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
      C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\WINDOWS\system32\cidaemon.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\FlashGet\flashget.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.13.1.24:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;10.13*;<local>
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O4 - Global Startup: ServGate VPN Client.lnk = C:\Program Files\ServGate\ServGate VPN Client\SafeCfg.exe
      O4 - Global Startup: VPN Client.lnk = ?
      O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.m...ry/msgrchkr.cab31267.cab
      O16 - DPF: {0A5CAD58-328A-4E60-94F1-A510F266128A} (qdmsDokuman Control) - http://qdms.bcnet.com/q...msDokumanApplication.cab
      O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) - http://install.wildtang...ncher/ActiveLauncher.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com...2/resources/MSNPUpld.cab
      O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://kocaelikentrehbe...aeli.bel.tr/mgaxctrl.cab
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1195488360244
      O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.m...StatsClient.cab31267.cab
      O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.m...atsPAClient.cab55762.cab
      O16 - DPF: {AF52CAD9-8797-4374-93DE-E24FD10EB11A} (Dokuman_Yazdir Control) - file:///C:/Inetpub/wwwroot/Kalite/qdms/CABFiles/QDMS_DY.cab
      O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) - https://ast.yasar.com.tr/CSHELL/extender.cab
      O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.m...nary/ZIntro.cab55579.cab
      O16 - DPF: {C2CF0AAB-787A-474E-87F9-DB0A5750234E} (QDMSDocGoster Control) - file:///C:/Inetpub/wwwroot/Kalite/qdms/CABFiles/QDMSDocGosterici.cab
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.shockwave.co...sis/popcaploader_v10.cab
      O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) - https://vpndanisman.hay...etup/JuniperSetupSP1.cab
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\Software\..\Telephony: DomainName = bcnet.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcnet.com
      O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_1x8.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
      O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
      O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
      O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
      O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ServGate\ServGate VPN Client\IPSecMon.exe
      O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ServGate\ServGate VPN Client\IreIKE.exe
      O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
      O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
      O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
      O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
      O23 - Service: QDMS Mesaj Sistemi (qdmsDN) - Bimser Çözüm - C:\Inetpub\wwwroot\Kalite\Services\qdmsMail.exe
      O23 - Service: QDMS Yöneticisi (QDMSManager) - Bimser Çözüm - C:\Inetpub\wwwroot\Kalite\Services\qdmsMan.exe
      O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
      O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
      O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
      O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

      --
      End of file - 12035 bytes



      _____________________________

    • Yüzbaşı
      264 Mesaj
      23 Ekim 2008 11:16:40
      serji abi benim liste 92. sayafada kaldı lütfen yardımcı ol :) benden sonra gelenlere yardım etmişsin. sanırım gözünden kaçtım abi ya lütfen......


      _____________________________

    • Yüzbaşı
      669 Mesaj
      23 Ekim 2008 14:34:31
      Merhaba, öncelikle tekrar bizlere yardımcı olmaya çalıştığın için teşekkür ederim. Yaklaşık on dakika önce Avast "amvo.exe" diye bir truva atı buldu. Daha sonra mevcut dosyayı, dikkatlice dos ortamında kaldırdım, gerekli regedit temizliğini de yaptım. Ancak format atmamın 2.gününde böyle bir şey yaşadığım için ve PC güvenliğimin önemli olması nedeniyle sizden bir Hijack loglarımı kontrol etmenizi rica edeceğim. Tekrar teşekkür ederim.

      Log;

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 16:08:09, on 23.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      C:\Program Files\Microsoft IntelliPoint\ipoint.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Intel\AMT\LMS.exe
      C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\PnkBstrA.exe
      C:\WINDOWS\system32\PnkBstrB.exe
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Winamp\winamp.exe
      C:\WINDOWS\explorer.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Xfire\xfire.exe
      F:\Adobe Photoshop CS3 Extended Portable\Photoshop.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Program Files\Windows Live\Messenger\usnsvc.exe
      C:\Documents and Settings\Q\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1224544110671
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1224547566890
      O21 - SSODL: Java - True - (no file)
      O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
      O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
      O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
      O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

      --
      End of file - 5182 bytes




      Ve bu mesajı yazarken, tekrardan bir uyarı aldım AMVO1.DLL olarak :)



      < Bu mesaj bu kişi tarafından değiştirildi cordor -- 23 Ekim 2008; 16:07:16 >
      _____________________________

    • Yarbay
      2884 Mesaj
      23 Ekim 2008 14:46:27
      serji kolay gelsin sayende bilgisayar nefes aldı. acaba önerdigin antivirüs programı var mı?


      _____________________________

    • Yarbay
      2601 Mesaj
      23 Ekim 2008 16:49:05
      Bilgisayar son 1 haftadır acayip yavaşladı dosyada youtube ile ilgili şeyler göreceksiniz onlar uzun zamandır var daha önce böyle yavas degildi o youtube için dns çözücü ama eger zararlı diyorsanız kaldırayım

      Logfile of Trend Micro HijackThis v2.0.2 
      Scan saved at 16:34:03, on 23.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.20861)
      Boot mode: Normal

      Running processes:
      C:\windows\System32\smss.exe
      C:\windows\system32\winlogon.exe
      C:\windows\system32\services.exe
      C:\windows\system32\lsass.exe
      C:\windows\system32\Ati2evxx.exe
      C:\windows\system32\svchost.exe
      C:\windows\System32\svchost.exe
      C:\windows\system32\Ati2evxx.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      C:\windows\system32\cisvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\windows\system32\PnkBstrA.exe
      C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
      C:\windows\system32\svchost.exe
      C:\windows\Explorer.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      C:\windows\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
      O1 - Hosts: 208.65.153.251 uk.youtube.com
      O1 - Hosts: 208.65.153.253 de.youtube.com
      O1 - Hosts: 208.117.236.70 youtube.com
      O1 - Hosts: 208.117.236.70 www.youtube.com
      O1 - Hosts: 74.125.65.118 img.youtube.com
      O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
      O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
      O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
      O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
      O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
      O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
      O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
      O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
      O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
      O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
      O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
      O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
      O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
      O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
      O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
      O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
      O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
      O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
      O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
      O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
      O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
      O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
      O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
      O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
      O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
      O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
      O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
      O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
      O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
      O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
      O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
      O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
      O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
      O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
      O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
      O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
      O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
      O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
      O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
      O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
      O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
      O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
      O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
      O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
      O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
      O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
      O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
      O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
      O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
      O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
      O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
      O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
      O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
      O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
      O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
      O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
      O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
      O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
      O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
      O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
      O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
      O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
      O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
      O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
      O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
      O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
      O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
      O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
      O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
      O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
      O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
      O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
      O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
      O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
      O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
      O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
      O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
      O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
      O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
      O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
      O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
      O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
      O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
      O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
      O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
      O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
      O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
      O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
      O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
      O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
      O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
      O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
      O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
      O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
      O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
      O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
      O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
      O8 - Extra context menu item: Block frame with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
      O8 - Extra context menu item: Block image with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
      O8 - Extra context menu item: Block link with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
      O8 - Extra context menu item: Don't filter page with Ad Muncher - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
      O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Report page to the Ad Muncher developers - http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
      O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
      O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
      O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab3.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} - http://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} - http://212.175.239.246:81/avaLaunch94.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AADCC1-DD46-4DF8-ABAB-DC7534CBB564}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O17 - HKLM\System\CS1\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O17 - HKLM\System\CS3\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
      O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
      O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
      O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
      O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
      O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
      O23 - Service: Yazdırma Biriktiricisi (Spooler) - Unknown owner - C:\windows\system32\spoolsv.exe (file missing)

      --
      End of file - 12860 bytes



      _____________________________

    • Binbaşı
      1189 Mesaj
      23 Ekim 2008 19:59:53
      @serji merhaba,

      söylediğin şekilde programı çalıştırdım ve çıkan sonuç aşağıda

      yardımcı olabilirsen sevinirim, kolay gelsin...

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:52:16, on 23.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
      C:\WINDOWS\FixCamera.exe
      C:\WINDOWS\vsnp2std.exe
      C:\Program Files\Winamp\winampa.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
      C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
      C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
      C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
      C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
      C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Network Associates\VirusScan\VsStat.exe
      C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
      C:\Program Files\Network Associates\VirusScan\Webscanx.exe
      C:\WINDOWS\explorer.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
      C:\WINDOWS\system32\WgaTray.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
      O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
      O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
      O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.co...ib/JaguarEditControl.CAB
      O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Match%202/Images/stg_drm.ocx
      O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) - http://download.speakyweb.com/speakyldr.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com...1/resources/MSNPUpld.cab
      O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Magic%20Match%202/Images/armhelper.ocx
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://m.boonty.com/web...cap/popcaploader_v10.cab
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.c...aol/unagi/ampx_en_dl.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{97923B87-DA5A-427C-91BD-45D7E82418A0}: NameServer = 4.2.2.1,4.2.2.2
      O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
      O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

      --
      End of file - 8675 bytes



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      23 Ekim 2008 22:03:15
      quote:

      Orjinalden alıntı: vampoo
      s.a. dostum.. aşağıda göndermiş olduum log dosyası internetcafemdeki bi bilgisayara ait.. inceleme ve yorumlarını bekliyorum.. şimdiden teşekkü ederim..

      Sisteme cok ciddi virus bulasmis. Temizledikten sonra tekrar bulasmamasi icin bir kac onlem alacagiz. Bu arada mesaji duzenleyip O20'li satiri siler misin? Sayfayi uzatiyor da

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: 127.1 localhost
      O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
      O1 - Hosts: 127.1 61.134.37.12
      O1 - Hosts: 127.1 ko.ssa387.cn
      O1 - Hosts: 127.1 www.ndxrr.cn
      O1 - Hosts: 127.1 12345.ssa387.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 wwwwhf.cn
      O1 - Hosts: 127.1 a89369093.sq.u9idc.com
      O1 - Hosts: 127.1 www.mmd178.cn
      O1 - Hosts: 127.1 www.178mmd.cn
      O1 - Hosts: 127.1 www.wenzhuoyyy.cn
      O1 - Hosts: 127.1 tw.lovechina.tw.cn
      O1 - Hosts: 127.1 222.189.238.151
      O1 - Hosts: 127.1 222.179.185.78
      O1 - Hosts: 127.1 www.wq9q.cn
      O1 - Hosts: 127.1 593ffcey.cn
      O1 - Hosts: 127.1 set.yay520.cn
      O1 - Hosts: 127.1 tenmoc999.cn
      O1 - Hosts: 127.1 lihai88.com
      O1 - Hosts: 127.1 121.kcuf-01.com
      O1 - Hosts: 127.1 www.ew1q.cn
      O1 - Hosts: 127.1 www.b3sk.cn
      O1 - Hosts: 127.1 up.bizmd.cn
      O1 - Hosts: 127.1 www.ms2a.cn
      O1 - Hosts: 127.1 www.wo9188.cn
      O1 - Hosts: 127.1 www.fgetchr.cn
      O1 - Hosts: 127.1 www.e6zx.cn
      O1 - Hosts: 127.1 hai067.com
      O1 - Hosts: 127.1 hai088.com
      O1 - Hosts: 127.1 778899.jd8j.cn
      O1 - Hosts: 127.1 sql.78-11.net
      O1 - Hosts: 127.1 www.bbbirdy.com
      O1 - Hosts: 127.1 www.s1na1.com.cn
      O1 - Hosts: 127.1 www.dianyinjzd.cn
      O1 - Hosts: 127.1 www.dj5201314dj.com
      O1 - Hosts: 127.1 max-2.cn
      O1 - Hosts: 127.1 a.asp-o.cn
      O1 - Hosts: 127.1 b.asp-o.cn
      O1 - Hosts: 127.1 c.asp-o.cn
      O1 - Hosts: 127.1 x.kprobb.cn
      O1 - Hosts: 127.1 js.php-k.cn
      O1 - Hosts: 127.1 max-1.cn
      O1 - Hosts: 127.1 max-3.cn
      O1 - Hosts: 127.1 max-4.cn
      O1 - Hosts: 127.1 max-5.cn
      O1 - Hosts: 127.1 max-6.cn
      O1 - Hosts: 127.1 max-7.cn
      O1 - Hosts: 127.1 max-8.cn
      O1 - Hosts: 127.1 max-9.cn
      O1 - Hosts: 127.1 max-10.cn
      O1 - Hosts: 127.1 max-11.cn
      O1 - Hosts: 127.1 max-12.cn
      O1 - Hosts: 127.1 twocannon250.com.cn
      O1 - Hosts: 127.1 www.133mm.cn
      O1 - Hosts: 127.1 www.51vmm.cn
      O1 - Hosts: 127.1 www.7mmoo.cn
      O1 - Hosts: 127.1 www.99mmm.org.cn
      O1 - Hosts: 127.1 www.hdec.cn
      O1 - Hosts: 127.1 www.picc18.com
      O1 - Hosts: 127.1 www.kissdh.com
      O1 - Hosts: 127.1 www.x7v.cn
      O1 - Hosts: 127.1 biqulu.cn
      O1 - Hosts: 127.1 2008.qq2006.com.cn
      O1 - Hosts: 127.1 giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrisex.com
      O1 - Hosts: 127.1 www.giaitrituoitre.net
      O1 - Hosts: 127.1 mekiep.com
      O1 - Hosts: 127.1 www.1sex1day.com
      O1 - Hosts: 127.1 a.9ymm.com
      O1 - Hosts: 127.1 bobo.7wyt.com
      O1 - Hosts: 127.1 www.591caobi.cn
      O1 - Hosts: 127.1 www.hrz008.cn
      O1 - Hosts: 127.1 asp-15.cn
      O1 - Hosts: 127.1 asp-12.cn
      O1 - Hosts: 127.1 www.jb88.net
      O1 - Hosts: 127.1 6.a88a.com
      O1 - Hosts: 127.1 w.b2c3.cn
      O1 - Hosts: 127.1 m.c5x8.com
      O1 - Hosts: 127.1 www.518sfw.cn
      O1 - Hosts: 127.1 www.jjyyzmj.cn
      O1 - Hosts: 127.1 u.cnmrx.net
      O1 - Hosts: 127.1 duowan.czm.cn
      O1 - Hosts: 127.1 xccxcxcxcxcx.cn
      O1 - Hosts: 127.1 google-yahoo.org.cn
      O1 - Hosts: 127.1 tudou-net.org.cn
      O1 - Hosts: 127.1 downloads.zango.com
      O1 - Hosts: 127.1 ftp.surfnet.nl
      O1 - Hosts: 127.1 bis.180solutions.com
      O1 - Hosts: 127.1 installs.hotbar.com
      O1 - Hosts: 127.1 www.hbdownloads.com
      O1 - Hosts: 127.1 static.zangocash.com
      O1 - Hosts: 127.1 www.qq-songli.cn
      O1 - Hosts: 127.1 aa.9234.net
      O1 - Hosts: 127.1 www.97love.info
      O1 - Hosts: 127.1 97love.info
      O1 - Hosts: 127.1 www.zyzhuiku.cn
      O1 - Hosts: 127.1 zyzhuiku.cn
      O1 - Hosts: 127.1 www.lang18.com
      O1 - Hosts: 127.1 lang18.com
      O1 - Hosts: 127.1 sao6666.com
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
      O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
      O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
      O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
      O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
      O4 - HKLM\..\Run: [HBService32] System.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      23 Ekim 2008 22:06:02

      quote:

      Orjinalden alıntı: Tekos

      @Serji, yardımlarınız için tşk ederim.Bunların hepsini teker teker araştırıp öğrenebilecek vaktim yokdu ama sizin bu konudaki deneyimleriniz bana çok yardımcı oldu.Dediğiniz işlemleri yaptım tekrardan log dosyalarını gonderin demişsiniz gonderiyorum.

