Teknoloji Haberleri
Aşağı Git
Tüm Forumlar
İşletim Sistemleri ve Yazılımlar
Yazılım Genel
Güvenlik Programları
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Bu konudaki kullanıcılar: 2 misafir, 2 mobil kullanıcı
9876
Cevap 1251460
Tıklama 0
Öne Çıkarma
Cevap 1251460
Tıklama 0
Öne Çıkarma
-
Cevap: HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (280. sayfa)
Cok guzel. Bizi en cok engelleyen virusleri hallettik.Simdi: Combofix adli programi indirin. http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe 1. Tüm açık pencerelerinizi ve programlarınızı kapatın. 2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın. 3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin. 4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın. 5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır. 6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir. 7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur. 8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz. 9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin. |
Bu mesaja 1 cevap geldi.
|
iyi geceler serji. bilgsayarda biraz yavaşlama var hjack this logu: Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:55, on 26.10.2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16705) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\SYSTEM32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\ctfmon.exe D:\HiJackThis.exe O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\878RMTMon.exe O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2008\IEShow.exe" O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2008\bdagent.exe" O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [d80b853e] rundll32.exe "C:\WINDOWS\system32\dnaptigv.dll",b O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Nero\data\Xtras\mssysmgr.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - S-1-5-18 Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: Nikon Monitor.lnk = ? (User 'SYSTEM') O4 - .DEFAULT Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe (User 'Default user') O4 - .DEFAULT Startup: Nikon Monitor.lnk = ? (User 'Default user') O4 - Startup: HDD temperature.lnk = C:\Program Files\PalickSoft\HDD Temperature\HDDTemperature.exe O4 - Startup: Nikon Monitor.lnk = ? O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: Add to AMV Converter... - C:\Program Files\MP3 Player Utilities 4.04\AMVConverter\grab.html O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.04\MediaManager\grab.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab3.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://linkinpark972.spaces.live.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://download.bitdefender.com/resources/scan8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) -http://upload.facebook.com/controls/FacebookPhotoUploader.cab O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) -http://cid-cb9aaab6c308a3d4.spaces.live.com/PhotoUpload/MsnPUpld.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {CC05BC12-2AA2-4AC7-AC81-0E40F83B1ADF} (Live365Player Class) -http://www.live365.com/players/play365.cab O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F551} (Flatcast Viewer 4.15) -http://www.flatcast.com/de/download/NpFv415.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CCS\Services\Tcpip\..\{22110FD4-E560-4CC7-B3F9-CA9A6A8590FB}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CCS\Services\Tcpip\..\{967B224A-EDFC-458A-8FBF-7AD55ED27F89}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CS1\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O17 - HKLM\System\CS2\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.116 O17 - HKLM\System\CS3\Services\Tcpip\..\{1056ED04-F5B7-4236-B645-513B70EE815D}: NameServer = 212.57.1.17,144.122.199.90,212.175.13.115 O20 - AppInit_DLLs: axdwqo.dll O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing) O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: HDD Temperature (HDDTService) - PalickSoft - C:\Program Files\PalickSoft\HDD Temperature\HDDTSvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2008\vsserv.exe O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - C:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe -- End of file - 8434 bytes |
Bu mesaja 1 cevap geldi.
