Hocam Counter vs. oyunları oynadığımda internette kopmalar oluyor. Sorun programlarla mı ilgili bir bakar mısın? Logfile of Trend Micro HijackThis v2.0.2 |
Hocam benimkinede bakabilirmisiniz
|
Malwarebytes' Anti-Malware 1.41 Veritabanı sürümü: 3161 Windows 5.1.2600 Service Pack 3 14.11.2009 22:16:04 mbam-log-2009-11-14 (22-16-04).txt Tarama biçimi: Hızlı Tarama Taranan öğeler: 98389 Geçen süre: 5 minute(s), 49 second(s) Etkilenmiş Hafıza İşlemleri: 0 Etkilenmiş Hafıza Modülleri: 0 Etkilenmiş Kayıt Anahtarları: 0 Etkilenmiş Kayıt Değerleri: 0 Etkilenmiş Kayıt Verisi Öğeleri: 3 Etkilenmiş Klasörler: 0 Etkilenmiş Dosyalar: 0 Etkilenmiş Hafıza İşlemleri: (Herhangi bir tehlikeli öğe bulunmadı) Etkilenmiş Hafıza Modülleri: (Herhangi bir tehlikeli öğe bulunmadı) Etkilenmiş Kayıt Anahtarları: (Herhangi bir tehlikeli öğe bulunmadı) Etkilenmiş Kayıt Değerleri: (Herhangi bir tehlikeli öğe bulunmadı) Etkilenmiş Kayıt Verisi Öğeleri: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal. Etkilenmiş Klasörler: (Herhangi bir tehlikeli öğe bulunmadı) Etkilenmiş Dosyalar: (Herhangi bir tehlikeli öğe bulunmadı) Acaba ciddi tehlikemi var pc'mde lütfen yardım... |
Dosya mbam-log-2009-11-14__22-16-04_.tx alýndýðý zaman 2009.11.14 20:24:55 (UTC) şimdiki Durumu: Yükleniyor ... sýrada bekleniyor taranýyor tamamlandý BULUNAMADI DURDU Sonuç: 0/41 (0%) Sunucu bilgisi yükleniyor... Dosyanýzýn sýradaki durumu: 1. Muhtemel başlangýç zamaný 43 veya 62 saniye. Tarama sonuçlanýncaya kadar lütfen bu pencereyi kapatmayýn. Tarayýcý sizin sonucunuzu çýkarýrken bir hata meydana geldi. Lütfen sonucu alana kadar bir kaç dakika bekleyin. Eðer beş dakikadan fazla bir zamandýr bekliyorsanýz lütfen dosyanýzý yeniden gönderin. Dosyanýz şu anda VirusTotal tarafýndan taranmaya başlandý, sonuçlar çýktýðý anda size bidirilecektir. Formatlanmýş Sonuçlarý yazdýr. Dosyanýzýn süresi doldu yada bulunamadý. Servis şu anda durdu. Dosyanýz tarama için bekliyor (pozisyonu: ) belirsiz bir zaman için. Web sonucu için bekleyebilirsiniz (otomatik yenileme) yada aşaðýdaki forma email adresinizi yazýp "Email sonucu iste" butonuna basarsanýz sistem size taramanýn bittiðini email adresinize bildirecektir. Email adresiniz: Antivirüs Versiyon Son Güncelleştirme Sonuç a-squared 4.5.0.41 2009.11.14 - AhnLab-V3 5.0.0.2 2009.11.13 - AntiVir 7.9.1.65 2009.11.13 - Antiy-AVL 2.0.3.7 2009.11.13 - Authentium 5.2.0.5 2009.11.14 - Avast 4.8.1351.0 2009.11.14 - AVG 8.5.0.425 2009.11.14 - BitDefender 7.2 2009.11.14 - CAT-QuickHeal 10.00 2009.11.13 - ClamAV 0.94.1 2009.11.14 - Comodo 2955 2009.11.14 - DrWeb 5.0.0.12182 2009.11.14 - eSafe 7.0.17.0 2009.11.12 - eTrust-Vet 35.1.7121 2009.11.14 - F-Prot 4.5.1.85 2009.11.14 - F-Secure 9.0.15370.0 2009.11.11 - Fortinet 3.120.0.0 2009.11.14 - GData 19 2009.11.14 - Ikarus T3.1.1.74.0 2009.11.14 - Jiangmin 11.0.800 2009.11.12 - K7AntiVirus 7.10.896 2009.11.13 - Kaspersky 7.0.0.125 2009.11.14 - McAfee 5802 2009.11.14 - McAfee+Artemis 5802 2009.11.14 - McAfee-GW-Edition 6.8.5 2009.11.14 - Microsoft 1.5202 2009.11.14 - NOD32 4608 2009.11.14 - Norman 6.03.02 2009.11.14 - nProtect 2009.1.8.0 2009.11.14 - Panda 10.0.2.2 2009.11.14 - PCTools 7.0.3.5 2009.11.13 - Prevx 3.0 2009.11.14 - Rising 22.21.05.04 2009.11.14 - Sophos 4.47.0 2009.11.14 - Sunbelt 3.2.1858.2 2009.11.12 - Symantec 1.4.4.12 2009.11.14 - TheHacker 6.5.0.2.070 2009.11.14 - TrendMicro 9.0.0.1003 2009.11.14 - VBA32 3.12.10.11 2009.11.13 - ViRobot 2009.11.14.2037 2009.11.14 - VirusBuster 4.6.5.0 2009.11.14 - Ýlave Bilgiler File size: 1373 bytes MD5...: 5761fe09cbe0ad274fe1462cbadda18f SHA1..: 632bf6dcf3d58cb66e8609101cb8b43502d020e3 SHA256: 91a71c5187c27a920d4578c53fea857327a83cd22a626cf01ef7f8d288720047 ssdeep: 24:zU9JejqJjSrYN5dKh8ye+y8yy8zFy8dIfG2C/IfQC/IfCCc7ygUyo:zUnejqJ jK8OGdpIxC/IYC/IKCc7PUP PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Ne demek istiyor ki... |
Dosya mbam-log-2009-11-14__22-16-04_.tx alýndýðý zaman 2009.11.14 20:24:55 (UTC) şimdiki Durumu: Yükleniyor ... sýrada bekleniyor taranýyor tamamlandý BULUNAMADI DURDU Sonuç: 0/41 (0%) Sunucu bilgisi yükleniyor... Dosyanýzýn sýradaki durumu: 1. Muhtemel başlangýç zamaný 43 veya 62 saniye. Tarama sonuçlanýncaya kadar lütfen bu pencereyi kapatmayýn. Tarayýcý sizin sonucunuzu çýkarýrken bir hata meydana geldi. Lütfen sonucu alana kadar bir kaç dakika bekleyin. Eðer beş dakikadan fazla bir zamandýr bekliyorsanýz lütfen dosyanýzý yeniden gönderin. Dosyanýz şu anda VirusTotal tarafýndan taranmaya başlandý, sonuçlar çýktýðý anda size bidirilecektir. Formatlanmýş Sonuçlarý yazdýr. Dosyanýzýn süresi doldu yada bulunamadý. Servis şu anda durdu. Dosyanýz tarama için bekliyor (pozisyonu: ) belirsiz bir zaman için. Web sonucu için bekleyebilirsiniz (otomatik yenileme) yada aşaðýdaki forma email adresinizi yazýp "Email sonucu iste" butonuna basarsanýz sistem size taramanýn bittiðini email adresinize bildirecektir. Email adresiniz: Antivirüs Versiyon Son Güncelleştirme Sonuç a-squared 4.5.0.41 2009.11.14 - AhnLab-V3 5.0.0.2 2009.11.13 - AntiVir 7.9.1.65 2009.11.13 - Antiy-AVL 2.0.3.7 2009.11.13 - Authentium 5.2.0.5 2009.11.14 - Avast 4.8.1351.0 2009.11.14 - AVG 8.5.0.425 2009.11.14 - BitDefender 7.2 2009.11.14 - CAT-QuickHeal 10.00 2009.11.13 - ClamAV 0.94.1 2009.11.14 - Comodo 2955 2009.11.14 - DrWeb 5.0.0.12182 2009.11.14 - eSafe 7.0.17.0 2009.11.12 - eTrust-Vet 35.1.7121 2009.11.14 - F-Prot 4.5.1.85 2009.11.14 - F-Secure 9.0.15370.0 2009.11.11 - Fortinet 3.120.0.0 2009.11.14 - GData 19 2009.11.14 - Ikarus T3.1.1.74.0 2009.11.14 - Jiangmin 11.0.800 2009.11.12 - K7AntiVirus 7.10.896 2009.11.13 - Kaspersky 7.0.0.125 2009.11.14 - McAfee 5802 2009.11.14 - McAfee+Artemis 5802 2009.11.14 - McAfee-GW-Edition 6.8.5 2009.11.14 - Microsoft 