      Sorunlar cozulmuse benziyor. Simdi virusleri devre disi biraktik. Sira temizlemeye geldi.

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      23 Ekim 2008 22:09:29

      quote:

      Orjinalden alıntı: onurg82

      merhaba hocam kolay gelsin.benim log file budur :

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.13.1.24:8080
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;10.13*;<local>
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
      2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
      O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
      O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\Software\..\Telephony: DomainName = bcnet.com
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcnet.com
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcnet.com
      O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_1x8.dll


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      NOT: Fixten sonra bir HJT logu daha gonderir misin. Sistemde virus var emin olmak istiyorum temizlendiginden.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      23 Ekim 2008 22:12:45

      quote:

      Orjinalden alıntı: ibokozan

      serji abi benim liste 92. sayafada kaldı lütfen yardımcı ol :) benden sonra gelenlere yardım etmişsin. sanırım gözünden kaçtım abi ya lütfen......

      sayfanin en basina bak. Bu sayfaya goreceksin. Gozumden kacmadi cevapladim


      quote:

      Orjinalden alıntı: cordor

      Merhaba, öncelikle tekrar bizlere yardımcı olmaya çalıştığın için teşekkür ederim. Yaklaşık on dakika önce Avast "amvo.exe" diye bir truva atı buldu. Daha sonra mevcut dosyayı, dikkatlice dos ortamında kaldırdım, gerekli regedit temizliğini de yaptım. Ancak format atmamın 2.gününde böyle bir şey yaşadığım için ve PC güvenliğimin önemli olması nedeniyle sizden bir Hijack loglarımı kontrol etmenizi rica edeceğim. Tekrar teşekkür ederim.

      Ve bu mesajı yazarken, tekrardan bir uyarı aldım AMVO1.DLL olarak :)


      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      Amvo virusunden dolayidir. Daha sonra asagidaki islemleri yapip virusu temizleyelim. Temizledikten sonra koruma islemlerini de yapariz.


      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      23 Ekim 2008 22:15:35

      quote:

      Orjinalden alıntı: linkin_park20

      serji kolay gelsin sayende bilgisayar nefes aldı. acaba önerdigin antivirüs programı var mı?

      Tesekkurler Linkinpark. Ben bitdefender kullaniyorum ve tavsiye ederim. Total Security 2009 versiyonunu kurarsan herhangi bir ekstra guvenlik duvari vs kurmana gerek kalmaz. Koruma icin gerekli tum bilesenleri iceriyor. Onun disinda Avira da kullanabilirsin.


      quote:

      Orjinalden alıntı: Engin.K

      Bilgisayar son 1 haftadır acayip yavaşladı dosyada youtube ile ilgili şeyler göreceksiniz onlar uzun zamandır var daha önce böyle yavas degildi o youtube için dns çözücü ama eger zararlı diyorsanız kaldırayım

      Buyuk bir sorun gozukmuyor fakat internet yavasligi proxy'den dolayi olabilir. Sorun fixtensonra da cozulmezse diger adimlari uygulayin.

      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080 
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      23 Ekim 2008 22:18:09

      quote:

      Orjinalden alıntı: avcihuan

      @serji merhaba,

      söylediğin şekilde programı çalıştırdım ve çıkan sonuç aşağıda

      yardımcı olabilirsen sevinirim, kolay gelsin...



       
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
      O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
      O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


      Kolay eglsin.


      _____________________________

    • Yüzbaşı
      669 Mesaj
      24 Ekim 2008 03:25:08
      Tekrar merhaba, dediğiniz işlemleri sırasına uyarak uyguladım. İstediğiniz log aşağıda ;

      ComboFix 08-10-23.03 - Q 2008-10-24  3:17:52.6 - NTFSx86 
      Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1641 [GMT 3:00]
      Running from: C:\Documents and Settings\Q\Desktop\ComboFix.exe
      * Created a new restore point

      [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
      .

      ((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
      .

      2008-10-24 02:54 . 2008-06-14 20:59 272,000 --------- C:\WINDOWS\system32\drivers\bthport.sys
      2008-10-24 02:54 . 2008-06-14 20:59 272,000 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
      2008-10-24 02:52 . 2008-08-14 16:44 2,182,272 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      2008-10-24 02:52 . 2008-08-14 16:44 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      2008-10-24 02:52 . 2008-08-14 16:44 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      2008-10-24 02:52 . 2008-08-14 16:44 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      2008-10-24 02:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
      2008-10-24 02:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
      2008-10-24 02:24 . 2008-10-24 02:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
      2008-10-23 14:45 . 2008-10-23 14:55 <DIR> d-------- C:\Program Files\Dracula Virüs Temizleyici
      2008-10-23 14:33 . 2008-01-14 20:34 241 --a------ C:\WINDOWS\system32\gizliaktifolsun.bat
      2008-10-23 14:33 . 2008-01-14 20:34 241 --a------ C:\gizliaktifolsun.bat
      2008-10-23 02:02 . 2008-10-23 02:02 103,570 -r-hs---- C:\je26200.com
      2008-10-22 22:59 . 2008-10-22 22:59 <DIR> d-------- C:\Documents and Settings\Q\Application Data\GRETECH
      2008-10-22 22:59 . 2008-10-22 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
      2008-10-22 22:58 . 2008-10-22 22:58 <DIR> d-------- C:\Program Files\GRETECH
      2008-10-22 02:55 . 2005-11-30 21:20 2,314,332 --------- C:\WINDOWS\system32\LIBMMD.DLL
      2008-10-22 02:55 . 2000-05-21 22:00 1,066,176 --------- C:\WINDOWS\system32\mscomctl.ocx
      2008-10-22 02:55 . 1998-06-23 22:00 609,584 --------- C:\WINDOWS\system32\comctl32.ocx
      2008-10-22 02:55 . 2001-03-13 11:49 120,320 --------- C:\WINDOWS\system32\comdlg32.ocx
      2008-10-22 02:55 . 2000-05-22 15:58 115,920 --------- C:\WINDOWS\system32\msinet.ocx
      2008-10-22 01:28 . 2008-10-22 12:39 <DIR> d-------- C:\Documents and Settings\Q\Application Data\Lavasoft
      2008-10-22 01:25 . 2008-10-22 01:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
      2008-10-22 01:25 . 2008-10-22 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
      2008-10-21 16:41 . 2008-10-23 14:06 53,248 --------- C:\WINDOWS\system32\apache.dll
      2008-10-21 01:57 . 2008-10-22 01:41 <DIR> d-------- C:\Documents and Settings\Q\Contacts
      2008-10-21 01:57 . 2008-10-21 01:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
      2008-10-21 01:36 . 2008-10-21 01:36 <DIR> d---s---- C:\Documents and Settings\Q\UserData

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-23 23:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
      2008-10-23 23:49 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
      2008-10-23 23:24 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
      2008-10-23 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-10-23 23:18 --------- d-----w C:\Documents and Settings\Q\Application Data\Hamachi
      2008-10-23 22:29 --------- d-----w C:\Program Files\FlashGet
      2008-10-23 14:01 --------- d-----w C:\Documents and Settings\Q\Application Data\Xfire
      2008-10-23 10:18 --------- d-----w C:\Program Files\Xfire
      2008-10-22 09:40 --------- d-----w C:\Program Files\Windows Live
      2008-10-22 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-10-21 00:17 --------- d-----w C:\Program Files\Hamachi
      2008-10-21 00:16 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
      2008-10-20 23:43 22,328 ----a-w C:\Documents and Settings\Q\Application Data\PnkBstrK.sys
      2008-10-20 23:37 --------- d-----w C:\Program Files\Activision
      2008-10-20 23:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
      2008-10-20 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
      2008-10-20 22:46 --------- d-----w C:\Program Files\Realtek
      2008-10-20 22:34 --------- d-----w C:\Program Files\Creative
      2008-10-20 22:29 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-10-20 22:18 --------- d-----w C:\Program Files\Teamspeak2_RC2
      2008-10-20 22:17 --------- d-----w C:\Program Files\RivaTuner v2.06
      2008-10-20 22:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
      2008-10-20 22:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
      2008-10-20 22:11 --------- d-----w C:\Program Files\Winamp
      2008-10-20 22:11 --------- d-----w C:\Documents and Settings\Q\Application Data\DAEMON Tools
      2008-10-20 22:10 --------- d-----w C:\Program Files\MSXML 6.0
      2008-10-20 22:10 --------- d-----w C:\Program Files\Microsoft IntelliPoint
      2008-10-20 22:09 --------- d-----w C:\Program Files\NVIDIA Corporation
      2008-10-20 22:09 --------- d-----w C:\Documents and Settings\Q\Application Data\Ahead
      2008-10-20 22:08 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-10-20 22:08 --------- d-----w C:\Program Files\Common Files\Ahead
      2008-10-20 22:08 --------- d-----w C:\Program Files\Ahead
      2008-10-20 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
      2008-10-20 21:48 --------- d-----w C:\Program Files\AGEIA Technologies
      2008-10-20 21:46 --------- d-----w C:\Program Files\Intel
      2008-10-20 21:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
      2008-10-20 21:40 --------- d-----w C:\Documents and Settings\Q\Application Data\InstallShield
      2008-10-20 21:39 --------- d-----w C:\Program Files\Gigabyte
      2008-10-20 21:37 --------- d-----w C:\Program Files\Alwil Software
      2008-10-20 21:30 --------- d-----w C:\Program Files\microsoft frontpage
      2008-10-09 00:47 42,320 ------w C:\WINDOWS\system32\xfcodec.dll
      2008-09-15 15:39 1,846,016 ------w C:\WINDOWS\system32\win32k.sys
      2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      2008-08-20 05:37 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
      2008-08-14 13:44 2,138,112 ------w C:\WINDOWS\system32\ntoskrnl.exe
      2008-08-14 13:44 2,017,792 ------w C:\WINDOWS\system32\ntkrnlpa.exe
      2008-08-06 04:51 453,152 ------w C:\WINDOWS\system32\NVUNINST.EXE
      2008-08-01 08:05 70,936 ------w C:\WINDOWS\system32\PhysXLoader.dll
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-15 13570048]
      "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-15 86016]
      "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
      "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 2650112]
      "nwiz"="nwiz.exe" [2008-08-15 C:\WINDOWS\system32\nwiz.exe]
      "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoDesktopCleanupWizard"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "VIDC.XFR1"= xfcodec.dll
      "msacm.divxa32"= msaud32_divx.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
      --a------ 2008-08-08 15:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
      --a------ 2007-09-25 11:10 2007088 C:\Program Files\FlashGet\flashget.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
      --------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
      --a------ 2007-07-03 12:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
      --a------ 2007-02-13 21:29 35328 C:\Program Files\Winamp\winampa.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
      "wuauserv"=2 (0x2)
      "wscsvc"=2 (0x2)

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\FlashGet\\flashget.exe"=
      "C:\\Program Files\\Xfire\\xfire.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
      "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
      "D:\\TQ\\2\\Tqit.exe"=
      "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

      R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
      R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
      R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-28 98304]
      R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-11-27 437760]
      S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 173632]
      S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a925689-9efa-11dd-b1dc-0019cb852095}]
      \Shell\AutoRun\command - I:\je26200.com
      \Shell\explore\Command - I:\je26200.com
      \Shell\open\Command - I:\je26200.com

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb1f691e-a0f5-11dd-b1e2-0019cb852095}]
      \Shell\AutoRun\command - F:\cqdis.cmd
      \Shell\explore\Command - F:\cqdis.cmd
      \Shell\open\Command - F:\cqdis.cmd
      .
      .
      ------- Supplementary Scan -------
      .
      FireFox -: Profile - C:\Documents and Settings\Q\Application Data\Mozilla\Firefox\Profiles\iynd2gr9.default\
      FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.tr/
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-24 03:18:49
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      Completion time: 2008-10-24 3:19:09
      ComboFix-quarantined-files.txt 2008-10-24 00:19:07
      ComboFix2.txt 2008-10-24 00:13:30
      ComboFix3.txt 2008-10-23 11:37:06
      ComboFix4.txt 2008-10-21 22:22:09
      ComboFix5.txt 2008-10-24 00:17:35

      Pre-Run: 88.220.487.680 bayt boş
      Post-Run: 88,208,941,056 bayt boş

      177 --- E O F --- 2008-10-24 00:05:56




      İlginiz ve alakanız için çok teşekkür ederim.


      _____________________________

    • Teğmen
      176 Mesaj
      24 Ekim 2008 04:00:32
      quote:

      Orjinalden alıntı: serji

      Sisteme cok ciddi virus bulasmis. Temizledikten sonra tekrar bulasmamasi icin bir kac onlem alacagiz. Bu arada mesaji duzenleyip O20'li satiri siler misin? Sayfayi uzatiyor da





      dostum aynen dediğin gibi yaptım.. fakat o işlemi yaparken bi tane müşteri vardı ve işlemi yaptığım pc de ağa bağlıydı.. ilk gönderdiğim log daki hosts diye başlayan satırlar gitti yerine başkaları geldi.. bende anamakina dahil bütün pc leri ağdan çıkarttım sadece işlem yaptıım makina ağda olduu halde işlemi uyguladım.. daha sonra herşeyi normala çevirip anamakida nete bağlandım.. ve aldığım log aşağıdaki gibi... pek anlamıyorum ama ilk gönderdiğime bakarsak sanırım işe yaradı şimdiden çok çok teşekkür ederim sana... şimdi yatıcam ve emin ol senin için de dua edicm..

      bu arada sana özel msj atmıştım... vaktin olurda okursan çok sevinirim... sağlıcakla kal...