|
@serji işte bu da son olarak istediğin log:Combofix logum. ComboFix 08-10-25.01 - POYRAZBEY 2008-10-27 0:04:41.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.162 [GMT 2:00] Running from: D:\Documents and Settings\POYRAZBEY\Desktop\ComboFix.exe * Created a new restore point [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR] . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . D:\WINDOWS\system32\drivers\405.exe . ((((((((((((((((((((((((( Files Created from 2008-09-26 to 2008-10-26 ))))))))))))))))))))))))))))))) . 2008-10-26 20:35 . 2008-10-26 22:09 <DIR> d-------- D:\WINDOWS\system32\CatRoot_bak 2008-10-26 18:42 . 2008-10-26 18:42 <DIR> d-------- D:\WINDOWS\system32\drivers\Avg 2008-10-26 18:42 . 2008-10-26 18:42 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\AVGTOOLBAR 2008-10-26 18:42 . 2008-10-26 18:42 97,928 --a------ D:\WINDOWS\system32\drivers\avgldx86.sys 2008-10-26 18:41 . 2008-10-26 18:41 <DIR> d-------- D:\Program Files\AVG 2008-10-26 18:41 . 2008-10-26 18:41 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\avg8 2008-10-26 18:41 . 2008-10-26 18:41 76,040 --a------ D:\WINDOWS\system32\drivers\avgtdix.sys 2008-10-26 17:38 . 2008-10-26 17:38 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\Grisoft 2008-10-26 13:59 . 2008-10-26 13:59 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Grisoft 2008-10-26 13:57 . 2008-10-26 13:57 <DIR> d-------- D:\Program Files\Trend Micro 2008-10-26 12:11 . 2008-10-26 11:44 14,113,576 --a------ D:\Program Files\avgas-setup-7.5.1.43-3339.exe 2008-10-22 00:26 . 2008-10-23 23:50 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\skypePM 2008-10-16 22:19 . 2008-10-16 22:19 <DIR> d-------- D:\Documents and Settings\All Users\Application Data\Adobe Systems 2008-10-16 22:18 . 2008-10-16 22:18 <DIR> d-------- D:\Program Files\Common Files\Adobe Systems Shared 2008-10-07 15:55 . 2008-10-07 15:55 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\Thinstall 2008-10-07 15:55 . 2008-10-07 15:56 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\ColorCop 2008-10-05 19:26 . 2008-10-20 20:31 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\LimeWire 2008-10-05 19:24 . 2008-10-26 13:57 <DIR> d-------- D:\Program Files\LimeWire 2008-10-03 23:24 . 2008-10-03 23:24 396 --a------ D:\WINDOWS\ODBC.INI 2008-10-03 23:23 . 2005-12-11 23:35 24,816 --a------ D:\WINDOWS\system32\mdimon.dll 2008-10-03 23:22 . 2008-10-03 23:22 <DIR> d-------- D:\Program Files\Microsoft.NET 2008-10-03 23:20 . 2008-10-03 23:22 <DIR> d-------- D:\WINDOWS\SHELLNEW 2008-10-02 20:11 . 2008-10-02 20:11 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\AdobeUM 2008-10-02 04:20 . 2008-10-02 04:20 0 --a------ D:\WINDOWS\acehtml6.ini 2008-10-02 02:45 . 2008-10-02 02:45 <DIR> d-------- D:\WINDOWS\Sun 2008-10-02 01:52 . 1997-01-15 23:00 71,680 --a------ D:\WINDOWS\ST5UNST.EXE 2008-10-02 01:52 . 1997-01-15 23:00 29,696 --a------ D:\WINDOWS\system32\VB5StKit.dll 2008-10-02 01:12 . 2008-10-02 01:16 <DIR> d-------- D:\Program Files\mp3DirectCut 2008-10-01 16:28 . 2008-10-01 16:28 <DIR> d--hs---- D:\Documents and Settings\POYRAZBEY\PrivacIE 2008-10-01 16:18 . 2008-10-23 23:24 <DIR> d-------- D:\WINDOWS\system32\tr-tr 2008-10-01 16:18 . 2004-08-04 00:45 81,920 --a------ D:\WINDOWS\system32\ieencode.dll 2008-10-01 16:18 . 2004-08-04 00:45 81,920 --a------ D:\WINDOWS\system32\dllcache\ieencode.dll 2008-09-30 19:21 . 2008-10-26 00:00 <DIR> d-------- D:\Documents and Settings\POYRAZBEY\Application Data\FileZilla 2008-09-30 18:12 . 2008-09-30 18:12 23,392 --a------ D:\WINDOWS\system32\nscompat.tlb 2008-09-30 18:12 . 2008-09-30 18:12 16,832 --a------ D:\WINDOWS\system32\amcompat.tlb 2008-09-30 03:51 . 2004-08-04 00:45 221,184 --a------ D:\WINDOWS\system32\wmpns.dll 2008-09-30 03:48 . 2008-09-30 03:48 <DIR> d-------- D:\WINDOWS\system32\LogFiles 2008-09-30 03:48 . 2008-09-30 03:50 <DIR> d-------- D:\WINDOWS\system32\drivers\UMDF 2008-09-30 00:33 . 2008-09-30 00:33 <DIR> d-------- D:\Program Files\Common Files\NSV 2008-09-29 23:49 . 2008-06-10 01:32 73,728 --a------ D:\WINDOWS\system32\javacpl.cpl 2008-09-29 23:48 . 