1.5202 2009.11.14 - NOD32 4608 2009.11.14 - Norman 6.03.02 2009.11.14 - nProtect 2009.1.8.0 2009.11.14 - Panda 10.0.2.2 2009.11.14 - PCTools 7.0.3.5 2009.11.13 - Prevx 3.0 2009.11.14 - Rising 22.21.05.04 2009.11.14 - Sophos 4.47.0 2009.11.14 - Sunbelt 3.2.1858.2 2009.11.12 - Symantec 1.4.4.12 2009.11.14 - TheHacker 6.5.0.2.070 2009.11.14 - TrendMicro 9.0.0.1003 2009.11.14 - VBA32 3.12.10.11 2009.11.13 - ViRobot 2009.11.14.2037 2009.11.14 - VirusBuster 4.6.5.0 2009.11.14 - Ýlave Bilgiler File size: 1373 bytes MD5...: 5761fe09cbe0ad274fe1462cbadda18f SHA1..: 632bf6dcf3d58cb66e8609101cb8b43502d020e3 SHA256: 91a71c5187c27a920d4578c53fea857327a83cd22a626cf01ef7f8d288720047 ssdeep: 24:zU9JejqJjSrYN5dKh8ye+y8yy8zFy8dIfG2C/IfQC/IfCCc7ygUyo:zUnejqJ jK8OGdpIxC/IYC/IKCc7PUP PEiD..: - PEInfo: - RDS...: NSRL Reference Data Set - pdfid.: - trid..: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned Ne demek istiyor ki... |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:35:47, on 16.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v7.00 (7.00.6002.18005) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\CursorXP\CursorXP.exe C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe C:\Windows\system32\taskeng.exe C:\Program Files\a-squared Anti-Malware\a2service.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\agrsmsvc.exe C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe C:\Windows\system32\TODDSrv.exe C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Apoint2K\Apntex.exe C:\Program Files\PC Connectivity Solution\ServiceLayer.exe C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OGUZHAN R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60 O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll O13 - Gopher Prefix: O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{71A7F614-71E8-4EA9-94F1-6516B5E89A5A}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- End of file - 7375 bytes |
merhaba, bilgisayarımda kendiliğinden silinen programlar ve yavaşlama var. firefox açılmıyor ve virüs taramaları temiz çıkıyor. log dosyalarını inceleyebilirmisiniz acaba. şimdiden teşekkürler.. ComboFix 09-11-16.03 - Administrator 16.11.2009 3:07..2 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.2046.1570 [GMT 2:00] Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF} . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\system32\scrrntr.dll . ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 ))))))))))))))))))))))))))))))) . 2009-11-16 00:39 . 2009-11-16 00:39 -------- d-----w- c:\program files\Trend Micro 2009-11-16 00:33 . 2009-11-16 00:33 -------- d-----w- c:\program files\NOS 2009-11-15 21:19 . 2009-11-15 21:21 -------- d-----w- C:\$AVG 2009-11-15 21:19 . 2009-11-15 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9 . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-16 00:34 . 2009-07-11 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2009-11-15 23:58 . 2009-02-02 19:43 -------- d-----w- c:\program files\eMule 2009-11-15 21:19 . 2009-02-02 18:57 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys 2009-11-15 21:19 . 2009-02-02 18:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll 2009-11-15 21:19 . 2009-02-02 18:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys 2009-11-15 21:19 . 2009-02-02 18:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys 2009-11-15 21:19 . 2009-02-02 18:57 -------- d-----w- c:\program files\AVG 2009-11-15 21:10 . 2009-08-16 18:44 -------- d-----w- c:\program files\Hattrick Coach Professional 2009-11-15 20:57 . 2009-11-15 20:57 0 ----a-w- c:\windows\system32\atiicdxx.dat 2009-11-15 20:57 . 2009-11-15 20:57 0 ----a-w- c:\windows\ativpsrm.bin 2009-11-15 20:55 . 2009-11-15 20:53 -------- d-----w- c:\program files\Microsoft 2009-11-15 20:55 . 2009-11-15 20:55 -------- d-----w- c:\program files\Common Files\Apple 2009-11-15 20:54 . 2009-11-15 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI 2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\ATI Technologies 2009-11-15 20:53 . 2009-08-02 22:48 -------- d-----w- c:\program files\OpenAL 2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\MSBuild 2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\QuickTime 2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\K-Lite Codec Pack 2009-11-15 20:52 . 2009-11-15 18:53 -------- d-----w- c:\program files\HiGames 2009-11-15 20:52 . 2009-11-15 18:53 -------- d-----w- c:\program files\Emoti Match 2009-11-15 20:52 . 2009-02-02 18:30 -------- d-----w- c:\program files\NetLimiter 2009-11-15 20:52 . 2009-02-02 19:25 -------- d-----w- c:\program files\FileZilla FTP Client 2009-11-15 19:02 . 2009-11-15 19:02 -------- d-----w- c:\program files\WildSnake Software 2009-11-15 18:49 . 2009-11-15 18:49 -------- d-----w- c:\program files\Hasbro Interactive 2009-11-15 18:34 . 2009-11-15 18:34 -------- d-----w- c:\program files\MyPlayCity.com 2009-11-09 15:57 . 2009-02-11 18:55 -------- d-----w- c:\program files\Microsoft Works 2009-11-07 14:43 . 2009-02-02 17:58 84704 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-06 19:12 . 2009-11-03 18:03 -------- d-----w- c:\program files\Roxio 2009-11-06 19:12 . 2009-11-03 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio 2009-11-06 19:12 . 2009-11-06 19:12 -------- d-----w- c:\program files\Common Files\Sonic Shared 2009-11-06 19:08 . 2009-11-03 17:59 -------- d-----w- c:\program files\Common Files\Roxio Shared 2009-11-06 19:01 . 2009-11-03 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion 2009-11-04 04:41 . 2009-10-11 00:37 256 ----a-w- c:\windows\system32\pool.bin 2009-11-03 22:44 . 2009-11-03 22:44 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe 2009-11-03 18:05 . 