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 03:56:00, on 24.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Vtune\TBPanel.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\WINDOWS\system32\filtre.exe
      C:\Program Files\DAEMON Tools Lite\daemon.exe
      C:\WINDOWS\system32\csrsm.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr
      O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [Filtre] C:\WINDOWS\system32\filtre.exe
      O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
      O4 - HKLM\..\Run: [HBService32] SYSTEM.EXE
      O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: Bmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,
      HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,
      HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
      HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,
      HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
      O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
      O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
      O23 - Service: CafePlusServiceMain - Unknown owner - C:\Program Files\AKINSOFT\Cplus7\Client7\cplusinject.exe
      O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

      --
      End of file - 3535 bytes



      < Bu mesaj bu kişi tarafından değiştirildi vampoo -- 24 Ekim 2008; 3:59:45 >
      _____________________________





      İmzam gural dışıymış...
    • Emekli Yönetici
      8906 Mesaj
      24 Ekim 2008 17:20:57

      quote:

      Orjinalden alıntı: cordor

      Tekrar merhaba, dediğiniz işlemleri sırasına uyarak uyguladım. İstediğiniz log aşağıda ;
      İlginiz ve alakanız için çok teşekkür ederim.

      Rica ederim.

      Perlovga Removal Tool adlı programı masaüstünüze indirin.

      http://www.guvenlikuzma...om/dosyalar/perlovga.exe

      Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.

      * Bilgisayarınızı taramak için Bitdefender Çevrimiçi Tarama açın.

      http://www.bitdefender.com/scan8/ie.html

      * I agree ve sonra da Scan tıklayın. (Ayarları değiştirmeyin)
      * Tarama bittikten sonra Detected Problems sekmesini tıklayın ve Click here to export the scan report.
      * Raporu HTML olarak kaydettikten sonra mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      24 Ekim 2008 17:28:14
      quote:

      Orjinalden alıntı: vampoo
      dostum aynen dediğin gibi yaptım.. fakat o işlemi yaparken bi tane müşteri vardı ve işlemi yaptığım pc de ağa bağlıydı.. ilk gönderdiğim log daki hosts diye başlayan satırlar gitti yerine başkaları geldi.. bende anamakina dahil bütün pc leri ağdan çıkarttım sadece işlem yaptıım makina ağda olduu halde işlemi uyguladım.. daha sonra herşeyi normala çevirip anamakida nete bağlandım.. ve aldığım log aşağıdaki gibi... pek anlamıyorum ama ilk gönderdiğime bakarsak sanırım işe yaradı şimdiden çok çok teşekkür ederim sana... şimdi yatıcam ve emin ol senin için de dua edicm..

      bu arada sana özel msj atmıştım... vaktin olurda okursan çok sevinirim... sağlıcakla kal...

      Bunlari Tekrar fixleyip yeniden baslat.

      O20 - AppInit_DLLs: Bmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll, 
      HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,
      HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
      HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,
      HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
      O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
      O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
      O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll

      Daha sonra:

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.

      NOT: Bu aradaozel mesaji da cevapladim.


      _____________________________

    • Yüzbaşı
      669 Mesaj
      24 Ekim 2008 21:36:44
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe



      Yukarda belirttiğiniz codeları silmem gerekiyor mu? Yani Fix işlemi yapmalı mıyım? Yolladığınız mesajda bunu göremedim, ama diğer arkadaşlara gönderdiğiniz böyle satırları fixlemenin gerekliliğinden bahsetmişsiniz.





      < Bu mesaj bu kişi tarafından değiştirildi cordor -- 24 Ekim 2008; 21:38:54 >
      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      24 Ekim 2008 22:19:05

      quote:

      Orjinalden alıntı: cordor
      Yukarda belirttiğiniz codeları silmem gerekiyor mu? Yani Fix işlemi yapmalı mıyım? Yolladığınız mesajda bunu göremedim, ama diğer arkadaşlara gönderdiğiniz böyle satırları fixlemenin gerekliliğinden bahsetmişsiniz.

      Evet o satirlar fixlenmesi gerekenler.


      _____________________________

    • Yüzbaşı
      669 Mesaj
      24 Ekim 2008 23:12:51
      Belirttiğiniz satırlar fixlendi. Gereken tarama işlemi yapıldı ve burada html olarak kayıdı bulunmakta.

      ilgili link ;

      http://rapid-share.com/files/157209772/aa.html

      aradaki çizgiyi kaldırmanız yeterli olacaktır.

      Saygılar ve Teşekkürler.


      _____________________________

    • Er
      6 Mesaj
      24 Ekim 2008 23:38:27
      merhaba serji,
      benim sorunum google otamatik olarak sayfa açıyor.ayrıca bekleme pozisyonumda bilgisayarım kendilinden açılıyor.
      yardımların için şimdiden teşekkürler.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 23:17:32, on 24.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\tp4serv.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
      C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
      C:\WINDOWS\VM_STI.EXE
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
      C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Documents and Settings\Cosar\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/...tp=aus&qkw=%s&tbid=60446
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetevatan.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/...ustomize.aspx?TbId=60446
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/...ustomize.aspx?TbId=60446
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = brightly92@yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
      O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
      O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
      O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\Run: [34401059] rundll32.exe "C:\WINDOWS\system32\khjdynqs.dll",b
      O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Cosar\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070904\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Cosar\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070904\Setup.exe" "/REALUPREBOOT /temp /patched"
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
      O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O13 - FTP Prefix: http://
      O13 - Gopher Prefix: http://
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook....cebookPhotoUploader5.cab
      O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.co...ib/JaguarEditControl.CAB
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com...2/resources/MSNPUpld.cab
      O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.c...riverDiagnosticsxp2k.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1182829907478
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...atsPAClient.cab56907.cab
      O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com....ib/JaguarEdit4ISBv27.CAB
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.m...MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{45855398-EA33-4874-B96A-CA6EC32D2EC6}: NameServer = 195.175.39.40,195.175.39.39
      O20 - AppInit_DLLs: btqzaz.dll
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Otomatik LiveUpdate Zamanlayıcı (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

      --
      End of file - 9512 bytes



      _____________________________

    • Teğmen
      220 Mesaj
      25 Ekim 2008 01:37:39
      1 haftadır kendiliğinden saçma sapan uyarı penceleri çıkıyor,mesela video dosyalarının olduğu klasörü açınca. bu akşam da harici hdd içindeki film dosyalarını görmemeye başladım.görülen dosyalarda da değişiklik yapamıyorum.sanırım virüs yedim ,eset smart security business edition yüklemiştim en son,ondan önce normal versiyonu yüklüydü(denem sürümü) ve gayet iyi koruyordu sanırım yani hiç sorun yoktu,bu versiyonu yükledikten sonra ardı ardına sorunlar belirdi.yardımcı olursanız çok sevinirim.


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 01:27:39, on 25.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\Program Files\Acer\Acer Arcade\PCMService.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\lvcomsx.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Program Files\ESET\ESET Smart Security\egui.exe
      C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32Info.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FLASHGET\jccatch.dll
      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
      O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\PROGRA~1\FLASHGET\getflash.dll
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
      O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 1
      O4 - HKLM\..\Run: [Acer ePresentation HPD] C:\Acer\Empowering Technology\ePresentation\ePresentation.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      O4 - HKLM\..\Run: [Boot] C:\Acer\Empowering Technology\ePower\Boot.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [ImageItEncrypt] C:\WINDOWS\system32\ImageItEncrypt.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [BitComet] C:\Program Files\BitComet\BitComet.exe /tray
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Send to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
      O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
      O15 - Trusted IP range: http://213.139.255.68
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com....ib/JaguarEdit4ISBv27.CAB
      O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://www.radyotvonline.com/play/ampx_en_dl.cab
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
      O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
      O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
      O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe

      --
      End of file - 9428 bytes




      _____________________________

      [/link][link=http://forum.donanimhaber.com/m_88405016/f_//tm.htm
    • Teğmen
      154 Mesaj
      25 Ekim 2008 04:13:15
      bu güzel çalışma için teşekkürler
      internet download hızından şikayetçiyim pc de bir sorunmu var sizce:


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 04:08:26, on 25.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\Ati2evxx.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\system32\wscntfy.exe
      C:\Program Files\Winamp\winampa.exe
      C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
      C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
      C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
      C:\Program Files\Daemon\daemon.exe
      C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      C:\Program Files\POP Peeper\POPPeeper.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      C:\Program Files\HyperSnap 6\HprSnap6.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
      C:\Documents and Settings\neovopc\Belgelerim\Downloads\Programs\HiJackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [GBB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
      O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
      O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\Daemon\daemon.exe" -lang 1033
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
      O4 - HKLM\..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio SE DVD\uvPL.exe
      O4 - HKCU\..\Run: [POP Peeper] "C:\Program Files\POP Peeper\POPPeeper.exe" -min
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
      O4 - Global Startup: HyperSnap 6.lnk = C:\Program Files\HyperSnap 6\HprSnap6.exe
      O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1220646030112
      O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.micro...b_site.cab?1220654263671
      O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macr...e/cabs/flash/swflash.cab
      O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
      O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
      O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
      O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
      O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

      --
      End of file - 8315 bytes



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 10:39:39

      quote:

      Orjinalden alıntı: cordor

      Belirttiğiniz satırlar fixlendi. Gereken tarama işlemi yapıldı ve burada html olarak kayıdı bulunmakta.

      ilgili link ;

      http://rapid-share.com/files/157209772/aa.html

      aradaki çizgiyi kaldırmanız yeterli olacaktır.

      Saygılar ve Teşekkürler.

      Simdi bir HJT logu daha gonderir misiniz? Ayrica sorunlar hala devam ediyor mu?


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 10:42:05

      quote:

      Orjinalden alıntı: kartald80

      merhaba serji,
      benim sorunum google otamatik olarak sayfa açıyor.ayrıca bekleme pozisyonumda bilgisayarım kendilinden açılıyor.
      yardımların için şimdiden teşekkürler.

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60446 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gazetevatan.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60446
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_customize.aspx?TbId=60446
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = brightly92@yahoo.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [34401059] rundll32.exe "C:\WINDOWS\system32\khjdynqs.dll",b
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-18 Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'SYSTEM')
      O4 - .DEFAULT Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe (User 'Default user')
      O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
      O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O13 - FTP Prefix: http://
      O13 - Gopher Prefix: http://
      O20 - AppInit_DLLs: btqzaz.dll


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      Daha sonra bir log daha gonder


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 10:44:27

      quote:

      Orjinalden alıntı: mr_daw666

      1 haftadır kendiliğinden saçma sapan uyarı penceleri çıkıyor,mesela video dosyalarının olduğu klasörü açınca. bu akşam da harici hdd içindeki film dosyalarını görmemeye başladım.görülen dosyalarda da değişiklik yapamıyorum.sanırım virüs yedim ,eset smart security business edition yüklemiştim en son,ondan önce normal versiyonu yüklüydü(denem sürümü) ve gayet iyi koruyordu sanırım yani hiç sorun yoktu,bu versiyonu yükledikten sonra ardı ardına sorunlar belirdi.yardımcı olursanız çok sevinirim.

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.

      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 10:49:19

      quote:

      Orjinalden alıntı: ademcell

      bu güzel çalışma için teşekkürler
      internet download hızından şikayetçiyim pc de bir sorunmu var sizce:

      Ortalama download hiziniz ne kadar? Bunlarin disinda download hizini artiran bir kac ufak tuyo daha var.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe



      _____________________________

    • Er
      6 Mesaj
      25 Ekim 2008 11:59:46
      serji merhaba,
      beirttiğiniz işlemleri uyguladıktan sonra aldığım log aşağıda. umarım başarmışımdır.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:53:45, on 25.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\ibmpmsvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Windows Defender\MsMpEng.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      C:\WINDOWS\system32\HPZipm12.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\tp4serv.exe
      C:\WINDOWS\System32\igfxtray.exe
      C:\WINDOWS\System32\hkcmd.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
      C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Cosar\Desktop\HiJackThis.exe

      O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
      O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: {99bc6263-4769-67b9-3954-57ae1c31a65f} - {f56a13c1-ea75-4593-9b76-96743626cb99} - C:\WINDOWS\system32\btqzaz.dll
      O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
      O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
      O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
      O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
      O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
      O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
      O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton AntiVirus\osCheck.exe"
      O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
      O4 - HKLM\..\RunOnce: [SymLnch] "C:\Documents and Settings\Cosar\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070904\Support\SymLnch\SymLnch.exe" "C:\Documents and Settings\Cosar\Application Data\Symantec\Layouts\Norton AntiVirus\15.0\SymAllLanguages\NAVCD_RETAIL\20070904\Setup.exe" "/REALUPREBOOT /temp /patched"
      O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'Default user')
      O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook....cebookPhotoUploader5.cab
      O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) - https://sube.garanti.co...ib/JaguarEditControl.CAB
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com...2/resources/MSNPUpld.cab
      O16 - DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} (DeviceEnum Class) - http://h20264.www2.hp.c...riverDiagnosticsxp2k.cab
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1182829907478
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...atsPAClient.cab56907.cab
      O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com....ib/JaguarEdit4ISBv27.CAB
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.m...MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{45855398-EA33-4874-B96A-CA6EC32D2EC6}: NameServer = 195.175.39.40,195.175.39.39
      O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      O23 - Service: Otomatik LiveUpdate Zamanlayıcı (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
      O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
      O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

      --
      End of file - 6946 bytes



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 13:06:27

      quote:

      Orjinalden alıntı: kartald80

      serji merhaba,
      beirttiğiniz işlemleri uyguladıktan sonra aldığım log aşağıda. umarım başarmışımdır.

      Cok guzel. Buyuk kismini hallettik isin. Asagidaki satiri da fixledikten sonra yeniden baslat ve:
      O2 - BHO: {99bc6263-4769-67b9-3954-57ae1c31a65f} - {f56a13c1-ea75-4593-9b76-96743626cb99} - C:\WINDOWS\system32\btqzaz.dll 


      The Avenger adlı programı masaüstünüze indirin.

      http://www.guvenlikuzma...com/dosyalar/avenger.exe

      1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.

      Files to delete: 
      C:\WINDOWS\system32\btqzaz.dll
      C:\WINDOWS\system32\khjdynqs.dll


      2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

      * Load Script altında Paste from Clipboard seçin.
      * Execute butonuna basın.
      * Program soru sorarsa Evet tıklayın.

      3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
      4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
      5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin

      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


      _____________________________

    • Binbaşı
      1328 Mesaj
      25 Ekim 2008 17:26:22
      Selamlar;öncelikle emeği geçen herkese çok teşekkürler...

