DH Anasayfa
İndirim Kodu
Ara
Popüler
Foruma Git
Hakkımızda
Destek
Mobil Sürüm
Standart Site Görünümü
Bu Konuda
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Arama butonu
Bağlan:
Facebook
Google+
Twitter
Aşağı Git Tüm Forumlar İşletim Sistemleri ve Yazılımlar Yazılım Genel Güvenlik Programları HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+
Bu konudaki kullanıcılar: 1 misafir
9876
Cevap 1234502
Tıklama 0
Öne Çıkarma
Cevap: HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (448. sayfa)
Cevap Yaz
Konuya Özel
K
karacaardıç
14 yıl
Yarbay

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 16:19:11, on 14.11.2009 
  Platform: Unknown Windows (WinNT 6.01.3504) 
  MSIE: Internet Explorer v8.00 (8.00.7600.16385) 
  Boot mode: Normal 
   
  Running processes: 
  C:\Windows\system32\taskhost.exe 
  C:\Windows\system32\Dwm.exe 
  C:\Windows\Explorer.EXE 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\Program Files\Windows Sidebar\sidebar.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe 
  C:\Users\AsiYakar\Desktop\oyunlokali101(2).exe 
  C:\Users\AsiYakar\Desktop\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =  
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =  
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =  
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =  
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" 
  O4 - HKLM\..\Run: [CircleVirtualCD] C:\Program Files\Circle\VirtualCD\HvcdUI.exe 
  O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE 
  O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun 
  O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\torent\uTorrent.exe" 
  O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background 
  O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm 
  O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O13 - Gopher Prefix:  
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220 
  O17 - HKLM\System\CS1\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220 
  O17 - HKLM\System\CS2\Services\Tcpip\..\{029CD298-C3FC-4C99-81F5-A835BF1BE16B}: NameServer = 208.67.222.222,208.67.220.220 
  O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll 
  O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\WINDOWS\reset.exe 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
   
  -- 
  End of file - 4391 bytes


windows 7 yukledım sorun yok sadece bi bakıver burak ustadım :)

saygılar


Bu mesaja 1 cevap geldi.
A
Azor Ahai
14 yıl
Yarbay

Hocam Counter vs. oyunları oynadığımda internette kopmalar oluyor. Sorun programlarla mı ilgili bir bakar mısın? 
Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 18:11:36, on 14.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\system32\Ati2evxx.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\WINDOWS\RTHDCPL.EXE 
  C:\Program Files\Winamp\winampa.exe 
  C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe 
  C:\Documents and Settings\EmperoR\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe 
  C:\Program Files\Orbitdownloader\orbitdm.exe 
  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe 
  C:\Program Files\4t Tray Minimizer\4t-min.exe 
  C:\Program Files\Orbitdownloader\orbitnet.exe 
  C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe 
  C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
  C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\CDBurnerXP\NMSAccessU.exe 
  C:\WINDOWS\system32\PnkBstrA.exe 
  C:\WINDOWS\system32\wscntfy.exe 
  C:\WINDOWS\system32\wbem\wmiapsrv.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\Program Files\Steam\Steam.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  C:\Documents and Settings\EmperoR\Desktop\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/ 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/ 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://search.localstrike.com.ar/ 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://search.localstrike.com.ar/ 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.localstrike.com.ar/ 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.localstrike.com.ar/ 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes09pcgate-e.winning-eleven.net 
  O1 - Hosts: 5.150.113.84 pes2009web.winning-eleven.net 
  O1 - Hosts: localhost pes7stun-e.winning-eleven.net 
  O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 
  O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll 
  O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
  O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll 
  O3 - Toolbar: &Save Flash - {4064EA35-578D-4073-A834-C96D82CBCF40} - C:\Program Files\Save Flash\SaveFlash.dll 
  O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll 
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
  O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE 
  O4 - HKLM\..\Run: [GEST] m|\ü 
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" 
  O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice 
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun 
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background 
  O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" 
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\EmperoR\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c 
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent 
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files\4t Tray Minimizer\4t-min.exe 
  O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe 
  O4 - Startup: Cs Serverlar.lnk = E:\GAMES\Valve\platform\Cs Serverlar.url 
  O4 - Startup: OtomatikServerList.lnk = C:\Program Files\Valve\platform\baslangic_serverlist.exe 
  O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe 
  O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 
  O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 
  O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 
  O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{4089DC2F-E32C-4077-9720-59A4C3FCA00F}: NameServer = 208.67.222.222,208.67.220.220 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{CF2EAFD9-F24B-4D6F-9C88-CE43E02E95CB}: NameServer = 208.67.222.222,208.67.220.220 
  O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe 
  O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe 
  O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe 
  O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe 
  O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe 
  O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE 
  O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: NMSAccessU - Unknown owner - C:\Program Files\CDBurnerXP\NMSAccessU.exe 
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
   