2009-11-03 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield 2009-11-03 18:05 . 2009-11-03 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic 2009-11-03 17:59 . 2009-11-03 17:58 -------- d-----w- c:\program files\Research In Motion 2009-11-03 17:59 . 2009-10-11 00:36 -------- d-----w- c:\program files\Common Files\Research In Motion 2009-10-29 19:15 . 2001-11-22 12:00 82540 ----a-w- c:\windows\system32\perfc01F.dat 2009-10-29 19:15 . 2001-11-22 12:00 430960 ----a-w- c:\windows\system32\perfh01F.dat 2009-10-11 00:37 . 2009-10-11 00:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Research In Motion 2009-10-01 14:55 . 2009-02-02 19:33 -------- d-----w- c:\program files\Spybot - Search & Destroy 2009-09-21 12:00 . 2009-02-02 18:19 -------- d--h--w- c:\program files\InstallShield Installation Information . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 2007-05-24 07:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\eMule\\emule.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "d:\\oyunlar\\age of 2\\age\\aoe20a_crk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "d:\\oyunlar\\age of 2\\age\\empires2.EXE"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"= "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\The Creative Assembly\\Medieval - Total War - Gold Edition\\Medieval_TW.exe"= "c:\\OYUNLAR SETUP (DEVAM)\\World in Conflict Complete Edition\\wic.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"= "c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"= "c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"= "c:\\Program Files\\AVG\\AVG9\\avgemc.exe"= R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [02.02.2009 20:38 11264] R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02.02.2009 20:57 333192] R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02.02.2009 20:57 360584] R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [24.05.2007 09:13 2234800] R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15.11.2009 23:46 906520] R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.11.2009 23:19 285392] R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [24.05.2007 09:13 36368] R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [24.05.2007 09:13 110032] R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [24.05.2007 09:13 673456] S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04.08.2004 00:45 14336] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.com.tr/ LSP: c:\program files\NetLimiter\nl_lsp.dll FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ee3o23as.default\ FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll ---- FIREFOX POLICIES ---- c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); . - - - - ORPHANS REMOVED - - - - WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file) ************************************************************************** scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1220945662-1383384898-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*] "??"=hex:92,6a,83,6b,e1,24,fa,73,46,48,ce,0e,4f,db,c5,58,7b,6d,30,32,b6,30,5a, 6d,e3,ae,ab,9d,d2,d0,c9,06,58,75,57,b0,54,a8,98,cf,b0,36,12,6e,2e,ed,1c,d5,\ "??"=hex:9d,1b,ff,ec,47,01,e5,b2,d1,12,e2,67,ec,4d,cd,18 [HKEY_USERS\S-1-5-21-1220945662-1383384898-839522115-500\Software\SecuROM\License information*] "datasecu"=hex:4f,d4,61,2e,2a,0a,f1,15,7d,8b,0b,76,2b,68,c3,12,6a,f6,5d,46,48, c6,ec,78,4f,28,b5,8f,b6,8c,0b,84,54,e8,56,b3,88,16,15,d8,6e,60,81,d7,7d,f0,\ "rkeysecu"=hex:a9,80,3b,fa,d9,15,45,b5,56,d2,b6,b4,aa,27,04,1f . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'winlogon.exe'(756) c:\windows\system32\Ati2evxx.dll - - - - - - - > 'lsass.exe'(812) c:\program files\NetLimiter\nl_lsp.dll c:\windows\system32\nl_msgc.dll - - - - - - - > 'explorer.exe'(3492) c:\windows\system32\msi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\AVG\AVG9\avgnsx.exe c:\program files\AVG\AVG9\avgrsx.exe c:\program files\AVG\AVG9\avgchsvx.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe c:\windows\system32\wdfmgr.exe c:\program files\AVG\AVG9\avgcsrvx.exe c:\windows\system32\imapi.exe c:\windows\system32\wscntfy.exe . ************************************************************************** . Completion time: 2009-11-16 03:14 - machine was rebooted ComboFix-quarantined-files.txt 2009-11-16 01:13 Pre-Run: 53.765.787.648 bayt boş Post-Run: 54.221.762.560 bayt boş WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 0F40BCEBFFDE991FB6C582B26682D6CE |
Merhaba kardeşim bu başlığı ilk kez bugün gördüm indirip proğramı çalıştırdım sonuçlar aşağıda bi bakarmısın fizlenmeyi gerektiren var mı? Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:21:29, on 16.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Opera\opera.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\wuauclt.exe C:\Program Files\uTorrent\uTorrent.exe C:\Users\fatih\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.131.10:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe" O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe" O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - Global Startup: Bluetooth.lnk = ? O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm O13 - Gopher Prefix: O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Rezip - Unknown owner - C:\Windows\SYSTEM32\Rezip.exe O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe -- End of file - 6537 bytes |