2008-09-29 23:49 <DIR> d-------- D:\Program Files\Java 2008-09-29 23:47 . 2008-09-29 23:47 <DIR> d-------- D:\Program Files\Common Files\Java . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-10-23 22:07 --------- d-----w D:\Documents and Settings\POYRAZBEY\Application Data\Skype 2008-10-19 21:48 --------- d-----w D:\Program Files\MessengerDiscovery 2008-10-16 20:30 --------- d-----w D:\Program Files\Common Files\Adobe 2008-09-30 16:09 --------- d-----w D:\Program Files\Windows Live 2008-09-24 00:34 --------- d-----w D:\Program Files\Skype 2008-09-24 00:34 --------- d-----w D:\Documents and Settings\All Users\Application Data\Skype 2008-09-24 00:33 --------- d-----w D:\Program Files\Common Files\Skype 2008-09-21 22:11 --------- d-----w D:\Program Files\FileZilla FTP Client 2008-09-21 22:08 --------- dcsh--w D:\Program Files\Common Files\WindowsLiveInstaller 2008-09-21 22:00 --------- d-----w D:\Documents and Settings\All Users\Application Data\WLInstaller 2008-09-21 17:03 --------- d-----w D:\Program Files\microsoft frontpage 2008-08-05 14:55 265,720 ----a-w D:\WINDOWS\system32\msdbg2.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "msnmsgr"="D:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="D:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 15360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winyj50.sys] @="Driver" [HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Adobe Reader Speed Launch.lnk] path=D:\Documents and Settings\All Users\Start Menu\Programlar\Başlangıç\Adobe Reader Speed Launch.lnk backup=D:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKLM\~\startupfolder\D:^Documents and Settings^POYRAZBEY^Start Menu^Programlar^Başlangıç^Adobe Gamma.lnk] path=D:\Documents and Settings\POYRAZBEY\Start Menu\Programlar\Başlangıç\Adobe Gamma.lnk backup=D:\WINDOWS\pss\Adobe Gamma.lnkStartup HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\brastk [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY] --a------ 2008-10-26 18:41 1234712 D:\PROGRA~1\AVG\AVG8\avgtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-04 00:45 15360 D:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] --a------ 2007-10-18 10:35 5724184 D:\Program Files\Windows Live\Messenger\msnmsgr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] --a------ 2008-06-10 03:27 144784 D:\Program Files\Java\jre1.6.0_07\bin\jusched.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "UpdatesDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "D:\\Program Files\\Windows Live\\Messenger\\livecall.exe"= "D:\\Program Files\\MessengerDiscovery\\MessengerDiscovery Live.exe"= "D:\\Program Files\\LimeWire\\LimeWire.exe"= "D:\\Program Files\\Skype\\Phone\\Skype.exe"= "D:\\Program Files\\AVG\\AVG8\\avgemc.exe"= "D:\\Program Files\\AVG\\AVG8\\avgupd.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 R1 AvgLdx86;AVG Free AVI Loader Driver x86;D:\WINDOWS\system32\Drivers\avgldx86.sys [2008-10-26 97928] R2 avg8emc;AVG Free8 E-mail Scanner;D:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-10-26 875288] R2 avg8wd;AVG Free8 WatchDog;D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-10-26 231704] R2 AvgTdiX;AVG Free8 Network Redirector;D:\WINDOWS\system32\Drivers\avgtdix.sys [2008-10-26 76040] S0 Winyj50;Winyj50;D:\WINDOWS\system32\Drivers\Winyj50.sys [ ] *Newly Created Service* - CATCHME *Newly Created Service* - PROCEXP90 . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-!AVG Anti-Spyware - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\POYRAZBEY\Application Data\Mozilla\Firefox\Profiles\zc3jereo.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - . ************************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net Rootkit scan 2008-10-27 00:08:07 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2008-10-27 0:11:30 ComboFix-quarantined-files.txt 2008-10-26 22:11:24 Pre-Run: 9.251.762.176 bayt boş Post-Run: 9,346,523,136 bayt boş 143 --- E O F --- 2008-09-24 11:55:36 Merakla bekliyorum son durum nedir :) |
Bu mesaja 1 cevap geldi.