  -- 
  End of file - 11061 bytes


Bu mesaja 2 cevap geldi.
M
MinaTo
14 yıl
Yüzbaşı

Hocam benimkinede bakabilirmisiniz 
 
  Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 19:09:32, on 14.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\nvsvc32.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  C:\WINDOWS\system32\bgsvcgen.exe 
  C:\Program Files\GameTracker\GSInGameService.exe 
  C:\WINDOWS\System32\svchost.exe 
  c:\program files\mouse recorder\MacroService.exe 
  C:\WINDOWS\System32\dmadmin.exe 
  c:\program files\mouse recorder\MacroServiceWnd.exe 
  C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  C:\Program Files\A4Tech\Mouse\Amoumain.exe 
  C:\WINDOWS\system32\UnlockerAssistant.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  C:\WINDOWS\system32\RUNDLL32.EXE 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe 
  C:\Program Files\DAEMON Tools Lite\daemon.exe 
  C:\Program Files\Evidence Eliminator\ee.exe 
  C:\Program Files\Internet Download Manager\IDMan.exe 
  C:\Program Files\Internet Download Manager\IEMonitor.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Mozilla Firefox 3.6 Beta 1\firefox.exe 
  C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe 
  C:\Documents and Settings\Administrator\Belgelerim\Karşıdan Yüklenenler\HiJackThis.exe 
   
  R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar 
  O1 - Hosts: s127.0.0.1 localhost 
  O1 - Hosts: Youtube Jacker 4 :) 
  O1 - Hosts: 209.85.229.100 www.youtube.com 
  O1 - Hosts: 209.85.229.100 youtube.com 
  O1 - Hosts: 209.85.229.100 tr.youtube.com 
  O1 - Hosts: 209.85.229.100 fr.youtube.com 
  O1 - Hosts: 209.85.229.100 au.youtube.com 
  O1 - Hosts: 209.85.229.100 ca.youtube.com 
  O1 - Hosts: 208.117.236.71 m.youtube.com 
  O1 - Hosts: 74.125.65.118 img.youtube.com 
  O1 - Hosts: 209.85.165.102 gdata.youtube.com 
  O1 - Hosts: 208.117.236.71 ru.youtube.com 
  O1 - Hosts: 208.117.236.70 youtube.com 
  O1 - Hosts: 74.125.65.118 img.youtube.com 
  O1 - Hosts: 88.255.41.21 fr.youtube.com 
  O1 - Hosts: 88.255.41.21 www.fr.youtube.com 
  O1 - Hosts: 74.125.95.138 de.youtube.com 
  O1 - Hosts: 209.85.129.104 help.youtube.com 
  O1 - Hosts: 209.85.129.104 www.help.youtube.com 
  O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com 
  O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com 
  O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com 
  O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com 
  O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com 
  O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll 
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe 
  O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k 
  O4 - HKLM\..\Run: [UnlockerAssistant] "C:\WINDOWS\system32\UnlockerAssistant.exe" 
  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe" 
  O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install 
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
  O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [Taskbar Shuffle] C:\Program Files\Taskbar Shuffle\taskbarshuffle.exe 
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun 
  O4 - HKCU\..\Run: [Evidence Eliminator] C:\Program Files\Evidence Eliminator\ee.exe /m 
  O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 
  O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm 
  O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm 
  O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm 
  O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm 
  O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{B23870ED-13F2-4FA2-979A-0F6C1A9728CB}: NameServer = 4.2.2.1,4.2.2.3 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe 
  O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe 
  O23 - Service: GS In-Game Service - ClanServers Hosting LLC - C:\Program Files\GameTracker\GSInGameService.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 
  O23 - Service: Macro Expert - Grass Software - c:\program files\mouse recorder\MacroService.exe 
  O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 
   
  -- 
  End of file - 11613 bytes



B
big_printer
14 yıl
Teğmen

quote:

Orijinalden alıntı: serji


quote:

Orjinalden alıntı: serhatlı

tarattım log dosyası. bişi bulamadımı?

Virustotal sitesini ziyaret edin.

http://www.virustotal.com/tr/

* Gözat tıklayın ve aşağıdaki dosyaları seçip Aç tıklayın.
* Gönderme işlemi dosyanın boyutuna bağlı olarak zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* İşlem tamamlandıktan sonra sonuçları notdefterine kopyalayıp yapıştırın veya bir ekran görüntüsü alarak mesajınıza ekleyerek bize gönderin. 

c:\windows\system32\drivers\bbcap.sys


Malwarebytes Antimalware adlı programı indirin.

http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.






Malwarebytes' Anti-Malware 1.41
Veritabanı sürümü: 3161
Windows 5.1.2600 Service Pack 3

14.11.2009 22:16:04
mbam-log-2009-11-14 (22-16-04).txt

Tarama biçimi: Hızlı Tarama
Taranan öğeler: 98389
Geçen süre: 5 minute(s), 49 second(s)

Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 3
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0

Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)

Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)

Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)

Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)

Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Not selected for removal.

Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)

Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)


Acaba ciddi tehlikemi var pc'mde lütfen yardım...