Orijinalden alıntı: serji Orijinalden alıntı: karann1905 s.a kardes ustte yolladıgım log tan sonra pc cok dondud ve sistem geri yukleme yaptımduzeldi biraz yeni log; R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 ComboFix adlı programı masaüstünüze indirin. http://www.buraksonmez.com/dosyalar/ComboFix.exe 1. Tüm açık pencerelerinizi ve programlarınızı kapatın. 2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın. 3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin. 4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın. 5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır. 6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir. 7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur. 8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz. 9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin. kardes combofixle tarama yaptırdım exe dosyası asagıdadır.birsey yapmam gereklimidir? ComboFix 09-11-16.05 - Administrator 16.11.2009 12:20:41..1 - FAT32x86 Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.510.252 [GMT 2:00] Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} * Created a new restore point * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\scrrntr.dll . ((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 ))))))))))))))))))))))))))))))) . 2009-11-08 15:39:47 . 2009-11-08 15:40:04 0 d-----w- C:\Program Files\Windows Live 2009-11-08 15:34:57 . 2009-11-08 16:20:09 0 d-----w- C:\WINDOWS\SxsCaPendDel 2009-11-08 15:27:33 . 2009-11-08 15:27:33 0 d-----w- C:\WINDOWS\system32\wbem\Repository 2009-11-08 07:24:12 . 2009-11-08 15:33:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2009-11-07 17:27:04 . 2009-11-07 17:34:41 35528152 ----a-w- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F2363T1L1\setup_gF2363T1L1_d685289173_l1_s1.exe 2009-11-07 17:19:17 . 2009-11-07 17:34:17 0 d-----w- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache 2009-11-06 05:40:51 . 2009-11-16 08:59:41 0 d-----w- C:\Documents and Settings\Administrator\Tracing 2009-11-06 05:39:46 . 2009-11-06 05:39:46 0 d-----w- C:\Program Files\Microsoft 2009-11-06 05:20:13 . 2009-11-06 05:20:13 0 d-----w- C:\Program Files\Common Files\Windows Live 2009-11-06 05:20:09 . 2009-11-08 15:39:06 18440 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2009-11-04 13:01:03 . 2009-11-12 06:53:21 0 d-----w- C:\Program Files\Total Video Converter 2009-11-04 12:43:33 . 2009-04-23 19:25:08 8704 ----a-w- C:\WINDOWS\system32\kbdjpn.dll 2009-11-04 12:43:33 . 2009-04-23 19:25:08 8192 ----a-w- C:\WINDOWS\system32\kbdkor.dll 2009-11-04 12:43:33 . 2009-04-23 19:25:08 6144 ----a-w- C:\WINDOWS\system32\kbd101c.dll 2009-11-04 12:43:33 . 2009-04-23 19:25:08 5632 ----a-w- C:\WINDOWS\system32\kbd103.dll 2009-11-04 12:43:32 . 2009-04-23 19:25:26 6144 ----a-w- C:\WINDOWS\system32\kbd106.dll 2009-11-04 12:43:32 . 2009-04-23 19:25:08 6144 ----a-w- C:\WINDOWS\system32\kbd101b.dll 2009-11-01 13:09:34 . 2009-11-01 13:09:34 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-11 11:00:18 . 2009-10-03 10:26:26 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP 2009-11-08 15:30:19 . 2008-04-15 12:00:00 44212 ----a-w- C:\WINDOWS\system32\perfc01F.dat 2009-11-08 15:30:19 . 2008-04-15 12:00:00 297642 ----a-w- C:\WINDOWS\system32\perfh01F.dat 2009-11-07 07:14:39 . 2009-09-28 08:06:23 0 d-----w- C:\Documents and Settings\Administrator\Application Data\LimeWire 2009-10-09 06:06:04 . 2009-10-09 06:06:04 0 ----a-w- C:\WINDOWS\nsreg.dat 2009-09-28 08:04:25 . 2009-09-28 08:05:08 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll 2009-09-28 08:03:52 . 2009-09-28 08:03:52 0 d-----w- C:\Program Files\Java 2009-09-28 08:03:06 . 2009-09-28 08:03:06 152576 ----a-w- C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll 2009-09-28 07:59:47 . 2009-09-28 07:58:32 0 d-----w- C:\Program Files\LimeWire 2009-09-27 13:32:33 . 2009-09-19 07:03:02 0 d-----w- C:\Program Files\Common Files\Adobe 2009-09-19 07:08:28 . 2009-09-19 07:08:26 0 d-----w- C:\Program Files\CCleaner 2009-09-19 06:58:34 . 2009-09-19 06:58:34 0 d-----w- C:\Documents and Settings\Administrator\Application Data\IObit 2009-09-19 06:58:22 . 2009-09-19 06:58:22 0 d-----w- C:\Program Files\IObit 2009-09-19 06:57:12 . 2009-09-19 06:57:12 0 d--h--w- C:\Program Files\InstallShield Installation Information 2009-09-19 06:57:06 . 2009-09-18 15:18:02 0 d-----w- C:\Program Files\Common Files\InstallShield 2009-09-19 06:42:54 . 2009-09-19 06:42:54 0 d-----w- C:\Program Files\ESET 2009-09-19 06:42:54 . 2009-09-19 06:42:54 0 d-----w- C:\Documents and Settings\All Users\Application Data\ESET 2009-09-19 06:21:14 . 2009-09-19 06:21:14 29926 ----a-r- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{13E7F4A4-33A0-16B0-6486-FAA38C2A7067}\ARPPRODUCTICON.exe 2009-09-19 06:21:02 . 2009-09-19 06:21:02 0 d-----w- C:\Program Files\Nero 2009-09-19 06:21:02 . 2009-09-19 06:21:02 0 d-----w- C:\Program Files\Common Files\Ahead 2009-09-19 06:10:20 . 2009-09-19 06:09:18 0 dcsh--w- C:\Program Files\Common Files\WindowsLiveInstaller 2009-09-19 06:09:06 . 2009-09-19 06:09:06 0 d-----w- C:\Documents and Settings\All Users\Application Data\WLInstaller 2009-09-18 15:27:41 . 2009-09-18 14:58:16 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat 2009-09-18 15:14:57 . 2009-09-18 15:14:57 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Conceptworld 2009-09-18 15:00:05 . 2009-09-18 15:00:05 2 ----a-w- C:\WINDOWS\HFSLIP.TMP 2009-09-18 14:55:34 . 2009-09-18 14:55:34 21736 ----a-w- C:\WINDOWS\system32\emptyregdb.dat . ------- Sigcheck ------- [-] 2009-04-23 18:18:14 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\drivers\tcpip.sys [-] 2009-04-23 20:14:35 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe [-] 2009-04-23 20:07:59 . 2E1BE2B73E406E85211B0CC306BB1E56 . 662528 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\comctl32.dll [-] 2009-04-23 20:11:22 . FBC4C5F06D7397B749D887F84A6CF519 . 2389248 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\system32\ntoskrnl.exe [-] 2009-04-23 20:14:18 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll [-] 2009-04-23 20:08:38 . 6996F4174D83FB076851095E8C070BC4 . 2326016 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe [-] 2009-04-23 20:08:21 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 13:48:30 1443072] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 09:20:00 6803456] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2009-04-23 20:08:21 40960] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2009-04-23 18:22:02 128512] |