      Yaklaşık 1 hafta önce,bilgisayarım problemsiz çalışıyordu.Geçen gün 1 program yükledim,D sürücüsünü tarattım.Aman yarabbim D sürücüsünde klasörlerdeki herşey duruyor,fakat direkt D sürücüsünde bulunan nesnelerin hepsi silinmişti.Bu olaydan önce acronis true image ile bilgisayarımın image'ını problem yüklüyordum.
      Olaydan sonra bilgisayara format attım C ve D her ikisine de;HDD'im 120gb.
      C sürücüsünü 10gb,D sürücüsünü 110gb ayarladım.Format bitti image almaya sıra geldi ve hata uyarısı geldi,işte bilmem kacıncı sektörde bilmemne var gibisinden.Ben bilgisayarı actım ve bad sector taraması yaptırmak geldi aklıma,yüzeysel taramada hicbişi bulunmamasına ragmen,derin taramada 9 adet bad sector bulundu.
      Hemen belirtmeliyim HDD hicbir fiziksel temasa mağruz kalmadı.Zaten stabil calısıyordu.Hala stabil calısıyor anormal bir ses yok HDD'te!

      Bende hirens boot cd aracılıgıyla,HD Regenarator programını kullanarak duzeltmeye calıstım ama nafile,düzelmedi.

      Şimdi işin en can alıcı kısmına geliyoruz.Her 2 sürücüyüde bicimlendirmedim fakat,C sürücüsüne 10gb'tan yüksek deger veremiyorum.



      Lanet olsun o programa nereden indridim de kurdum basıma neler geldi yaaaa...

      Herneyse bugün tarattırdım ve bilgisayarımda bolbol rootkit ve benzeri şeyler cıktı.
      Bende Low Level Format atmadan evvel size danısmak istedim.

      Rootkit dısında yukarıda belirttigim problemimin baska bir çözümü de bulunabilir mi acaba?

      Şimdiden teşekkürler...


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:12:38, on 25.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\USB Disk Security\USBGuard.exe
      C:\WINDOWS\CameraFixer.exe
      C:\WINDOWS\tsnpstd3.exe
      C:\WINDOWS\vsnpstd3.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\RootkitRevealer.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdown...manager.com/welcome.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
      O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
      O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
      O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [Set Visual Effects] SetVisualEffects.exe /silent (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISDSASQOFE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ISDSASQOFE.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
      O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

      --
      End of file - 5561 bytes



      _____________________________

    • Yüzbaşı
      734 Mesaj
      25 Ekim 2008 18:09:31
      benimki de aşağıdaki gibi yardımcı olabilirseniz sevineceğim

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 18:03:42, on 25.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\ccs.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\AGRSMMSG.exe
      C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      C:\Program Files\Compaq\EAB\EABSERVR.EXE
      C:\Program Files\Compaq\Hotkey Software\hkss.exe
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\wscntfy.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Oturum Açma Yardim Araci - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
      O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
      O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
      O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\Compaq\EAB\EABSERVR.EXE /Start
      O4 - HKLM\..\Run: [hkss] C:\Program Files\Compaq\Hotkey Software\hkss.exe
      O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Free Download Manager ile indir - file://C:\Program Files\Free Download Manager\dllink.htm
      O8 - Extra context menu item: Free Download Manager ile seçileni indir - file://C:\Program Files\Free Download Manager\dlselected.htm
      O8 - Extra context menu item: Free Download Manager ile tümünü indir - file://C:\Program Files\Free Download Manager\dlall.htm
      O8 - Extra context menu item: Videoyu Free Download Manager ile indir - file://C:\Program Files\Free Download Manager\dlfvideo.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
      O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook....cebookPhotoUploader5.cab
      O16 - DPF: {4788DE0A-3552-49EA-AC8C-233DA52523B9} (AxLoaderPassword Class) - http://www.blackberry.c...icesoftware/AxLoader.cab
      O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com...2/resources/MSNPUpld.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.m...atsPAClient.cab56907.cab
      O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.com....ib/JaguarEdit4ISBv27.CAB
      O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Ad-Aware 2007\aawservice.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: Cisco Configuration Service (CCS) - Unknown owner - C:\WINDOWS\system32\ccs.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: hpdj - HP - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hpdj.exe
      O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

      --
      End of file - 5032 bytes


      _____________________________

      Peugeot 5008 Premium Pack Auto6R 2011 / Samsung Galaxy S7 EDGE / Samsung 46C750 LCD 3D / Lenovo G510 i5 U4200 / Next 5035 VR+ 5.0'' Navigasyon Cihazı
    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 18:36:51

      quote:

      Orjinalden alıntı: bodur

      Selamlar;öncelikle emeği geçen herkese çok teşekkürler...

      Yaklaşık 1 hafta önce,bilgisayarım problemsiz çalışıyordu.Geçen gün 1 program yükledim,D sürücüsünü tarattım.Aman yarabbim D sürücüsünde klasörlerdeki herşey duruyor,fakat direkt D sürücüsünde bulunan nesnelerin hepsi silinmişti.Bu olaydan önce acronis true image ile bilgisayarımın image'ını problem yüklüyordum.
      Olaydan sonra bilgisayara format attım C ve D her ikisine de;HDD'im 120gb.
      C sürücüsünü 10gb,D sürücüsünü 110gb ayarladım.Format bitti image almaya sıra geldi ve hata uyarısı geldi,işte bilmem kacıncı sektörde bilmemne var gibisinden.Ben bilgisayarı actım ve bad sector taraması yaptırmak geldi aklıma,yüzeysel taramada hicbişi bulunmamasına ragmen,derin taramada 9 adet bad sector bulundu.
      Hemen belirtmeliyim HDD hicbir fiziksel temasa mağruz kalmadı.Zaten stabil calısıyordu.Hala stabil calısıyor anormal bir ses yok HDD'te!

      Bende hirens boot cd aracılıgıyla,HD Regenarator programını kullanarak duzeltmeye calıstım ama nafile,düzelmedi.

      Şimdi işin en can alıcı kısmına geliyoruz.Her 2 sürücüyüde bicimlendirmedim fakat,C sürücüsüne 10gb'tan yüksek deger veremiyorum.



      Lanet olsun o programa nereden indridim de kurdum basıma neler geldi yaaaa...

      Herneyse bugün tarattırdım ve bilgisayarımda bolbol rootkit ve benzeri şeyler cıktı.
      Bende Low Level Format atmadan evvel size danısmak istedim.

      Rootkit dısında yukarıda belirttigim problemimin baska bir çözümü de bulunabilir mi acaba?

      Şimdiden teşekkürler...

      C'ye 10 gb fazla veremiyorum derken hangi programla deniyorsunuz bunu yapmayi? Ve hatayi soylerseniz belki daha cok yardimci olabilirim. Rootkitten ziyade master boot records'da sorun olusmus olabilir. XP CD'sinden kurtarma konsolunnu calistirip fixmbr ve fixboot komutlarini calistirmak ise yarayabilir.
      quote:

      Orjinalden alıntı: auzdil

      benimki de aşağıdaki gibi yardımcı olabilirseniz sevineceğim

      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe" 
      O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Windows Live Oturum Açma Yardim Araci - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\swg.dll
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL


      Bu arada bilgisayarda HP ile baglantili herhangi bir donanim var mi?


      _____________________________

    • Er
      6 Mesaj
      25 Ekim 2008 18:51:03
      Logfile of The Avenger Version 2.0, (c) by Swandog46
      http://swandog46.geekstogo.com

      Platform: Windows XP

      *******************

      Script file opened successfully.
      Script file read successfully.

      Backups directory opened successfully at C:\Avenger

      *******************

      Beginning to process script file:

      merhaba serji
      avenger tarama sonrası oluşan log aşağıda.Rootkit scan active.
      No rootkits found!

      File "C:\WINDOWS\system32\btqzaz.dll" deleted successfully.

      Error: file "C:\WINDOWS\system32\khjdynqs.dll" not found!
      Deletion of file "C:\WINDOWS\system32\khjdynqs.dll" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Completed script processing.

      *******************

      Finished! Terminate.



      _____________________________

    • Er
      6 Mesaj
      25 Ekim 2008 19:08:39
      serji
      malware tarama sonuçları aşagida
      iyi akşamlar

      Malwarebytes' Anti-Malware 1.30
      Veritabanı versiyonu: 1316
      Windows 5.1.2600 Service Pack 3

      25.10.2008 19:01:56
      mbam-log-2008-10-25 (19-01-56).txt

      Tarama şekli: Hızlı Tarama
      Taranmış nesneler: 50902
      Geçen zaman: 8 minute(s), 42 second(s)

      Etkilenmiş Hafıza İşlemleri: 0
      Etkilenmiş Hafıza Modülleri: 0
      Etkilenmiş Kayıt Anahtarları: 2
      Etkilenmiş Kayıt Değerleri: 0
      Etkilenmiş Kayıt Veri Dosyaları: 0
      Etkilenmiş Klasörler: 0
      Etkilenmiş Dosyalar: 0

      Etkilenmiş Hafıza İşlemleri:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Hafıza Modülleri:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Kayıt Anahtarları:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted successfully.
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Track System (Trojan.Vundo) -> Quarantined and deleted successfully.

      Etkilenmiş Kayıt Değerleri:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Kayıt Veri Dosyaları:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Klasörler:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Dosyalar:
      (Tehlikeli nesne bulunmadı)



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 19:13:37

      quote:

      Orjinalden alıntı: kartald80
      merhaba serji
      avenger tarama sonrası oluşan log aşağıda

      Cok guzel. Sona yaklastik. Su anda zaten gozle gorulur bir degisme olmasi lazim sistemde. Sorunlar devam ediyor mu?

      * Bilgisayarınızı taramak için Bitdefender Çevrimiçi Tarama açın.

      http://www.bitdefender.com/scan8/ie.html

      * I agree ve sonra da Scan tıklayın. (Ayarları değiştirmeyin)
      * Tarama bittikten sonra Detected Problems sekmesini tıklayın ve Click here to export the scan report.
      * Raporu HTML olarak kaydettikten sonra mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Er
      6 Mesaj
      25 Ekim 2008 19:24:36
      serji tüm yardımlaın için çok teşekkürler.
      norton ile tarama yaptım sadece izleme çerezleri vardı ve onları temizledik.(herhalde kurtuluş yok.hergün bir iki izleme çerezi geliyor.).
      şimdi son işlemi yapayım bitdefender ile.
      tekrar teşekkür ederim.


      _____________________________

    • Teğmen
      220 Mesaj
      25 Ekim 2008 20:02:04
      ComboFix log:

      ComboFix 08-10-24.02 - Acer 2008-10-25 16:37:31.1 - FAT32x86
      Microsoft Windows XP Home Edition 5.1.2600.2.1254.90.1055.18.1040 [GMT 3:00]
      Running from: D:\Downloads\ComboFix.exe
      * Created a new restore point

      [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\autorun.inf
      C:\Program Files\IEToolbar
      C:\WINDOWS\IE4 Error Log.txt
      C:\WINDOWS\system32\askkoma.dat
      C:\WINDOWS\system32\askkoma.exe
      C:\WINDOWS\system32\askkoma_nav.dat
      C:\WINDOWS\system32\askkoma_navps.dat
      C:\WINDOWS\system32\bad1.exe
      C:\WINDOWS\system32\bad2.exe
      C:\WINDOWS\system32\bad3.exe
      C:\WINDOWS\system32\drivers\npf.sys
      C:\WINDOWS\system32\nvs2.inf
      C:\WINDOWS\system32\packet.dll
      C:\WINDOWS\system32\pthreadVC.dll
      C:\WINDOWS\system32\WanPacket.dll
      C:\WINDOWS\system32\wpcap.dll
      D:\Autorun.inf

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Legacy_NPF
      -------\Service_NPF


      ((((((((((((((((((((((((( Files Created from 2008-09-25 to 2008-10-25 )))))))))))))))))))))))))))))))
      .

      2008-10-25 01:13 . 2008-10-25 01:13 110 --a------ C:\WINDOWS\wininit.ini
      2008-10-12 23:51 . 2008-10-12 23:51 <DIR> d--h----- C:\WINDOWS\PIF
      2008-10-03 00:28 . 2008-10-03 00:28 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\AVS4YOU
      2008-10-03 00:27 . 2008-10-03 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AVS4YOU
      2008-10-03 00:25 . 2008-10-03 00:25 <DIR> d-------- C:\Program Files\Common Files\AVSMedia
      2008-10-03 00:24 . 2008-10-03 00:24 <DIR> d-------- C:\Program Files\AVS4YOU
      2008-10-03 00:24 . 2007-02-27 19:36 974,848 --a------ C:\WINDOWS\system32\mfc70.dll
      2008-10-03 00:24 . 2007-02-27 19:36 487,424 --a------ C:\WINDOWS\system32\msvcp70.dll
      2008-10-03 00:24 . 2007-02-27 19:36 24,576 --a------ C:\WINDOWS\system32\msxml3a.dll
      2008-10-02 23:21 . 2008-10-02 23:21 <DIR> d-------- C:\DVDVideoSoft
      2008-10-02 23:20 . 2008-10-02 23:20 <DIR> d-------- C:\Program Files\DVDVideoSoft
      2008-10-02 23:20 . 2008-10-02 23:20 <DIR> d-------- C:\Program Files\Common Files\DVDVideoSoft
      2008-10-02 22:18 . 2008-10-02 22:18 <DIR> d-------- C:\Temp\mplayer
      2008-10-02 22:18 . 2008-10-02 23:07 2,515,456 --a------ C:\Temp\mplayer.exe
      2008-10-02 22:18 . 2008-10-02 23:07 1,433,600 --a------ C:\Temp\mencoder.exe
      2008-10-02 22:18 . 2008-10-02 23:07 1,126,281 --a------ C:\Temp\cygwin1.dll
      2008-10-02 22:18 . 2008-10-02 22:18 339,968 --a------ C:\Temp\VirtualDub.exe
      2008-10-02 22:18 . 2008-10-02 23:07 216,088 --a------ C:\Temp\xvidcore.dll
      2008-10-02 22:18 . 2008-10-02 23:07 155,136 --a------ C:\Temp\oggenc.exe
      2008-10-02 22:18 . 2008-10-02 22:18 90,624 --a------ C:\Temp\OGMuxer.exe
      2008-10-02 22:18 . 2008-10-02 23:07 55,808 --a------ C:\Temp\LauMin.exe
      2008-10-02 22:18 . 2008-10-02 23:07 35,328 --a------ C:\Temp\cygz.dll
      2008-10-02 22:18 . 2008-10-02 23:07 32,768 --a------ C:\Temp\mencodersh.exe
      2008-10-02 22:18 . 2008-10-02 22:18 28,672 --a------ C:\Temp\BasicParser.dll
      2008-10-02 22:18 . 2008-10-02 22:18 25,088 --a------ C:\Temp\sylia.dll
      2008-10-02 22:18 . 2008-10-02 23:07 19,456 --a------ C:\Temp\cat.exe
      2008-10-02 22:18 . 2008-10-02 23:07 14,848 --a------ C:\Temp\vstrip.exe
      2008-10-02 21:28 . 2008-10-02 21:28 <DIR> d-------- C:\Program Files\Common Files\Logishrd
      2008-10-02 17:16 . 2008-10-02 17:16 <DIR> d-------- C:\Temp\font
      2008-10-02 17:16 . 2008-10-02 17:16 <DIR> d-------- C:\Temp
      2008-10-02 17:16 . 2008-10-02 23:07 1,126,281 --a------ C:\WINDOWS\system32\cygwin1.dll
      2008-10-02 17:16 . 2008-10-02 23:07 1,126,281 --a------ C:\WINDOWS\cygwin1.dll
      2008-10-02 17:16 . 2008-10-02 23:07 35,328 --a------ C:\WINDOWS\system32\cygz.dll
      2008-10-02 17:16 . 2008-10-02 23:07 35,328 --a------ C:\WINDOWS\cygz.dll
      2008-10-01 02:05 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\drivers\usbser.sys
      2008-10-01 02:05 . 2004-08-03 23:08 25,600 --a------ C:\WINDOWS\system32\dllcache\usbser.sys
      2008-09-28 21:28 . 2008-09-28 21:28 <DIR> d-------- C:\Documents and Settings\Acer\Application Data\Xilisoft Corporation
      2008-09-28 21:25 . 2008-09-28 21:25 <DIR> d-------- C:\Program Files\Xilisoft
      2008-09-28 18:35 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\drivers\usbvideo.sys
      2008-09-28 18:35 . 2004-08-03 23:10 78,464 --a------ C:\WINDOWS\system32\dllcache\usbvideo.sys
      2008-09-28 18:01 . 2008-09-28 18:01 <DIR> d-------- C:\Program Files\Mobile PhoneTools
      2008-09-28 18:01 . 2008-09-28 18:01 <DIR> d-------- C:\Program Files\Common Files\ANWSOFT
      2008-09-28 18:01 . 2008-09-28 18:01 <DIR> d-------- C:\Program Files\Common Files\A&W
      2008-09-28 18:01 . 2008-09-28 18:02 187 --a------ C:\WINDOWS\system32\VideoGenieSetup.ini
      2008-09-28 00:48 . 2008-09-28 00:48 <DIR> d-------- C:\Program Files\YouTube Video Downloader
      2008-09-27 17:58 . 2008-09-27 18:00 54,156 --ah----- C:\WINDOWS\QTFont.qfn
      2008-09-27 17:58 . 2008-09-27 18:00 1,409 --a------ C:\WINDOWS\QTFont.for