|
@linkin_park20 : Bunlari fixle: O4 - HKLM\..\Run: [d80b853e] rundll32.exe "C:\WINDOWS\system32\dnaptigv.dll",b The Avenger adlı programı masaüstünüze indirin. http://www.guvenlikuzmanim.com/dosyalar/avenger.exe 1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın. Files to delete: 2. Program ikonunun üzerine çift tıklayarak programı çalıştırın. * Load Script altında Paste from Clipboard seçin. * Execute butonuna basın. * Program soru sorarsa Evet tıklayın. 3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır. 4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.) 5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin @sevindirik: The Avenger adlı programı masaüstünüze indirin. http://www.guvenlikuzmanim.com/dosyalar/avenger.exe 1. Aşağıda yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın. Files to delete: 2. Program ikonunun üzerine çift tıklayarak programı çalıştırın. * Load Script altında Paste from Clipboard seçin. * Execute butonuna basın. * Program soru sorarsa Evet tıklayın. 3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır. 4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.) 5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin Bir kac dosya gozukuyor hala. Daha sonra da: Malwarebytes Antimalware adlı programı indirin. http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun. * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın. * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir. * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın. * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun. * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın. * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın. * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.) * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin. NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın. |
Bu mesaja 2 cevap geldi.
|
son log da bu : Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at D:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! Error: file "D:\WINDOWS\system32\Drivers\Winyj50.sys" not found! Deletion of file "D:\WINDOWS\system32\Drivers\Winyj50.sys" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
Bu mesaja 2 cevap geldi.
Malwarebyte's logu da gonderir misin? |
|
quote: Orjinalden alıntı: mr_daw666 ComboFix log: 1 nesneyi buldu sildi.bundan sonra ne yapmalıyım,teşekkürler... bu arada bu yaptıklarımdan sonra hala alt tarafta durum çubuğunda balon çıkarak ''windows gecikmeli yazma başarısı''diye bi uyarı alıyorum acaba neden..? Perlovga Removal Tool adlı programı masaüstünüze indirin. http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın. Bahsettigin sorunun cozumu icind e: http://support.microsoft.com/kb/330174/tr dediklerinizi aynen yaptım.''windows gecikmeli yazma başarısız'' uyarısı gitti,teşekkürler.ama bu arada bilgisayar çok yavaşlamaya başladı.ayrıca daha önce mozillada seçtiğim birden fazla dosyayı sağ tıklayarak flashgetten indirebiliyordum ama şimdi flashgete toplu şekilde atamıyorum linkleri.hem mozillayı hem de flashgeti silip tekrar yükledim ama düzelmedi sorunum.buna da bi çözüm bulabilirseniz sevinirim.keşke nod32 nin önceki versiyonunu silmeseymişim,yenisini yükledikten sonra bütün sorunlar çıktı... |
Bu mesaja 3 cevap geldi.
Merhabalar, öncelikle bu güzel paylaşımınızdan ötürü tebrik ederim, bu kadar uzun süredir bu konuyu ayakta tutup herkesin sorunu ile tek tek ilgilenmeniz gerçekten takdir edilir... HijackThis'e ait Logu kopyaladım bendeki durumlar nedir? Yardımlarınız için şimdiden teşekkürler, kolay gelsin Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 01:03:58, on 27.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\a-squared Free\a2service.exe C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\WINDOWS\system32\LckFldService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\WINDOWS\system32\WISPTIS.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\xxx\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.comodo.com/search/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O1 - Hosts: 127.255.255.255 serial.alcohol-soft.com O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70www.youtube.com O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com O1 - Hosts: 64.15.125.35 sjc-v96.sjc.youtube.com O1 - Hosts: 64.15.125.36 sjc-v97.sjc.youtube.com O1 - Hosts: 64.15.125.37 sjc-v98.sjc.youtube.com O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8336D56A-24C8-47E2-AAF0-5CC16417CC85}: NameServer = 4.2.2.1,4.2.2.2 O20 - AppInit_DLLs: O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Documents and Settings\xxx\Desktop\Ares\chatServer.exe (file missing) O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Advanced WindowsCare Boost Service (AwcService) - IObit - C:\Program Files\IObit\Advanced WindowsCare 3 Beta\awcservice.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\system32\LckFldService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe -- End of file - 12304 bytes |
< Bu mesaj bu kişi tarafından değiştirildi Kirmasti_16 -- 27 Ekim 2008; 1:22:57 >
|
avenger txt: Logfile of The Avenger Version 2.0, (c) by Swandog46 http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully. Script file read successfully. Backups directory opened successfully at C:\Avenger ******************* Beginning to process script file: Rootkit scan active. No rootkits found! File "C:\WINDOWS\system32\dnaptigv.dll" deleted successfully. File "C:\WINDOWS\system32\axdwqo.dll" deleted successfully. Error: file "C:\WINDOWS\axdwqo.dll" not found! Deletion of file "C:\WINDOWS\axdwqo.dll" failed! Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND) --> the object does not exist Completed script processing. ******************* Finished! Terminate. |
< Bu mesaj bu kişi tarafından değiştirildi linkin_park20 -- 27 Ekim 2008; 1:28:47 >
Bu mesaja 1 cevap geldi.