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:44:33, on 17.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe C:\PROGRA~1\AVG\AVG8\avgfws8.exe C:\PROGRA~1\AVG\AVG8\avgam.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe C:\PROGRA~1\AVG\AVG8\avgrsx.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe C:\WINDOWS\system32\svchost.exe C:\PROGRA~1\AVG\AVG8\avgemc.exe C:\Program Files\AVG\AVG8\avgcsrvx.exe C:\PROGRA~1\AVG\AVG8\avgtray.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\PROGRA~1\AVG\AVG8\avgnsx.exe C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\windows\Belgelerim\Downloads\HiJackThis.exe C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: TT Jacker :) O1 - Hosts: 195.8.214.141 dailymotion.com O1 - Hosts: 195.8.214.142 dailymotion.com O1 - Hosts: 195.8.214.140www.dailymotion.com O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70www.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com O1 - Hosts: 67.228.223.62 mp3hanesi.com O1 - Hosts: 67.228.223.62 mp3hanesi.net O1 - Hosts: 67.228.223.62 mp3hanesi.org O1 - Hosts: 67.228.223.62www.mp3hanesi.com O1 - Hosts: 67.228.223.62www.mp3hanesi.net O1 - Hosts: 67.228.223.62www.mp3hanesi.org O1 - Hosts: 75.126.2.88 forumtr.com O1 - Hosts: 75.126.2.88www.forumtr.com O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe O4 - HKLM\..\Run: [AirTiesWUS-300] C:\Program Files\AirTies\AirTiesWUS-300\WUS300.exe O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305) O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ? O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{8F796048-1029-414F-8702-06F946394F01}: NameServer = 208.67.222.222,208.67.220.220 O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- End of file - 14619 bytes şimdi ne yapmam gerekiyor acaba arkadaşlar ??? |
Bilgisayarda ne kadar virus varsa taradım ve kaldırdım hepsini fakat virus programıyla taradığımda bulduğu bir hata var ve bu hatayı düzeltmiyor virus programı. Hata şu verdiği network adresi güvenlik açıkları diye bir hata. Bilgisayarımda internet hızım yavaşladı. Ayrıca her gün girdiğim mahkeme kararıyla engellenmemiş siteler var yani herkesin girebildiği fakat bunlara herkes girebilirken ben giremiyorum, açılmıyorlar ve hoparlörlerden şişe kapağı açılırmış gibi bir ses geliyor düzensiz aralıklarla. Yardımlarınız için şimdiden teşekkür ederim. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 14:11:54, on 18.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\arservice.exe C:\WINDOWS\ehome\ehtray.exe C:\WINDOWS\RTHDCPL.EXE C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\vVX1000.exe C:\Program Files\WebMoney Agent\wmagent.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Registry Clean Expert\RCHelper.exe C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe C:\Program Files\DNA\btdna.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\svchost.exe C:\HP\KBD\KBD.EXE c:\windows\system\hpsysdrv.exe C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Documents and Settings\HP_Sahibi\Desktop\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: TBSB03223 - {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - C:\Program Files\WebMoney Advisor\wmadvisor.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe" O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user') O4 - S-1-5-18 Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe (User 'SYSTEM') O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM') O4 - .DEFAULT Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe (User 'Default user') O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user') O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user') O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user') O4 - Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ? O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Otomatik LiveUpdate Zamanlayıcı (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe -- End of file - 10880 bytes |
Belki bir ihtimal cevap veren olur. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:28:22, on 18.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0013) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\VistaDrive\VistaDrive.exe C:\Program Files\GlobespanVirata\Adsl\dslstat.exe C:\Program Files\GlobespanVirata\Adsl\dslagent.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\WINDOWS\system32\ctfmon.exe C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Opera\opera.exe C:\DOCUME~1\Home\LOCALS~1\Temp\winrifew.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Documents and Settings\Home\Belgelerim\Downloads\Programs\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.bearshare.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033 O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O17 - HKLM\System\CCS\Services\Tcpip\..\{56AB6F80-D31A-4D30-8E19-77A00848C9E6}: NameServer = 208.67.222.222 208.67.220.220 O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing) O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing) -- End of file - 5188 bytes |