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-15 16:58 332,800 ----a-w C:\WINDOWS\system32\dllcache\netapi32.dll
      2008-10-03 17:02 6,066,176 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
      2008-09-23 23:08 --------- d-----w C:\Documents and Settings\kağan\Application Data\ESET
      2008-09-15 15:39 1,846,016 ----a-w C:\WINDOWS\system32\win32k.sys
      2008-09-15 15:39 1,846,016 ----a-w C:\WINDOWS\system32\dllcache\win32k.sys
      2008-09-12 21:55 --------- d-----w C:\Program Files\Griee
      2008-09-12 15:03 --------- d-----w C:\Program Files\HD Tune Pro
      2008-09-09 22:24 --------- d-----w C:\Documents and Settings\kağan\Application Data\BSplayer PRO
      2008-09-07 00:52 --------- d-----w C:\Documents and Settings\Acer\Application Data\DMCache
      2008-09-02 20:48 --------- d-----w C:\Documents and Settings\Acer\Application Data\TeamViewer
      2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
      2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\dllcache\srv.sys
      2008-08-27 09:11 3,593,216 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
      2008-08-27 01:10 --------- d-----w C:\Program Files\Common Files\xing shared
      2008-08-26 13:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
      2008-08-26 13:15 --------- d-----w C:\Documents and Settings\Acer\Application Data\GRETECH
      2008-08-25 08:43 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
      2008-08-25 08:38 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
      2008-08-25 00:51 --------- d-----w C:\Documents and Settings\Acer\Application Data\MiniLyrics
      2008-08-25 00:50 --------- d-----w C:\Program Files\Minilyrics
      2008-08-25 00:19 --------- d-----w C:\Documents and Settings\Acer\Application Data\LockTime
      2008-08-23 05:56 635,848 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
      2008-08-23 05:54 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
      2008-08-14 13:37 2,187,904 ------w C:\WINDOWS\system32\dllcache\ntoskrnl.exe
      2008-08-14 13:37 2,144,768 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      2008-08-14 13:37 2,144,768 ------w C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
      2008-08-14 13:37 2,064,896 ------w C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
      2008-08-14 13:37 2,022,912 ----a-w C:\WINDOWS\system32\ntkrnlpa.exe
      2008-08-14 13:37 2,022,912 ------w C:\WINDOWS\system32\dllcache\ntkrpamp.exe
      2008-08-14 09:51 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
      2006-10-30 07:52 1,888,953,769 ----a-w C:\Program Files\data2.cab
      2005-05-22 22:22 317,440 ----a-w C:\Program Files\00000002.TMP
      2005-05-22 22:16 204,923 ----a-w C:\Program Files\data1.hdr
      2005-05-22 22:16 11,681,272 ----a-w C:\Program Files\data1.cab
      2007-08-13 09:34 132 --sha-w C:\WINDOWS\Help\uyari.vbs
      2007-10-09 18:11 213,407 --sha-w C:\WINDOWS\PrTemp\pritemp2\convert.exe
      2007-08-13 09:34 132 --sha-w C:\WINDOWS\PrTemp\pritemp2\uyari.vbs
      2007-10-09 18:12 213,217 --sha-w C:\WINDOWS\PrTemp\pngtemp2\convert2x.exe
      2007-08-13 09:34 132 --sha-w C:\WINDOWS\PrTemp\pngtemp2\uyari.vbs
      2008-01-31 17:21 215,040 --sha-w C:\WINDOWS\PrTemp\pritempconTelafi\convert.exe
      2008-01-28 19:20 215,459 --sha-w C:\WINDOWS\PrTemp\pritempconTelafi\Xprivate_to_add.exe
      2007-08-13 09:34 132 --sha-w C:\WINDOWS\PrTemp\pritempconTelafi\uyari.vbs
      2007-11-22 16:14 265 --sha-w C:\WINDOWS\PrTemp\pritempconTelafi\NetError.vbs
      2008-01-31 17:21 214,716 --sha-w C:\WINDOWS\PrTemp\pngtemp3\convert2x.exe
      2008-01-28 19:20 215,459 --sha-w C:\WINDOWS\PrTemp\pngtemp3\Xprivate_to_add.exe
      2007-08-13 09:34 132 --sha-w C:\WINDOWS\PrTemp\pngtemp3\uyari.vbs
      2007-11-22 16:14 265 --sha-w C:\WINDOWS\PrTemp\pngtemp3\NetError.vbs
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-10 68856]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "LaunchApp"="Alaunch" [X]
      "AzMixerSel"="C:\Program Files\Realtek\InstallShield\AzMixerSel.exe" [2005-08-25 53248]
      "PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-03-23 151552]
      "ntiMUI"="C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
      "eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
      "Acer ePresentation HPD"="C:\Acer\Empowering Technology\ePresentation\ePresentation.exe" [2006-03-31 204800]
      "ePower_DMC"="C:\Acer\Empowering Technology\ePower\ePower_DMC.exe" [2006-04-04 421888]
      "Boot"="C:\Acer\Empowering Technology\ePower\Boot.exe" [2006-03-15 579584]
      "eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-04-28 401408]
      "LogitechCameraAssistant"="C:\Program Files\Acer\OrbiCam\CameraAssistant.exe" [2006-04-06 331776]
      "LogitechVideo[inspector]"="C:\Program Files\Acer\OrbiCam\InstallHelper.exe" [2006-04-06 19:06 73728]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 282624]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
      "IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
      "ImageItEncrypt"="C:\WINDOWS\system32\ImageItEncrypt.exe" [2005-12-30 40960]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-08-27 185896]
      "egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2008-08-18 1447168]
      "BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]
      "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 C:\WINDOWS\RTHDCPL.exe]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "NoInstrumentation"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoResolveTrack"= 0 (0x0)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "midi1"= wpdmtpu47.dll
      "msacm.divxa32"= msaud32_divx.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
      --a------ 2005-11-28 13:52 77824 C:\WINDOWS\system32\hkcmd.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
      --a------ 2005-11-28 13:55 118784 C:\WINDOWS\system32\igfxpers.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
      --a------ 2005-11-28 13:55 98304 C:\WINDOWS\system32\igfxtray.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LManager]
      --a------ 2006-03-30 13:56 471040 C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraService(E)]
      --a------ 2004-11-01 18:22 262144 C:\WINDOWS\system32\ElkCtrl.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMSX]
      --a------ 2006-04-06 19:22 225280 C:\WINDOWS\system32\LVCOMSX.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
      --a------ 2007-01-19 12:55 5674352 C:\Program Files\MSN Messenger\msnmsgr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBJ]
      --------- 2004-09-07 12:55 1871872 C:\Program Files\Ahead\Nero BackItUp\NBJ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
      --a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
      --a------ 2004-08-04 20:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
      --a------ 2007-10-10 15:21 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
      --a------ 2005-01-08 07:16 692315 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
      --a------ 2005-01-08 07:17 102491 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
      --a------ 2006-03-16 17:24 88204 C:\WINDOWS\AGRSMMSG.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
      --a------ 2005-05-03 18:43 69632 C:\WINDOWS\Alcmtr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "AntiVirusOverride"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
      "EnableFirewall"= 0 (0x0)

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
      "C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
      "C:\\Program Files\\MSN Messenger\\livecall.exe"=
      "C:\\WINDOWS\\System32\\FXSCLNT.exe"=
      "C:\\WINDOWS\\System32\\usmt\\migwiz.exe"=
      "C:\\Program Files\\Windows Media Player\\wmplayer.exe"=
      "D:\\Program Files\\Championship Manager 01-02\\cm0102.exe"=

      R2 EpmPsd;Acer EPM Power Scheme Driver;C:\WINDOWS\system32\drivers\epm-psd.sys [2005-04-22 4096]
      R2 EpmShd;Acer EPM System Hardware Driver;C:\WINDOWS\system32\drivers\epm-shd.sys [2005-04-22 78208]
      R3 lv321av;Logitech USB PC Camera (VC0321);C:\WINDOWS\system32\Drivers\lv321av.sys [2006-04-06 1097472]
      R3 LVPrcMon;Logitech LVPrcMon Driver;C:\WINDOWS\system32\drivers\LVPrcMon.sys [2006-04-06 16768]
      S0 ElbyVCD;ElbyVCD;C:\WINDOWS\system32\DRIVERS\ElbyVCD.sys [ ]
      S2 SpPortEx;Samsung Port Exclusion;C:\WINDOWS\system32\Drivers\SpPortEx.sys [1999-12-15 7168]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e46952df-4d00-11dc-99cf-0016cef3acc4}]
      \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL FLASH_System\FLASH_private.PIF
      .
      Contents of the 'Scheduled Tasks' folder

      2008-10-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
      - C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
      .
      - - - - ORPHANS REMOVED - - - -

      HKCU-Run-BitComet - C:\Program Files\BitComet\BitComet.exe
      MSConfigStartUp-Cleanup - C:\DOCUME~1\Acer\LOCALS~1\Temp\20071112125918_mcappins.exe
      MSConfigStartUp-msci - C:\DOCUME~1\Acer\LOCALS~1\Temp\20071112125916_mcinfo.exe
      MSConfigStartUp-Msmsgs - C:\WINDOWS\system32\Msmsgs.exe
      MSConfigStartUp-SYS1 - C:\WINDOWS\system32\system.exe
      MSConfigStartUp-SYS2 - C:\WINDOWS\system32\bad1.exe
      MSConfigStartUp-SYS3 - C:\WINDOWS\system32\bad2.exe
      MSConfigStartUp-SYS4 - C:\WINDOWS\system32\bad3.exe


      .
      ------- Supplementary Scan -------
      .
      FireFox -: Profile - C:\Documents and Settings\Acer\Application Data\Mozilla\Firefox\Profiles\sz87jk69.default\
      FireFox -: prefs.js - STARTUP.HOMEPAGE -
      FF -: plugin - C:\Program Files\Google\Google Updater\2.2.1111.1511\npCIDetect11.dll
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-25 16:41:35
      Windows 5.1.2600 Service Pack 2 FAT NTAPI

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
      C:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
      C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
      C:\Program Files\ESET\ESET Smart Security\ekrn.exe
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
      C:\WINDOWS\system32\wbem\wmiapsrv.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      .
      **************************************************************************
      .
      Completion time: 2008-10-25 16:43:32 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-10-25 13:43:30

      Pre-Run: 19.970.097.152 bayt boş
      Post-Run: 20,529,086,464 bayt boş

      280 --- E O F --- 2008-10-24 22:05:42


      Malwarebytes' Anti-Malware 1.30 log:


      Malwarebytes' Anti-Malware 1.30
      Veritabanı versiyonu: 1318
      Windows 5.1.2600 Service Pack 2

      25.10.2008 19:39:07
      mbam-log-2008-10-25 (19-39-07).txt

      Tarama şekli: Derin Tarama (C:\|D:\|F:\|H:\|)
      Taranmış nesneler: 152554
      Geçen zaman: 1 hour(s), 23 minute(s), 59 second(s)

      Etkilenmiş Hafıza İşlemleri: 0
      Etkilenmiş Hafıza Modülleri: 0
      Etkilenmiş Kayıt Anahtarları: 0
      Etkilenmiş Kayıt Değerleri: 0
      Etkilenmiş Kayıt Veri Dosyaları: 0
      Etkilenmiş Klasörler: 0
      Etkilenmiş Dosyalar: 1

      Etkilenmiş Hafıza İşlemleri:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Hafıza Modülleri:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Kayıt Anahtarları:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Kayıt Değerleri:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Kayıt Veri Dosyaları:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Klasörler:
      (Tehlikeli nesne bulunmadı)

      Etkilenmiş Dosyalar:
      C:\regxpcom.exe (Trojan.FBrowsingAdvisor) -> Quarantined and deleted successfully.


      1 nesneyi buldu sildi.bundan sonra ne yapmalıyım,teşekkürler...
      bu arada bu yaptıklarımdan sonra hala alt tarafta durum çubuğunda balon çıkarak ''windows gecikmeli yazma başarısı''diye bi uyarı alıyorum acaba neden..?


      _____________________________

      [/link][link=http://forum.donanimhaber.com/m_88405016/f_//tm.htm
    • Binbaşı
      1328 Mesaj
      25 Ekim 2008 21:27:11
      sevgili serji emeğin için tesekkurler,ama o kadar problem paylastım ve yazdıgın acıklama pek de tatmin etmedi.Zaman ayırırsan veya msn'den cözmeye calısırsak sevinirim.Biliyorum kolay degil ama..