|
işte bu da en son log: Malwarebytes' Anti-Malware 1.30 Veritabanı versiyonu: 1324 Windows 5.1.2600 Service Pack 2 27.10.2008 02:42:45 mbam-log-2008-10-27 (02-42-45).txt Tarama şekli: Derin Tarama (D:\|) Taranmış nesneler: 62358 Geçen zaman: 1 hour(s), 18 minute(s), 59 second(s) Etkilenmiş Hafıza İşlemleri: 0 Etkilenmiş Hafıza Modülleri: 0 Etkilenmiş Kayıt Anahtarları: 1 Etkilenmiş Kayıt Değerleri: 0 Etkilenmiş Kayıt Veri Dosyaları: 0 Etkilenmiş Klasörler: 0 Etkilenmiş Dosyalar: 1 Etkilenmiş Hafıza İşlemleri: (Tehlikeli nesne bulunmadı) Etkilenmiş Hafıza Modülleri: (Tehlikeli nesne bulunmadı) Etkilenmiş Kayıt Anahtarları: HKEY_CLASSES_ROOT\ieguarder.tieadvbho (Trojan.BHO) -> Quarantined and deleted successfully. Etkilenmiş Kayıt Değerleri: (Tehlikeli nesne bulunmadı) Etkilenmiş Kayıt Veri Dosyaları: (Tehlikeli nesne bulunmadı) Etkilenmiş Klasörler: (Tehlikeli nesne bulunmadı) Etkilenmiş Dosyalar: D:\System Volume Information\_restore{1D003CDD-D2BC-411D-B5BC-61A6346E5941}\RP3\A0000228.sys (Rootkit.Agent) -> Quarantined and deleted successfully. durum nedir :) |
Bu mesaja 1 cevap geldi.
|
Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe c:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\ATK0100\HControl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Wireless Console 2\wcourier.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\Program Files\ASUS\ATK Media\DMEDIA.EXE C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe C:\Program Files\ASUS\Splendid\ACMON.exe C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Winamp\winampa.exe C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ACEngSvr.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\SetPoint\SetPoint.exe C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe C:\WINDOWS\ATK0100\ATKOSD.exe C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\AmmoCihe1\Desktop\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://www.asus.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - URLSearchHook: SrchHook Class - {F4F10C1D-87C7-404A-B4B3-000000000000} - (no file) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O4 - HKLM\..\Run: [HControl] C:\WINDOWS\ATK0100\HControl.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMEDIA.EXE O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1 O4 - HKLM\..\Run: [ACMON] C:\Program Files\ASUS\Splendid\ACMON.exe O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [PowerForPhone] C:\Program Files\PowerForPhone\PowerForPhone\PowerForPhone.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [High Definition Audio Özellik Sayfası Kısayolu] HDAShCut.exe O4 - HKLM\..\Run: [CnxDslTaskBar] "C:\Program Files\ZyXEL\ADSL USB Modem\CnxDslTb.exe" O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [updateMgr] c:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_1_0 O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\SetPoint\SetPoint.exe O4 - Global Startup: Bluetooth Manager.lnk = ? O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Başlık Reklamı Engelleyicisi ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Ağ trafiği koruma istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll O9 - Extra button: Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1220999555421 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -http://javadl.sun.com/webapps/download/AutoDL?BundleId=23100 O17 - HKLM\System\CCS\Services\Tcpip\..\{68C2319D-F2DB-40D3-9BD4-27BEC2356404}: NameServer = 195.175.39.39 195.175.39.40 O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe bu güzel konu için emeğine sağlık ne silmem gerekior :) |
Rica ederim. Flashgot adli eklentiyi kurmaniz gerekiyor. Kurduktan sonra Flashget'i Firefox ile kullanabilirsiniz. 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.comodo.com/search/ Kolay gelsin. |
Combofix adli programi indirin. http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe 1. Tüm açık pencerelerinizi ve programlarınızı kapatın. 2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın. 3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin. 4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın. 5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır. 6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir. 7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur. 8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz. 9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
Simdi sorun gozukmuyor. Bir HJT logu daha alalim bakalim son durum nedir. Ama sorunlar cozulmus gibi gozukuyor.