Bilgisayarı her açışta tanımadığım bir link çalışıyor, ad awer ve nod 32 ile kaldıramadım görünmüyor başlangıç programlarındada yok internet özelliklerindenmi komut alıyor diye baktım oradada yok en sonunda HijackThis yükleyip çalıştırdım çıkan liste bu hangisini fix lemem lağzım yardımlar için teşekkür ederim. link: meetlocalpeople.org Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:44:56, on 18.11.2009 Platform: Windows Vista SP2 (WinNT 6.00.1906) MSIE: Internet Explorer v8.00 (8.00.6001.18828) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\System32\mobsync.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Windows\RtHDVCpl.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Windows\Samsung\PanelMgr\SSMMgr.exe C:\Program Files\QuickTime\QTTask.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\LimeWire\LimeWire.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: TT Jacker 3 :) O1 - Hosts: TTNET Kiss Kiss :p O1 - Hosts: 208.117.236.71 ru.youtube.com O1 - Hosts: 208.117.236.71 fr.youtube.com O1 - Hosts: 208.117.236.71 youtube.com O1 - Hosts: 208.117.236.71www.youtube.com O1 - Hosts: 208.117.236.71 au.youtube.com O1 - Hosts: 208.117.236.71 ca.youtube.com O1 - Hosts: 208.117.236.71 m.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 209.85.165.102 gdata.youtube.com O1 - Hosts: 208.117.236.71 ru.youtube.com O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70www.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com O1 - Hosts: 72.14.205.104 help.youtube.com O1 - Hosts: 72.14.205.147 help.youtube.com O1 - Hosts: 72.14.205.99 help.youtube.com O1 - Hosts: 58.27.3.132www.sopcast.com O1 - Hosts: 58.27.3.132 sopcast.com O1 - Hosts: 119.110.96.136www.sopcast.org O1 - Hosts: 119.110.96.136 sopcast.org O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [Skytel] Skytel.exe O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{F711CC09-7C42-46FD-9193-E2A76D99E962}: NameServer = 208.67.222.222,208.67.220.220 O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing) O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe O23 - Service: DFServ - Unknown owner - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (file missing) O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- End of file - 12194 bytes |
sayın hocalarım, bilgisyarımda c ve e sürücüleri var, e sürücüsünde fotoğ. müzikler var son zamanlarda ne fotoğraflara bakabiliyorom ne de müzik dinleyebiliyorum, bilgisyar direk donuyor. e sürücüsünü hem avastla hem de not 32 ile taramaya çalışıyorum ama olmuyor belli bir yere gelip o programlar da bilgisyar da donuyor. combofix raporu aşağıda ilgilenirseniz sevinirim. bir de ne yapmam gerektiğini detaylı açıklarsanız sevinirim, biraz acemiyim zorlanıyorum. saygılarımla ComboFix 08-08-03.05 - mahmut 2009-11-18 18:46:10.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1254.1.1055.18.1328 [GMT 2:00] Running from: C:\Users\mahmut\Desktop\18628-ComboFix.exe * Created a new restore point . - REDUCED FUNCTIONALITY MODE - . ((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 ))))))))))))))))))))))))))))))) . No new files created in this timespan . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-11-18 12:21 --------- d-----w C:\ProgramData\ESET 2009-11-17 21:01 --------- d-----w C:\Program Files\Alwil Software 2009-11-12 01:07 --------- d-----w C:\Program Files\Windows Mail 2009-11-08 01:21 --------- d-----w C:\Program Files\Windows Calendar 2009-11-03 15:35 268,800 ----a-w C:\Windows\System32\es.dll 2009-11-03 01:02 2,048 ----a-w C:\Windows\System32\tzres.dll 2009-11-03 01:00 61,440 ----a-w C:\Windows\System32\winipsec.dll 2009-11-03 01:00 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL 2009-11-03 01:00 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll 2009-11-03 01:00 272,896 ----a-w C:\Windows\System32\polstore.dll 2009-11-02 21:06 96,760 ----a-w C:\Windows\System32\dfshim.dll 2009-11-02 21:06 83,968 ----a-w C:\Windows\System32\mscories.dll 2009-11-02 21:06 41,984 ----a-w C:\Windows\System32\netfxperf.dll 2009-11-02 21:06 282,112 ----a-w C:\Windows\System32\mscoree.dll 2009-11-02 21:06 158,720 ----a-w C:\Windows\System32\mscorier.dll 2009-11-02 20:36 174 --sha-w C:\Program Files\desktop.ini 2009-11-02 20:30 --------- d-----w C:\Program Files\Windows Sidebar 2009-11-02 20:01 95,232 ----a-w C:\Windows\System32\PortableDeviceClassExtension.dll 2009-11-02 20:01 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll 2009-11-02 20:01 160,768 ----a-w C:\Windows\System32\PortableDeviceTypes.dll 2009-11-02 19:59 87,040 ----a-w C:\Windows\System32\msoert2.dll 2009-11-02 19:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll 2009-11-02 19:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll 2009-11-02 19:56 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2009-11-02 19:56 542,720 ----a-w C:\Windows\System32\sysmain.dll 2009-11-02 19:56 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2009-11-02 19:56 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2009-11-02 19:56 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2009-11-02 19:56 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2009-11-02 19:56 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2009-11-02 19:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll 2009-11-02 19:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys 2009-11-02 19:54 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2009-11-02 19:54 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2009-11-02 19:54 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2009-11-02 19:54 299,520 ----a-w C:\Windows\System32\wlansec.dll 2009-11-02 19:54 289,280 ----a-w C:\Windows\System32\wlanmsm.dll 2009-11-02 19:54 123,904 ----a-w C:\Windows\System32\L2SecHC.dll 2009-11-02 19:51 72,704 ----a-w C:\Windows\System32\fontsub.dll 2009-11-02 19:51 