      Ayrıca fixmbr ve fixboot olayını nasıl yapıcam?



      ''Yaklaşık 1 hafta önce,bilgisayarım problemsiz çalışıyordu.Geçen gün 1 program yükledim,D sürücüsünü tarattım.Aman yarabbim D sürücüsünde klasörlerdeki herşey duruyor,fakat direkt D sürücüsünde bulunan nesnelerin hepsi silinmişti.Bu olaydan önce acronis true image ile bilgisayarımın image'ını problem yüklüyordum.
      Olaydan sonra bilgisayara format attım C ve D her ikisine de;HDD'im 120gb.
      C sürücüsünü 10gb,D sürücüsünü 110gb ayarladım.Format bitti image almaya sıra geldi ve hata uyarısı geldi,işte bilmem kacıncı sektörde bilmemne var gibisinden.Ben bilgisayarı actım ve bad sector taraması yaptırmak geldi aklıma,yüzeysel taramada hicbişi bulunmamasına ragmen,derin taramada 9 adet bad sector bulundu.
      Hemen belirtmeliyim HDD hicbir fiziksel temasa mağruz kalmadı.Zaten stabil calısıyordu.Hala stabil calısıyor anormal bir ses yok HDD'te!

      Bende hirens boot cd aracılıgıyla,HD Regenarator programını kullanarak duzeltmeye calıstım ama nafile,düzelmedi.

      Şimdi işin en can alıcı kısmına geliyoruz.Her 2 sürücüyüde bicimlendirmedim fakat,C sürücüsüne 10gb'tan yüksek deger veremiyorum.



      Lanet olsun o programa nereden indridim de kurdum basıma neler geldi yaaaa...

      Herneyse bugün tarattırdım ve bilgisayarımda bolbol rootkit ve benzeri şeyler cıktı.
      Bende Low Level Format atmadan evvel size danısmak istedim.

      Rootkit dısında yukarıda belirttigim problemimin baska bir çözümü de bulunabilir mi acaba?

      Şimdiden teşekkürler...


      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 17:12:38, on 25.10.2008
      Platform: Windows XP SP3 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16735)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\spoolsv.exe
      C:\Program Files\USB Disk Security\USBGuard.exe
      C:\WINDOWS\CameraFixer.exe
      C:\WINDOWS\tsnpstd3.exe
      C:\WINDOWS\vsnpstd3.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Internet Download Manager\IDMan.exe
      C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      C:\Program Files\Bonjour\mDNSResponder.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
      C:\WINDOWS\system32\svchost.exe
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Rar$EX00.500\RootkitRevealer.exe
      C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.internetdown...manager.com/welcome.html
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar
      O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [USB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Premium\avgnt.exe" /min
      O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
      O4 - HKLM\..\Run: [CameraFixer] C:\WINDOWS\CameraFixer.exe
      O4 - HKLM\..\Run: [tsnpstd3] C:\WINDOWS\tsnpstd3.exe
      O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe
      O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [Set Visual Effects] SetVisualEffects.exe /silent (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
      O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
      O23 - Service: Avira AntiVir Premium Scheduler (AntiVirScheduler) - Unknown owner - C:\Program Files\Avira\AntiVir PersonalEdition Premium\sched.exe (file missing)
      O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: ISDSASQOFE - Sysinternals - www.sysinternals.com - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ISDSASQOFE.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: PD91Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Agent.exe
      O23 - Service: PD91Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk2008\PD91Engine.exe

      --
      End of file - 5561 bytes ''


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 21:34:12

      quote:

      Orjinalden alıntı: kartald80

      serji tüm yardımlaın için çok teşekkürler.
      norton ile tarama yaptım sadece izleme çerezleri vardı ve onları temizledik.(herhalde kurtuluş yok.hergün bir iki izleme çerezi geliyor.).
      şimdi son işlemi yapayım bitdefender ile.
      tekrar teşekkür ederim.

      ricaederim sonucu bekliyorum kolay gelsin.

      quote:

      Orjinalden alıntı: mr_daw666

      ComboFix log:
      1 nesneyi buldu sildi.bundan sonra ne yapmalıyım,teşekkürler...
      bu arada bu yaptıklarımdan sonra hala alt tarafta durum çubuğunda balon çıkarak ''windows gecikmeli yazma başarısı''diye bi uyarı alıyorum acaba neden..?

      Perlovga Removal Tool adlı programı masaüstünüze indirin.

      http://www.guvenlikuzma...om/dosyalar/perlovga.exe

      Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.

      Bahsettigin sorunun cozumu icind e:

      http://support.microsoft.com/kb/330174/tr


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 21:36:14

      quote:

      Orjinalden alıntı: bodur

      sevgili serji emeğin için tesekkurler,ama o kadar problem paylastım ve yazdıgın acıklama pek de tatmin etmedi.Zaman ayırırsan veya msn'den cözmeye calısırsak sevinirim.Biliyorum kolay degil ama..

      Ayrıca fixmbr ve fixboot olayını nasıl yapıcam?

      XP cdsini taktiginda normal kurulum yapar gibi devam et. Kurulumun ilk ekraninda (mavi ekran) R tusuna basacaksin ve Kurtarma konsolu calisacak. Daha sonra senden oturum acmani isteyecek XP ve 1 tusuna basip entera basip sifre varsa sifreyi gireceksin.

      Daha sonra fixboot komutunu yazip entera basacaksin ve fixmbr komutunu yazip tekrar entera basacaksin. Senden onay isterse E tusuna basip onaylaman gerekebilir. Bunlar master boot record onaracak olmadi silip tekrar olusturacaktir.


      _____________________________

    • Er
      6 Mesaj
      25 Ekim 2008 22:17:46
      serji,
      yaklaşık 3 saattir kullanıyorum herhangi bir sorun yok. umarım herhangi bir sorun kalmadı.
      seni çok yorduk ama bizimiçin değdi.çok teşekkürler.


      _____________________________

    • Binbaşı
      1189 Mesaj
      25 Ekim 2008 22:34:37
      @serji teşekkürler...


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      25 Ekim 2008 22:55:06

      quote:

      Orjinalden alıntı: kartald80

      serji,
      yaklaşık 3 saattir kullanıyorum herhangi bir sorun yok. umarım herhangi bir sorun kalmadı.
      seni çok yorduk ama bizimiçin değdi.çok teşekkürler.

      rica ederim sorun cozulmesine sevindim. Kolay eglsin.


      quote:

      Orjinalden alıntı: avcihuan

      @serji teşekkürler...

      rica ederim


      _____________________________

    • Binbaşı
      1328 Mesaj
      26 Ekim 2008 12:36:55
      canım SERJİ yüregine emegine saglık,Hirens bootcd ile fixmbr ve fixboot olayını hallettim.Şuan problem yok.
      merak ettigim su sana gönderdigim log'da rootkit benzeri bir durum var mı?varsa bunu nasıl çözecegiz?
      teşekkurler...


      _____________________________

    • Çavuş
      54 Mesaj
      26 Ekim 2008 13:04:05
      Merhaba,

      Pcmedün bir virüs bulaştı.sistem32de buluyorum siliyorum regeditten falan da siliyorum ama gene geliyor.inatçı şey.logum işte.lütfen yardımedersmisiniz ? brastk.exe ve karna.dat bir de başıma WinCtrl32 çıktı.yardımlarınızı bekliyorum.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 11:57:57, on 26.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v7.00 (7.00.6000.16640)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTNET tarafından sağlanan Microsoft Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
      O2 - BHO: Java Class - {5020E612-32EB-4A8A-A776-9D7B0404C987} - C:\WINDOWS\java\classes\java.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
      O2 - BHO: EZSaveFlash - {F9E5F47A-45FD-450C-91DF-81C72E1FADB0} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Program Files\Mozilla Firefox\plugins\NPSWF32_FlashUtil.exe -p
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
      O9 - Extra button: FlashCapture - {753BBC4B-CC73-4fb8-A5B5-CA09C804C1DD} - C:\Program Files\FlashCapture\fciext.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O14 - IERESET.INF: START_PAGE_URL=http://www.telekom.gov.tr
      O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-01.sun.c...-6u6-windows-i586-jc.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{5F8457CC-CA4A-4F0D-8FCC-387C2BFB0B1A}: NameServer = 208.67.222.222,208.67.220.220
      O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.106 85.255.112.123
      O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.114.106 85.255.112.123
      O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.106 85.255.112.123
      O20 - AppInit_DLLs: kernel32.sys
      O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
      O23 - Service: NBService - Unknown owner - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe (file missing)
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Windows Management Service - Unknown owner - C:\WINDOWS\system32\dmwsc.exe (file missing)
      O24 - Desktop Component 0: (no name) - http://giresun.meb.gov....ar/resimler/meb_arka.gif

      --
      End of file - 6358 bytes



      _____________________________

      A bove ante, ab asino retro, a stulto undique caveto..Öküzün önünde, eşeğin arkasında, aptalın her tarafında hazırlıklı ol..
    • Emekli Yönetici
      8906 Mesaj
      26 Ekim 2008 13:45:33

      quote:

      Orjinalden alıntı: bodur

      canım SERJİ yüregine emegine saglık,Hirens bootcd ile fixmbr ve fixboot olayını hallettim.Şuan problem yok.
      merak ettigim su sana gönderdigim log'da rootkit benzeri bir durum var mı?varsa bunu nasıl çözecegiz?
      teşekkurler...

      rica ederim. Sorunun cozuldugune sevindim.Ayrica sonucu bildiridigin icin de ben tesekkur ederim. Yalniz HJT logunda Rootkitler gozukmez. Onun icin ComboFix'i calistirman gerekiyor:

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      26 Ekim 2008 13:47:38
      quote:

      Orjinalden alıntı: sevindirik

      Merhaba,

      Pcmedün bir virüs bulaştı.sistem32de buluyorum siliyorum regeditten falan da siliyorum ama gene geliyor.inatçı şey.logum işte.lütfen yardımedersmisiniz ? brastk.exe ve karna.dat bir de başıma WinCtrl32 çıktı.yardımlarınızı bekliyorum.

      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTNET tarafından sağlanan Microsoft Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Java Class - {5020E612-32EB-4A8A-A776-9D7B0404C987} - C:\WINDOWS\java\classes\java.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
      O2 - BHO: EZSaveFlash - {F9E5F47A-45FD-450C-91DF-81C72E1FADB0} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O20 - AppInit_DLLs: kernel32.sys


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      < Bu mesaj bu kişi tarafından değiştirildi serji -- 26 Ekim 2008; 13:43:30 >
      _____________________________

    • Çavuş
      54 Mesaj
      26 Ekim 2008 15:21:25
      quote:

      Orjinalden alıntı: serji


      Alıntıları Göster


      * HijackThis adlı programı açın.
      * Do a system scan only seçeneğine tıklayın.
      * Aşağıdaki satırları işaretleyin.

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = TTNET tarafından sağlanan Microsoft Internet Explorer
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, explorer.exe
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
      O2 - BHO: Java Class - {5020E612-32EB-4A8A-A776-9D7B0404C987} - C:\WINDOWS\java\classes\java.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O2 - BHO: FCBHOBHO Class - {8B3868B4-EBA8-48FA-A19B-E1DFB99066FA} - C:\Program Files\FlashCapture\fcbho.dll
      O2 - BHO: EZSaveFlash - {F9E5F47A-45FD-450C-91DF-81C72E1FADB0} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
      O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O8 - Extra context menu item: Save F&lash with FlashCapture - res://C:\Program Files\FlashCapture\fciext.dll/FCIEXT.htm
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
      O9 - Extra button: Flash - {5699BDDB-A771-4E54-ACBB-BE86921D7892} - C:\PROGRA~1\EZSAVE~1\EZSAVE~1.DLL
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
      O20 - AppInit_DLLs: kernel32.sys


      * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

      Combofix adli programi indirin.

      http://www.guvenlikuzma...om/dosyalar/ComboFix.exe

      1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
      2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
      3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
      4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
      5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
      6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
      7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
      8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
      9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


      malesef olmuyor.şuan C deyim.normalde Dkullanıyorum ve Virüsler de D diskinde.D den hiçbir işlem yapamıyor nete giremiyor, C ye indirdiğim programları kurup çalıştıramıyorum.

      Virüsler D de.

      brastk.exe
      karna.dat
      WinCtrl32.dll

      işte bu virüslerden nasıl kurtulacağımı bilmiyorum.yardım ederseniz çok sevinirim.Verdiğiniz programları kesinlikle çalıştıramıyorum D diskinde.siliyorum güvenli modda açıyorum.tekrar geliyorlar.

      Sistem32 ye yerleşmiş olan WinCtrl32.dll silinmiyorlar disk korumalı falan deyip silme olmuyor.

      bu arada önceki işlemin fix logu:


      ComboFix 08-10-17.01 - BirNeT 2008-10-26 14:42:41.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.142 [GMT 2:00]
      Running from: C:\Documents and Settings\BirNeT\Desktop\ComboFix.exe

      [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
      .
      - REDUCED FUNCTIONALITY MODE -
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\Program Files\Microsoft Security Adviser
      C:\svchost.exe
      C:\svchost2.exe
      C:\WINDOWS\system32\softwares.dll

      .
      ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
      .

      2008-10-26 11:52 . 2008-10-26 11:52 <DIR> d-------- C:\Program Files\Trend Micro
      2008-10-26 11:45 . 2008-10-26 11:45 <DIR> d-------- C:\Documents and Settings\BirNeT\Application Data\Grisoft
      2008-10-26 11:35 . 2008-10-26 11:35 <DIR> d-------- C:\Program Files\microsoft frontpage
      2008-09-29 01:24 . 2008-09-29 01:24 <DIR> d-------- C:\Program Files\Common Files\Nullsoft
      2008-09-27 14:33 . 2008-09-27 14:35 <DIR> d-------- C:\Program Files\The KMPlayer

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-09-21 17:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-09-21 17:27 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-09-20 13:42 --------- d-----w C:\Program Files\Rockstar Games
      2008-09-05 17:50 --------- d-----w C:\Documents and Settings\BirNeT\Application Data\BearShare
      2008-09-04 13:49 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-08-28 12:35 --------- d-----w C:\Documents and Settings\BirNeT\Application Data\FileZilla
      .