Tesekkurler. Fakat log'un baslik kismi eksik. Onu da gondermen gerekiyor. |
Bu mesaja 2 cevap geldi.
|
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:07:22, on 27.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ftpt.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Eset\nod32kui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE C:\WINDOWS\AGRSMMSG.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Eset\nod32krn.exe C:\Program Files\O2Micro Oz128 Driver\o2flash.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\ATI Technologies\ATI.ACE\cli.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Windows Live\Toolbar\wltuser.exe C:\Documents and Settings\PİCA\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://search.live.com/sphome.aspx R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.live.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://search.live.com/sphome.aspx R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll O3 - Toolbar: BS.Player ControlBar - {2C688203-7EB3-4327-9995-1CB417BA23F9} - C:\Program Files\BS.Player ControlBar\BSToolbar.dll O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll O4 - HKLM\..\Run: [ftp] C:\WINDOWS\ftpt.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [antisansurv1.1] C:\PROGRA~1\ANTISA~1\ANTISA~1.EXE O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Mürşid 2.0 Yardım.lnk = ? O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {410A8B3C-7CCB-40E8-8B11-28B099E5C488} (Trend Micro Security Services Control) -http://tmss.trendmicro.com/Dashboard/controls/activex_10/TMSSReportW.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1210935106296 O17 - HKLM\System\CCS\Services\Tcpip\..\{162DE945-CC36-48AB-8434-90CA481AA7A1}: NameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{7C772B5C-73D9-4C20-BA07-96898FA704D2}: NameServer = 127.0.0.1 O17 - HKLM\System\CCS\Services\Tcpip\..\{93C2B014-1F97-49E5-BF11-4F3FED24667A}: NameServer = 127.0.0.1,192.168.1.1 O17 - HKLM\System\CS2\Services\Tcpip\..\{162DE945-CC36-48AB-8434-90CA481AA7A1}: NameServer = 127.0.0.1 O17 - HKLM\System\CS3\Services\Tcpip\..\{162DE945-CC36-48AB-8434-90CA481AA7A1}: NameServer = 127.0.0.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe -- End of file - 7567 bytes +18 siteleri geliyor ve devali bir internet sayfası açmaya çalışıyor ama açılmıyor tmss.trendmicro..... yardimci olabilirmisiniz. |
Bu mesaja 1 cevap geldi.
* HijackThis adlı programı açın. * Do a system scan only seçeneğine tıklayın. * Aşağıdaki satırları işaretleyin. R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://search.live.com/sphome.aspx * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın. Daha sonra Combofix adli programi indirin. http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe 1. Tüm açık pencerelerinizi ve programlarınızı kapatın. 2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın. 3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin. 4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın. 5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır. 6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir. 7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur. 8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz. 9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin. |
< Bu mesaj bu kişi tarafından değiştirildi serji -- 27 Ekim 2008; 12:32:39 >
HicajkThis raporum :
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:31:47, on 27.10.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\spoolsv.exe D:\WINDOWS\Explorer.EXE D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\Program Files\Mozilla Firefox\firefox.exe D:\PROGRA~1\AVG\AVG8\avgrsx.exe D:\PROGRA~1\AVG\AVG8\avgemc.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\system32\wuauclt.exe D:\Program Files\Windows Live\Messenger\usnsvc.exe D:\WINDOWS\system32\wscntfy.exe D:\Program Files\Windows Media Player\wmplayer.exe D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222033505118 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe -- End of file - 3766 bytes evet umarım son log olur :) |
Bu mesaja 2 cevap geldi.