34,304 ----a-w C:\Windows\System32\atmlib.dll 2009-11-02 19:51 289,792 ----a-w C:\Windows\System32\atmfd.dll 2009-11-02 19:51 24,064 ----a-w C:\Windows\System32\lpk.dll 2009-11-02 19:51 156,160 ----a-w C:\Windows\System32\t2embed.dll 2009-11-02 19:51 10,240 ----a-w C:\Windows\System32\dciman32.dll 2009-11-02 19:50 72,704 ----a-w C:\Windows\System32\secur32.dll 2009-11-02 19:50 7,680 ----a-w C:\Windows\System32\lsass.exe 2009-11-02 19:50 408,136 ----a-w C:\Windows\system32\drivers\ksecdd.sys 2009-11-02 19:50 216,576 ----a-w C:\Windows\System32\msv1_0.dll 2009-11-02 19:50 175,104 ----a-w C:\Windows\System32\wdigest.dll 2009-11-02 19:50 1,233,920 ----a-w C:\Windows\System32\lsasrv.dll 2009-11-02 19:48 98,816 ----a-w C:\Windows\System32\mfps.dll 2009-11-02 19:48 52,736 ----a-w C:\Windows\System32\rrinstaller.exe 2009-11-02 19:48 24,576 ----a-w C:\Windows\System32\mfpmp.exe 2009-11-02 19:48 2,855,424 ----a-w C:\Windows\System32\mf.dll 2009-11-02 19:48 2,048 ----a-w C:\Windows\System32\mferror.dll 2009-11-02 19:46 376,832 ----a-w C:\Windows\System32\winhttp.dll 2009-11-02 19:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2009-11-02 19:41 71,680 ----a-w C:\Windows\System32\atl.dll 2009-11-02 19:39 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys 2009-11-02 19:39 297,472 ----a-w C:\Windows\System32\gdi32.dll 2009-11-02 19:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys 2009-11-02 19:35 3,502,152 ----a-w C:\Windows\System32\ntkrnlpa.exe 2009-11-02 19:35 3,467,864 ----a-w C:\Windows\System32\ntoskrnl.exe 2009-11-02 19:34 211,456 ----a-w C:\Windows\system32\drivers\mrxsmb10.sys 2009-11-02 19:33 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll 2009-11-02 19:32 500,736 ----a-w C:\Windows\System32\msdtcprx.dll 2009-11-02 19:32 30,208 ----a-w C:\Windows\System32\xolehlp.dll 2009-11-02 19:32 156,160 ----a-w C:\Windows\System32\wkssvc.dll 2009-11-02 19:31 36,352 ----a-w C:\Windows\System32\tsgqec.dll 2009-11-02 19:31 116,736 ----a-w C:\Windows\System32\aaclient.dll 2009-11-02 19:31 1,871,872 ----a-w C:\Windows\System32\mstscax.dll 2009-11-02 19:30 303,616 ----a-w C:\Windows\System32\wmpeffects.dll 2009-11-02 19:29 2,048 ----a-w C:\Windows\System32\msxml3r.dll 2009-11-02 19:29 1,194,496 ----a-w C:\Windows\System32\msxml3.dll 2009-11-02 19:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2009-11-02 19:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll 2009-11-02 19:27 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys 2009-11-02 19:27 61,952 ----a-w C:\Windows\System32\cmifw.dll 2009-11-02 19:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll 2009-11-02 19:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll 2009-11-02 19:27 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys 2009-11-02 19:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll 2009-11-02 19:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll 2009-11-02 19:27 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS 2009-11-02 19:25 428,032 ----a-w C:\Windows\System32\EncDec.dll 2009-11-02 19:25 292,352 ----a-w C:\Windows\System32\psisdecd.dll 2009-11-02 19:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2009-11-02 19:22 88,576 ----a-w C:\Windows\System32\avifil32.dll 2009-11-02 19:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll 2009-11-02 19:22 696,832 ----a-w C:\Windows\System32\localspl.dll 2009-11-02 19:22 65,024 ----a-w C:\Windows\System32\avicap32.dll 2009-11-02 19:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll 2009-11-02 19:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll 2009-11-02 19:22 12,800 ----a-w C:\Windows\System32\msrle32.dll 2009-11-02 19:21 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys 2009-11-02 19:21 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys 2009-11-02 19:21 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys 2009-11-02 19:21 2,923,520 ----a-w C:\Windows\explorer.exe 2009-11-02 19:21 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys 2009-11-02 19:21 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}] 2009-11-02 20:52 458736 --a------ C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:35 413696] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 20:52 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:53 894512] "Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 16:00 571024] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872] "MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208] "Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-02 20:52 122368] "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 13:56 81000] "RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain] --a------ 2007-05-22 15:32 538744 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software] --a------ 2007-04-10 16:40 413696 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp] --a------ 2007-01-09 23:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS] --a------ 2007-06-18 09:51 1507328 C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe] --a------ 2006-11-02 14:35 125440 C:\Windows\ehome\ehtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON] --a------ 2006-12-07 15:49 55416 C:\Program Files\TOSHIBA\TBS\HSON.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz] --a------ 2007-01-12 20:28 431752 C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify] --a------ 2006-11-06 16:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView] --a------ 2007-05-23 14:57 509496 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] --a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL] --a------ 2006-03-22 20:42 438272 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi] --a------ 2007-04-02 11:48 577536 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel] --a------ 2007-05-28 14:39 1826816 C:\Windows\SkyTel.