      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-10-06 5058560]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
      "Userinit"="C:\\WINDOWS\\system32\\userinit.exe, explorer.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
      "AppInit_DLLs"=kernel32.sys

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Speed Launch.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Adobe Reader Speed Launch.lnk
      backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

      [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Bluetooth.lnk]
      path=C:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Bluetooth.lnk
      backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Load]
      ???? [?]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Run]
      ???? [?]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware]
      --a------ 2007-06-11 11:25 6731312 C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
      --a--c--- 2007-03-12 12:49 153136 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2004-08-04 01:45 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
      --a--c--- 2007-03-09 17:53 153136 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2003-10-06 13:16 5058560 C:\WINDOWS\system32\nvcpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2008-03-25 03:28 144784 C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
      -ra------ 2005-08-18 10:49 307200 C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Barsaka]
      --a------ 2007-06-13 15:22 1033216 C:\WINDOWS\explorer.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2003-10-06 13:16 741376 C:\WINDOWS\system32\nwiz.exe

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"=
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "C:\\Program Files\\BearShare Applications\\BearShare\\BearShare.exe"=

      S2 Windows Management Service;Windows Management Service;C:\WINDOWS\system32\dmwsc.exe [ ]
      S3 new_drv;!!!!;C:\WINDOWS\new_drv.sys [ ]

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{70ec6030-1c91-11dc-bca1-959f9d198e4a}]
      \Shell\AutoRun\command - G:\fooool.exe
      \Shell\explore\Command - G:\fooool.exe
      \Shell\open\Command - G:\fooool.exe

      *Newly Created Service* - CATCHME
      .
      - - - - ORPHANS REMOVED - - - -

      BHO-{5020E612-32EB-4A8A-A776-9D7B0404C987} - C:\WINDOWS\java\classes\java.dll
      MSConfigStartUp-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      MSConfigStartUp-msavsc - C:\Program Files\Microsoft Security Adviser\msavsc.exe
      MSConfigStartUp-msctrl - C:\Program Files\Microsoft Security Adviser\msctrl.exe
      MSConfigStartUp-msfw - C:\Program Files\Microsoft Security Adviser\msfw.exe
      MSConfigStartUp-msiemon - C:\Program Files\Microsoft Security Adviser\msiemon.exe
      MSConfigStartUp-MSMSGS - C:\Program Files\Messenger\msmsgs.exe
      MSConfigStartUp-MsnMsgr - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      MSConfigStartUp-mssadv - C:\Program Files\Microsoft Security Adviser\msfw.exe
      MSConfigStartUp-msscan - C:\Program Files\Microsoft Security Adviser\msscan.exe
      MSConfigStartUp-nod32kui - C:\Program Files\Eset\nod32kui.exe
      MSConfigStartUp-ttool - C:\WINDOWS\9129837.exe
      MSConfigStartUp-scvhost - mirc.exe


      .
      ------- Supplementary Scan -------
      .
      FireFox -: Profile - C:\Documents and Settings\BirNeT\Application Data\Mozilla\Firefox\Profiles\4m6lruv1.default\
      FireFox -: prefs.js - STARTUP.HOMEPAGE -
      .

      **************************************************************************

      catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-26 14:43:46
      Windows 5.1.2600 Service Pack 2 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...


      C:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp

      scan completed successfully
      hidden files: 1

      **************************************************************************
      .
      Completion time: 2008-10-26 14:47:29
      ComboFix-quarantined-files.txt 2008-10-26 12:47:15

      Pre-Run: 24.708.030.464 bayt boş
      Post-Run: 25,096,736,768 bayt boş

      124 --- E O F --- 2008-04-07 18:32:56



      < Bu mesaj bu kişi tarafından değiştirildi sevindirik -- 26 Ekim 2008; 15:17:51 >
      _____________________________

      A bove ante, ab asino retro, a stulto undique caveto..Öküzün önünde, eşeğin arkasında, aptalın her tarafında hazırlıklı ol..
    • Emekli Yönetici
      8906 Mesaj
      26 Ekim 2008 15:47:27

      quote:

      Orjinalden alıntı: sevindirik
      malesef olmuyor.şuan C deyim.normalde Dkullanıyorum ve Virüsler de D diskinde.D den hiçbir işlem yapamıyor nete giremiyor, C ye indirdiğim programları kurup çalıştıramıyorum.

      Virüsler D de.

      brastk.exe
      karna.dat
      WinCtrl32.dll

      işte bu virüslerden nasıl kurtulacağımı bilmiyorum.yardım ederseniz çok sevinirim.Verdiğiniz programları kesinlikle çalıştıramıyorum D diskinde.siliyorum güvenli modda açıyorum.tekrar geliyorlar.

      Sistem32 ye yerleşmiş olan WinCtrl32.dll silinmiyorlar disk korumalı falan deyip silme olmuyor.

      bu arada önceki işlemin fix logu:

      Yalnizca orada degil burada da cok fazla virus var:

      The Avenger adlı programı masaüstünüze indirin.

      http://www.guvenlikuzma...com/dosyalar/avenger.exe

      1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.

       
      Files to delete:
      c:\windows\system32\kernel32.sys
      C:\WINDOWS\system32\dmwsc.exe
      C:\WINDOWS\new_drv.sys
      C:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp
      c:\windows\system32\brastk.exe
      c:\windows\brastk.exe
      c:\windows\system32\karna.dat
      c:\windows\karna.dat
      c:\windows\system32\WinCtrl32.dll
      c:\windows\WinCtrl32.dll


      2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

      * Load Script altında Paste from Clipboard seçin.
      * Execute butonuna basın.
      * Program soru sorarsa Evet tıklayın.

      3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
      4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
      5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin

      Malwarebytes Antimalware adlı programı indirin.

      http://www.guvenlikuzma.../dosyalar/mbam-setup.exe

      * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
      * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
      * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
      * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
      * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
      * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
      * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
      * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
      * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

      NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.


      _____________________________

    • Çavuş
      54 Mesaj
      26 Ekim 2008 19:50:00
      Merhaba tekrardan,

      avg anti virüs prg.kurdum son çare olarak ve sizin de saymış olduğunuz virüsleri buldu.sanırımsildi pek emin değilim ama onun sonrasındaki logu göstereyim.sistem ne durumda yorumlarsanız sevinirim.

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:44:46, on 26.10.2008
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
      Boot mode: Normal

      Running processes:
      D:\WINDOWS\System32\smss.exe
      D:\WINDOWS\system32\winlogon.exe
      D:\WINDOWS\system32\services.exe
      D:\WINDOWS\system32\lsass.exe
      D:\WINDOWS\system32\svchost.exe
      D:\WINDOWS\System32\svchost.exe
      D:\WINDOWS\Explorer.EXE
      D:\WINDOWS\system32\spoolsv.exe
      D:\WINDOWS\system32\wuauclt.exe
      D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
      D:\PROGRA~1\AVG\AVG8\avgrsx.exe
      D:\PROGRA~1\AVG\AVG8\avgemc.exe
      D:\Program Files\AVG\AVG8\avgtray.exe
      D:\Program Files\AVG\AVG8\avgscanx.exe
      D:\Program Files\Windows Live\Messenger\msnmsgr.exe
      D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
      D:\WINDOWS\System32\svchost.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      D:\Program Files\Windows Live\Messenger\usnsvc.exe
      D:\WINDOWS\system32\wuauclt.exe
      D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
      O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
      O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
      O4 - HKLM\..\Run: [MSConfig] D:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
      O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
      O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
      O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
      O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.micro...b_site.cab?1222033505118
      O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
      O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
      O20 - AppInit_DLLs: karna.dat,avgrsstx.dll
      O20 - Winlogon Notify: WinCtrl32 - D:\WINDOWS\
      O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
      O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
      O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

      --
      End of file - 3741 bytes



      _____________________________

      A bove ante, ab asino retro, a stulto undique caveto..Öküzün önünde, eşeğin arkasında, aptalın her tarafında hazırlıklı ol..
    • Emekli Yönetici
      8906 Mesaj
      26 Ekim 2008 20:31:44

      quote:

      Orjinalden alıntı: sevindirik

      Merhaba tekrardan,

      avg anti virüs prg.kurdum son çare olarak ve sizin de saymış olduğunuz virüsleri buldu.sanırımsildi pek emin değilim ama onun sonrasındaki logu göstereyim.sistem ne durumda yorumlarsanız sevinirim.

      Sorunlar hala devam ediyor. Avenger ile soyledigim islemleri yapip onun urettigi logu gonderin.


      _____________________________

    • Binbaşı
      1328 Mesaj
      26 Ekim 2008 21:35:22
      Yepyeni formatlanmış bilgisayarım ve Combofix ile yaptıgım taramanın sonucu;


      ComboFix 08-10-25.01 - Administrator 2008-10-26 20:23:31.1 - NTFSx86
      Microsoft Windows XP Professional 5.1.2600.3.1254.1.1055.18.611 [GMT 2:00]
      Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
      * Created a new restore point
      * Resident AV is active


      [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
      .

      ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      C:\WINDOWS\system32\1.bat
      C:\WINDOWS\system32\drivers\npf.sys
      C:\WINDOWS\system32\packet.dll
      C:\WINDOWS\system32\wpcap.dll

      .
      ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
      .

      -------\Service_NPF


      ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 )))))))))))))))))))))))))))))))
      .

      2008-10-26 20:27 . 2008-10-26 20:27 <DIR> d-------- C:\WINDOWS\system32\xircom
      2008-10-26 20:27 . 2008-10-26 20:27 <DIR> d-------- C:\WINDOWS\system32\oobe
      2008-10-26 20:27 . 2008-10-26 20:27 <DIR> d-------- C:\WINDOWS\srchasst
      2008-10-26 20:27 . 2008-10-26 20:27 <DIR> d-------- C:\Program Files\microsoft frontpage
      2008-10-26 19:52 . 2008-10-26 19:52 <DIR> d-------- C:\Documents and Settings\Administrator\Mercury
      2008-10-26 19:52 . 2008-10-26 19:52 <DIR> d-------- C:\Documents and Settings\Administrator\.jmf
      2008-10-26 19:00 . 2008-10-26 19:01 <DIR> d-------- C:\Program Files\Internet Download Manager
      2008-10-26 19:00 . 2008-10-26 19:59 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\IDM
      2008-10-26 19:00 . 2008-10-26 20:27 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\DMCache

      .
      (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-10-26 16:59 --------- d-----w C:\Program Files\ESET
      2008-10-26 16:59 --------- d-----w C:\Documents and Settings\All Users\Application Data\ESET
      2008-10-26 16:57 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
      2008-10-26 16:32 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Conceptworld
      2008-10-26 16:22 --------- d-----w C:\Program Files\Mercury Messenger 1.8
      2008-10-26 16:19 --------- d-----w C:\Program Files\Webteh
      2008-10-26 16:19 --------- d-----w C:\Documents and Settings\Administrator\Application Data\BSplayer PRO
      2008-10-26 16:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\GRETECH
      2008-10-26 16:18 --------- d-----w C:\Documents and Settings\Administrator\Application Data\GRETECH
      2008-10-26 16:17 --------- d-----w C:\Program Files\GRETECH
      2008-10-26 16:16 --------- d-----w C:\Program Files\QO Developments
      2008-10-26 16:16 --------- d-----w C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation
      2008-10-26 16:15 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-10-26 16:15 --------- d-----w C:\Program Files\The KMPlayer
      2008-10-26 16:15 --------- d-----w C:\Program Files\NVIDIA Corporation
      2008-10-26 16:07 --------- d-----w C:\Program Files\VideoLAN
      2008-10-26 16:05 --------- d-----w C:\Program Files\QO Labs
      2008-10-26 16:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\SRS Labs
      2008-10-26 16:05 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Winamp
      2008-10-26 16:04 --------- d-----w C:\Program Files\Winamp3
      2008-10-26 16:04 --------- d-----w C:\Program Files\Winamp
      2008-10-26 16:04 --------- d-----w C:\Program Files\iZotope
      2008-10-26 16:03 --------- d-----w C:\Program Files\SRS Labs
      2008-10-26 16:00 --------- d-----w C:\Program Files\DFX
      2008-10-26 16:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\DFX
      2008-10-26 15:58 430,080 ----a-w C:\WINDOWS\system32\wmpheadphones.dll
      2008-10-26 15:58 151,552 ----a-w C:\WINDOWS\system32\wmpeq10.dll
      2008-10-26 15:58 --------- d-----w C:\Program Files\Common Files\DFX
      2008-10-26 15:58 --------- d-----w C:\Program Files\4front-headphones-1
      2008-10-26 15:58 --------- d-----w C:\Program Files\4front-eq10-2
      2008-10-26 15:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\ashampoo
      2008-10-26 15:55 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Ashampoo
      2008-10-26 15:54 --------- d-----w C:\Program Files\Ashampoo
      2008-10-26 15:50 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Media Player Classic
      2008-10-26 15:43 98,304 ----a-w C:\WINDOWS\system32\qttask.exe
      2008-10-26 15:42 --------- d-----w C:\Program Files\ACE Mega CoDecS Pack
      2008-10-26 15:40 --------- d-----w C:\Program Files\Combined Community Codec Pack
      2008-10-26 15:37 --------- d-----w C:\Program Files\Ringz Studio
      2008-10-26 15:37 --------- d-----w C:\Program Files\Common Files\Real
      2008-10-26 15:37 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
      2008-10-26 15:34 --------- d-----w C:\Program Files\Foxit Software
      2008-10-26 15:34 --------- d-----w C:\Program Files\Foxit
      2008-10-26 15:33 --------- d-----w C:\Program Files\Microsoft ActiveSync
      2008-10-26 15:31 410,976 ----a-w C:\WINDOWS\system32\deploytk.dll
      2008-10-26 15:31 --------- d-----w C:\Program Files\Java
      2008-10-26 15:24 --------- d-----w C:\Program Files\NVIDIA
      2008-10-26 15:13 --------- d-----w C:\Program Files\Realtek
      2008-10-26 15:12 --------- d-----w C:\Program Files\VIA
      2008-10-26 15:12 --------- d-----w C:\Program Files\Common Files\InstallShield
      2008-10-26 15:11 --------- d-----w C:\Program Files\AMD
      2008-10-26 14:44 --------- d-----w C:\Program Files\Windows Media Connect 2
      2008-10-02 08:07 453,152 ----a-w C:\WINDOWS\system32\NVUNINST.EXE
      2008-09-21 22:55 3,511,808 ----a-w C:\WINDOWS\system32\winntbbu.dll
      2008-09-21 22:37 9,216 ----a-w C:\WINDOWS\system32\drivers\videX32.sys
      2008-09-21 22:37 69,168 ----a-w C:\WINDOWS\system32\drivers\si3112.sys
      2008-09-21 22:37 52,736 ----a-w C:\WINDOWS\system32\drivers\ViPrt.sys
      2008-09-21 22:37 18,432 ----a-w C:\WINDOWS\system32\vIdeInst.dll
      2008-09-21 22:37 16,896 ----a-w C:\WINDOWS\system32\drivers\ViBus.sys
      2008-09-21 22:35 990,208 ----a-w C:\WINDOWS\system32\syssetup.dll
      2008-09-21 22:35 361,600 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
      2008-09-21 22:35 218,624 ----a-w C:\WINDOWS\system32\uxtheme.dll
      2008-09-21 22:35 139,264 ----a-w C:\WINDOWS\system32\sfc_os.dll
      2008-09-21 22:32 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll
      2008-09-21 22:31 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll
      2008-09-21 22:30 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
      2008-09-21 22:30 68,096 ----a-w C:\WINDOWS\system32\adsmsext.dll
      2008-09-21 22:30 62,976 ----a-w C:\WINDOWS\system32\drivers\cdrom.sys
      2008-09-21 22:30 6,656 ----a-w C:\WINDOWS\system32\asferror.dll
      2008-09-21 22:30 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll
      2008-09-21 22:30 272,000 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
      2008-09-21 22:30 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll
      2008-09-21 22:30 176,128 ----a-w C:\WINDOWS\system32\adsldp.dll
      2008-09-21 22:30 138,496 ----a-w C:\WINDOWS\system32\drivers\afd.sys
      2008-09-17 14:11 1,365,504 ----a-w C:\WINDOWS\system32\themeui.dll
      2008-09-14 10:59 2,350,848 ----a-w C:\WINDOWS\system32\ntoskrnl.exe
      2008-09-13 01:14 589,312 ----a-w C:\WINDOWS\system32\winlogon.exe
      2008-09-13 01:14 538,624 ----a-w C:\WINDOWS\system32\spider.exe
      2008-09-13 01:14 517,120 ----a-w C:\WINDOWS\system32\user32.dll
      2008-09-13 01:14 449,024 ----a-w C:\WINDOWS\system32\srrstr.dll
      2008-09-13 01:14 297,472 ----a-w C:\WINDOWS\system32\wuauclt1.exe
      2008-09-13 01:14 29,696 ----a-w C:\WINDOWS\system32\wupdmgr.exe
      2008-09-13 01:14 226,816 ----a-w C:\WINDOWS\system32\sndvol32.exe
      2008-09-13 01:14 196,096 ----a-w C:\WINDOWS\system32\wuaueng1.dll
      2008-09-13 01:13 476,672 ----a-w C:\WINDOWS\system32\photowiz.dll
      2008-09-13 01:13 374,272 ----a-w C:\WINDOWS\system32\netid.dll
      2008-09-13 01:13 2,115,072 ----a-w C:\WINDOWS\system32\netshell.dll
      2008-09-13 01:13 2,059,264 ----a-w C:\WINDOWS\system32\netplwiz.dll
      2008-09-13 01:13 146,944 ----a-w C:\WINDOWS\system32\mycomput.dll
      2008-09-13 01:13 127,488 ----a-w C:\WINDOWS\system32\mshearts.exe
      2008-09-13 01:13 117,248 ----a-w C:\WINDOWS\system32\mydocs.dll
      2008-09-13 01:13 1,503,744 ----a-w C:\WINDOWS\system32\quartz.dll
      2008-09-12 10:44 206,256 ----a-w C:\WINDOWS\system32\idmmbc.dll
      2008-09-09 22:07 2,235,392 ----a-w C:\WINDOWS\system32\msgina.dll
      2008-09-09 22:06 6,181,888 ----a-w C:\WINDOWS\system32\logonui.exe
      2008-09-09 22:06 244,224 ----a-w C:\WINDOWS\system32\logon.scr
      2008-08-20 14:58 43,008 ----a-w C:\WINDOWS\system32\nhelper.exe
      2008-08-16 09:20 470,016 ----a-w C:\WINDOWS\system32\devmgr.dll
      2008-08-06 13:29 348,160 ----a-w C:\WINDOWS\system32\msvcr71.dll
      2008-08-06 13:27 499,712 ----a-w C:\WINDOWS\system32\msvcp71.dll
      2008-07-31 15:41 68,616 ----a-w C:\WINDOWS\system32\xapofx1_1.dll
      .