|
quote: Orjinalden alıntı: mr_daw666 dediklerinizi aynen yaptım.''windows gecikmeli yazma başarısız'' uyarısı gitti,teşekkürler.ama bu arada bilgisayar çok yavaşlamaya başladı.ayrıca daha önce mozillada seçtiğim birden fazla dosyayı sağ tıklayarak flashgetten indirebiliyordum ama şimdi flashgete toplu şekilde atamıyorum linkleri.hem mozillayı hem de flashgeti silip tekrar yükledim ama düzelmedi sorunum.buna da bi çözüm bulabilirseniz sevinirim.keşke nod32 nin önceki versiyonunu silmeseymişim,yenisini yükledikten sonra bütün sorunlar çıktı... Rica ederim. Flashgot adli eklentiyi kurmaniz gerekiyor. Kurduktan sonra Flashget'i Firefox ile kullanabilirsiniz. zaten kurmuştum daha önce,en son yine kurdum ama bu sefer ''download all with flashgot'' diye seçince flashget ana ekranı küçük bi şekilde açılıyor ve arka arkaya seçtiğim link kadar pencere açıyor ama hepsi aynı link için,annamadım gitti,sanırım basit bi hata ama çözemedim ,tekrardan flashget ve mozillayı silip tekrar kursam yine aynısını yapmaz umarım... |
iste bu kadar. Tebrikler. Sistem artik temiz. Gule GUle Kullan
deneyin belki sorun cozulur. Kolay gelsin. |
Bu mesaja 1 cevap geldi.
çok yardımcı oldun teşekkür ediyorum kardeşim sağolasın :) umarım birdaha olmaz :o |
Bu mesaja 1 cevap geldi.
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com
Platform: Windows XP
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at D:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: file "d:\windows\system32\kernel32.sys" not found!
Deletion of file "d:\windows\system32\kernel32.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "d:\WINDOWS\system32\dmwsc.exe" not found!
Deletion of file "d:\WINDOWS\system32\dmwsc.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "d:\WINDOWS\new_drv.sys" not found!
Deletion of file "d:\WINDOWS\new_drv.sys" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: could not open file "d:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp"
Deletion of file "d:\DOCUME~1\BirNeT\LOCALS~1\Temp\RGI1.tmp" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
File "d:\windows\system32\brastk.exe" deleted successfully.
Error: file "d:\windows\brastk.exe" not found!
Deletion of file "d:\windows\brastk.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "d:\windows\system32\karna.dat" not found!
Deletion of file "d:\windows\system32\karna.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "d:\windows\karna.dat" not found!
Deletion of file "d:\windows\karna.dat" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "d:\windows\system32\WinCtrl32.dll" not found!
Deletion of file "d:\windows\system32\WinCtrl32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Error: file "d:\windows\WinCtrl32.dll" not found!
Deletion of file "d:\windows\WinCtrl32.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "c:\windows\system32\avgrsstx.dll" deleted successfully.
Error: file "c:\windows\avgrsstx.dll" not found!
Deletion of file "c:\windows\avgrsstx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
File "d:\windows\system32\avgrsstx.dll" deleted successfully.
Error: file "d:\windows\avgrsstx.dll" not found!
Deletion of file "d:\windows\avgrsstx.dll" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist
Completed script processing.
*******************
Finished! Terminate.
bu da HijackThis logum :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:44:05, on 26.10.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Windows Live\Messenger\msnmsgr.exe
D:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
D:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Mozilla Firefox\firefox.exe
D:\PROGRA~1\AVG\AVG8\avgemc.exe
D:\WINDOWS\system32\wuauclt.exe
D:\WINDOWS\system32\wuauclt.exe
D:\Program Files\Windows Live\Messenger\usnsvc.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - D:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1222033505118
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\Program Files\AVG\AVG8\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--
End of file - 3484 bytes
Son Durum Nedir ?
Bu mesaja 1 cevap geldi. Cevapları Gizle