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus] "DisableMonitoring"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System] "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic| R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01] R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2009-09-15 13:55] R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 13:55] R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 13:55] R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 11:36] S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe [2006-11-02 11:45] S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 00:48] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d86f7a85-c88e-11de-af41-001b3843f3e3}] \shell\AutoRun\command - D:\mwfubaob.exe \shell\open\Command - D:\mwfubaob.exe *Newly Created Service* - COMHOST [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}] "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP . - - - - ORPHANS REMOVED - - - - MSConfigStartUp-HWSetup - \HWSetup.exe MSConfigStartUp-NDSTray - NDSTray.exe . ------- Supplementary Scan ------- . R0 -: HKCU-Main,Start Page = hxxp://www.google.com.tr/ O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?TR O16 -: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB C:\Windows\Downloaded Program Files\JaguarEditControl.INF C:\Windows\Downloaded Program Files\JaguarEditControl.dll O16 -: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab C:\Windows\Downloaded Program Files\PhotoUploader55.inf C:\Windows\System32\unicows.dll C:\Windows\Downloaded Program Files\PhotoUploader55.ocx O16 -: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab C:\Windows\Downloaded Program Files\gp.inf C:\Windows\System32\atl.dll C:\Windows\Downloaded Program Files\gp.ocx ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net Rootkit scan 2009-11-18 18:46:48 Windows 6.0.6000 NTFS scanning hidden processes ... scanning hidden autostart entries ... HKCU\Software\Microsoft\Windows\CurrentVersion\Run TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????{???8???`???????????? scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . Completion time: 2009-11-18 18:49:19 ComboFix-quarantined-files.txt 2009-11-18 16:48:57 Pre-Run: Sistem, Application için ileti dosyası içinde 0x2379 ileti numarası için ileti metnini bulamıyor. Post-Run: 46,679,150,592 bayt boş 221 --- E O F --- 2009-11-18 14:43:54 |
Üstad bir de benim loglara bakabilirmisin,bir sorun varmı acaba.Çok tesekkurler... Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 02:05:31, on 19.11.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Microsoft LifeCam\MSCamS32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\nvraidservice.exe C:\WINDOWS\system32\Rundll32.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\vVX3000.exe C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe C:\Program Files\Logitech\Gaming Software\LWEMon.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MICROS~3\rapimgr.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe C:\WINDOWS\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sony\SonicStage\Omgjbox.exe C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Piaggio\Desktop\HiJackThis.exe R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe" O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [2F4Yrqatray] "C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe" -tray O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\international\PhysX_9.09.0814_SystemSoftware.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200 O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: HP Akıllı Seçim - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A57FD8C3-0920-4C47-B729-4DB95997FC28}: NameServer = 4.2.2.5,4.2.2.6 O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe -- End of file - 10163 bytes |
Serji senide yoruyoruz ama bide buna bi bakabilirmisin... Windows görev yöneticisinde garip şeyler görüyorum(mesela explorer.exe:userini.exe gibi) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:07:00, on 19.11.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\taskswitch.exe C:\Program Files\AvaFind\AvaFind.exe C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\DAEMON Tools\daemon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Mozilla Firefox\firefox.exe E:\Yedek D\Prog\serhan program dvd\anti virüs\HiJackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Global Startup: AutorunsDisabled O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - AutorunsDisabled - (no file) O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247544337328 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247544298750 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5 O17 - HKLM\System\CS1\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5 O17 - HKLM\System\CS2\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe -- End of file - 5998 bytes |
Sana zahmet bi benim bilgisayara bakarmısın. YouTube tarzı Steam video yüklemelerinde bir yavaşlık söz konusu. Kullandığım Tarayıcıdan da olabilir. Yardımcı olursan sevinirim. Logfile of Trend Micro HijackThis v2.0.2 |
Merhaba Kaspersky İnternet Security 8 kullanıyorum.Pc her açılıştan sonra kis tarafından Win32 Agent.amjd saptayıp siliyor.İçeren klasör olarak system32 /drvstore gösteriyor.Ekteki Log dosyasını inceleyebilirmisiniz.Teşekkürler... Logfile of Trend Micro HijackThis v2.0.2 ComboFix 09-11-19.05 - Term1 20.11.2009 13:35.2.2 - x86 |
windows 7 yukledım sorun yok sadece bi bakıver burak ustadım :)
saygılar
Bu mesaja 1 cevap geldi. Cevapları Gizle