      ------- Sigcheck -------

      2008-09-13 03:14 517120 2b24dcc39dc03652ad0be1ff5a50a04a C:\WINDOWS\system32\user32.dll

      2008-09-22 00:35 361600 df70435f3d17c40d5cb15e6dc918342e C:\WINDOWS\system32\drivers\tcpip.sys

      2008-09-13 03:14 589312 c60ce0f3a4326d27d573ca3541f90aa6 C:\WINDOWS\system32\winlogon.exe

      2008-09-14 12:59 2350848 16710e8f6164e8c39501395921a4e027 C:\WINDOWS\system32\ntoskrnl.exe

      2008-09-22 01:42 1246720 53e7537e5cf6066f3c90322be70ccebf C:\WINDOWS\explorer.exe
      .
      ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      *Note* empty entries & legit default entries are not shown
      REGEDIT4

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-09-22 15360]
      "IDMan"="C:\Program Files\Internet Download Manager\IDMan.exe" [2008-10-26 2607616]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-10-07 13574144]
      "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-08-18 1447168]
      "Tweak UI"="TWEAKUI.CPL" [2003-03-25 C:\WINDOWS\system32\tweakui.cpl]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
      "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-09-22 15360]

      [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
      "ShowDeskFix"="shell32" [X]
      "_nltide_3"="advpack.dll" [2008-09-22 C:\WINDOWS\system32\advpack.dll]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
      "HonorAutoRunSetting"= 1 (0x1)
      "NoDesktopCleanupWizard"= 1 (0x1)
      "HideRunAsVerb"= 1 (0x1)
      "MemCheckBoxInRunDlg"= 1 (0x1)
      "NoNetConnectDisconnect"= 1 (0x1)

      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "NoStartMenuPinnedList"= 1 (0x1)
      "NoSMMyPictures"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      "NoResolveSearch"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      "MemCheckBoxInRunDlg"= 1 (0x1)

      [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
      "NoSMHelp"= 1 (0x1)
      "NoStartMenuPinnedList"= 1 (0x1)
      "NoSMMyPictures"= 1 (0x1)
      "ForceClassicControlPanel"= 1 (0x1)
      "NoResolveTrack"= 1 (0x1)
      "NoResolveSearch"= 1 (0x1)
      "NoSMConfigurePrograms"= 1 (0x1)
      "MemCheckBoxInRunDlg"= 1 (0x1)

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
      "msacm.sl_anet"= C:\PROGRA~1\ACEMEG~1\SystemS\sl_anet.acm
      "vidc.iyuv"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\iyuv_32.dll
      "vidc.yvu9"= C:\PROGRA~1\ACEMEG~1\SystemS\Intel\Iyvu9_32.dll
      "vidc.uyvy"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
      "vidc.yuy2"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
      "vidc.yvyu"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msyuv.dll
      "msacm.msaudio1"= C:\PROGRA~1\ACEMEG~1\SystemS\MICROS~1\msaud32.acm

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
      --a------ 2008-09-22 01:42 15360 C:\WINDOWS\system32\ctfmon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
      --a------ 2008-10-07 13:33 13574144 C:\WINDOWS\system32\nvcpl.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
      --a------ 2008-10-07 13:33 86016 C:\WINDOWS\system32\nvmctray.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
      --a------ 2008-10-26 17:43 98304 C:\WINDOWS\system32\qttask.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StormCodec_Helper]
      --a------ 2006-11-26 20:30 97357 C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
      --a------ 2008-10-26 17:31 136600 C:\Program Files\Java\jre6\bin\jusched.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
      -r------- 2005-05-02 18:00 69632 C:\WINDOWS\Alcmtr.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
      --a------ 2008-10-07 13:33 1630208 C:\WINDOWS\system32\nwiz.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL]
      -r------- 2006-09-11 19:58 16264192 C:\WINDOWS\RTHDCPL.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
      -r------- 2006-05-15 21:04 2879488 C:\WINDOWS\SkyTel.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
      --a------ 2003-03-25 05:49 106544 C:\WINDOWS\system32\tweakui.cpl

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
      "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
      "%windir%\\system32\\sessmgr.exe"=
      "C:\\Program Files\\Mercury Messenger 1.8\\Mercury\\Mercury.exe"=

      R0 ViBus;ViBus;C:\WINDOWS\system32\DRIVERS\ViBus.sys [2008-09-22 16896]
      R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2008-09-22 9216]
      R0 ViPrt;VIA SATA IDE Device Driver;C:\WINDOWS\system32\DRIVERS\ViPrt.sys [2008-09-22 52736]
      R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-08-18 34312]
      R2 JavaQuickStarterService;Java Quick Starter;C:\Program Files\Java\jre6\bin\jqs.exe [2008-10-26 152984]
      S2 UxTuneUp;TuneUp Theme Extension;C:\WINDOWS\System32\svchost.exe [2008-04-15 14336]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [ ]

      [COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown[/COLOR]
      6to4
      AppMgmt
      AudioSrv
      Browser
      CryptSvc
      DMServer
      DHCP
      EventSystem
      FastUserSwitchingCompatibility
      HidServ
      Ias
      Iprip
      Irmon
      LanmanServer
      LanmanWorkstation
      Netman
      Nla
      NWCWorkstation
      Nwsapagent
      Rasauto
      Rasman
      Remoteaccess
      Schedule
      SENS
      Sharedaccess
      SRService
      Tapisrv
      Themes
      UxTuneUp
      WZCSVC
      Wmi
      WmdmPmSp
      winmgmt
      xmlprov
      napagent
      hkmsvc
      BITS
      wuauserv
      ShellHWDetection
      WmdmPmSN

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs


      [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
      \Shell\AutoRun\command - E:\ASUSACPI.exe

      *Newly Created Service* - HELPSVC
      .
      Contents of the 'Scheduled Tasks' folder

      2008-10-26 C:\WINDOWS\Tasks\1-Click Maintenance.job
      - C:\Program Files\TuneUp Utilities 2008\OneClickStarter.exe []
      .
      - - - - ORPHANS REMOVED - - - -

      MSConfigStartUp-Microsoft Windows Sound - svuhost.exe


      .
      ------- Supplementary Scan -------
      .
      R0 -: HKCU-Main,Start Page = hxxp://www.google.com.
      R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
      R1 -: HKCU-Internet Connection Wizard,ShellNext = hxxp://www.google.com./
      R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/keyword/%s
      O8 -: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
      O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
      O8 -: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
      O8 -: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
      .

      **************************************************************************

      catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-10-26 20:27:46
      Windows 5.1.2600 Service Pack 3 NTFS

      scanning hidden processes ...

      scanning hidden autostart entries ...

      scanning hidden files ...

      scan completed successfully
      hidden files: 0

      **************************************************************************
      .
      ------------------------ Other Running Processes ------------------------
      .
      C:\Program Files\Internet Download Manager\IEMonitor.exe
      C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
      C:\WINDOWS\system32\nvsvc32.exe
      .
      **************************************************************************
      .
      Completion time: 2008-10-26 20:28:52 - machine was rebooted
      ComboFix-quarantined-files.txt 2008-10-26 18:28:48

      Pre-Run: 16.672.436.224 bayt boş
      Post-Run: 16,663,674,880 bayt boş

      308



      _____________________________

    • Emekli Yönetici
      8906 Mesaj
      26 Ekim 2008 22:29:24

      quote:

      Orjinalden alıntı: bodur

      Yepyeni formatlanmış bilgisayarım ve Combofix ile yaptıgım taramanın sonucu;

      Hala bir cok sorun gozume carpiyor.

      C:\WINDOWS\srchasst bu klasorun silinmesi gerekiyor. Ayrica Combofix de buldugu bir kac zaraliyi silmis durumda.


      _____________________________

    • Çavuş
      54 Mesaj
      26 Ekim 2008 22:30:55
      Logfile of The Avenger Version 2.0, (c) by Swandog46
      http://swandog46.geekstogo.com

      Platform: Windows XP

      *******************

      Script file opened successfully.
      Script file read successfully.

      Backups directory opened successfully at D:\Avenger

      *******************

      Beginning to process script file:

      Rootkit scan active.
      No rootkits found!


      Error: file "c:\windows\system32\kernel32.sys" not found!
      Deletion of file "c:\windows\system32\kernel32.sys" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "C:\WINDOWS\system32\dmwsc.exe" not found!
      Deletion of file "C:\WINDOWS\system32\dmwsc.exe" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "C:\WINDOWS\new_drv.sys" not found!
      Deletion of file "C:\WINDOWS\new_drv.sys" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "C:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp" not found!
      Deletion of file "C:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "c:\windows\system32\brastk.exe" not found!
      Deletion of file "c:\windows\system32\brastk.exe" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "c:\windows\brastk.exe" not found!
      Deletion of file "c:\windows\brastk.exe" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "c:\windows\system32\karna.dat" not found!
      Deletion of file "c:\windows\system32\karna.dat" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "c:\windows\karna.dat" not found!
      Deletion of file "c:\windows\karna.dat" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "c:\windows\system32\WinCtrl32.dll" not found!
      Deletion of file "c:\windows\system32\WinCtrl32.dll" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Error: file "c:\windows\WinCtrl32.dll" not found!
      Deletion of file "c:\windows\WinCtrl32.dll" failed!
      Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
      --> the object does not exist


      Completed script processing.

      *******************

      Finished! Terminate.


      durum nedir kardeşim.sana da zahmet oluyor ama :(


      _____________________________

      A bove ante, ab asino retro, a stulto undique caveto..Öküzün önünde, eşeğin arkasında, aptalın her tarafında hazırlıklı ol..
    • Emekli Yönetici
      8906 Mesaj
      26 Ekim 2008 22:42:06

      quote:

      Orjinalden alıntı: sevindirik
      durum nedir kardeşim.sana da zahmet oluyor ama :(

      Estag. Sorun cozulsun de zahmeti sorun degil. Bir de bunu deneyelim:

      The Avenger adlı programı masaüstünüze indirin.

      http://www.guvenlikuzma...com/dosyalar/avenger.exe

      1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.

      Files to delete: 
      d:\windows\system32\kernel32.sys
      d:\WINDOWS\system32\dmwsc.exe
      d:\WINDOWS\new_drv.sys
      d:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp
      d:\windows\system32\brastk.exe
      d:\windows\brastk.exe
      d:\windows\system32\karna.dat
      d:\windows\karna.dat
      d:\windows\system32\WinCtrl32.dll
      d:\windows\WinCtrl32.dll


      2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

      * Load Script altında Paste from Clipboard seçin.
      * Execute butonuna basın.
      * Program soru sorarsa Evet tıklayın.

      3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
      4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
      5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin


      _____________________________

Sayfa:   <<     < önceki   89 90 91 92 [93] 94 95 96 97 98   sonraki >     >>
Tüm Forumlar >> İşletim Sistemleri ve Yazılımlar >> Yazılım Genel >> Güvenlik Programları >> HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Sayfaya Git:
Sayfa:
Facebook Sayfamız
Foruma Git
Bölümde Ara
Reklamlar
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.