Bu mesaja 1 cevap geldi.
B
big_printer
14 yıl
Teğmen

Dosya mbam-log-2009-11-14__22-16-04_.tx alýndýðý zaman 2009.11.14 20:24:55 (UTC)
şimdiki Durumu: Yükleniyor ... sýrada bekleniyor taranýyor tamamlandý BULUNAMADI DURDU


Sonuç: 0/41 (0%)
Sunucu bilgisi yükleniyor...
Dosyanýzýn sýradaki durumu: 1.
Muhtemel başlangýç zamaný 43 veya 62 saniye.
Tarama sonuçlanýncaya kadar lütfen bu pencereyi kapatmayýn.
Tarayýcý sizin sonucunuzu çýkarýrken bir hata meydana geldi. Lütfen sonucu alana kadar bir kaç dakika bekleyin.
Eðer beş dakikadan fazla bir zamandýr bekliyorsanýz lütfen dosyanýzý yeniden gönderin.
Dosyanýz şu anda VirusTotal tarafýndan taranmaya başlandý,
sonuçlar çýktýðý anda size bidirilecektir.
Formatlanmýş Sonuçlarý yazdýr.
Dosyanýzýn süresi doldu yada bulunamadý.
Servis şu anda durdu. Dosyanýz tarama için bekliyor (pozisyonu: ) belirsiz bir zaman için.

Web sonucu için bekleyebilirsiniz (otomatik yenileme) yada aşaðýdaki forma email adresinizi yazýp "Email sonucu iste" butonuna basarsanýz sistem size taramanýn bittiðini email adresinize bildirecektir.
Email adresiniz:


Antivirüs Versiyon Son Güncelleştirme Sonuç
a-squared 4.5.0.41 2009.11.14 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.14 -
Avast 4.8.1351.0 2009.11.14 -
AVG 8.5.0.425 2009.11.14 -
BitDefender 7.2 2009.11.14 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.14 -
Comodo 2955 2009.11.14 -
DrWeb 5.0.0.12182 2009.11.14 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7121 2009.11.14 -
F-Prot 4.5.1.85 2009.11.14 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.14 -
GData 19 2009.11.14 -
Ikarus T3.1.1.74.0 2009.11.14 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.14 -
McAfee 5802 2009.11.14 -
McAfee+Artemis 5802 2009.11.14 -
McAfee-GW-Edition 6.8.5 2009.11.14 -
Microsoft 1.5202 2009.11.14 -
NOD32 4608 2009.11.14 -
Norman 6.03.02 2009.11.14 -
nProtect 2009.1.8.0 2009.11.14 -
Panda 10.0.2.2 2009.11.14 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.14 -
Rising 22.21.05.04 2009.11.14 -
Sophos 4.47.0 2009.11.14 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.14 -
TheHacker 6.5.0.2.070 2009.11.14 -
TrendMicro 9.0.0.1003 2009.11.14 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.14.2037 2009.11.14 -
VirusBuster 4.6.5.0 2009.11.14 -
Ýlave Bilgiler
File size: 1373 bytes
MD5...: 5761fe09cbe0ad274fe1462cbadda18f
SHA1..: 632bf6dcf3d58cb66e8609101cb8b43502d020e3
SHA256: 91a71c5187c27a920d4578c53fea857327a83cd22a626cf01ef7f8d288720047
ssdeep: 24:zU9JejqJjSrYN5dKh8ye+y8yy8zFy8dIfG2C/IfQC/IfCCc7ygUyo:zUnejqJ
jK8OGdpIxC/IYC/IKCc7PUP

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Ne demek istiyor ki...



B
big_printer
14 yıl
Teğmen

Dosya mbam-log-2009-11-14__22-16-04_.tx alýndýðý zaman 2009.11.14 20:24:55 (UTC)
şimdiki Durumu: Yükleniyor ... sýrada bekleniyor taranýyor tamamlandý BULUNAMADI DURDU


Sonuç: 0/41 (0%)
Sunucu bilgisi yükleniyor...
Dosyanýzýn sýradaki durumu: 1.
Muhtemel başlangýç zamaný 43 veya 62 saniye.
Tarama sonuçlanýncaya kadar lütfen bu pencereyi kapatmayýn.
Tarayýcý sizin sonucunuzu çýkarýrken bir hata meydana geldi. Lütfen sonucu alana kadar bir kaç dakika bekleyin.
Eðer beş dakikadan fazla bir zamandýr bekliyorsanýz lütfen dosyanýzý yeniden gönderin.
Dosyanýz şu anda VirusTotal tarafýndan taranmaya başlandý,
sonuçlar çýktýðý anda size bidirilecektir.
Formatlanmýş Sonuçlarý yazdýr.
Dosyanýzýn süresi doldu yada bulunamadý.
Servis şu anda durdu. Dosyanýz tarama için bekliyor (pozisyonu: ) belirsiz bir zaman için.

Web sonucu için bekleyebilirsiniz (otomatik yenileme) yada aşaðýdaki forma email adresinizi yazýp "Email sonucu iste" butonuna basarsanýz sistem size taramanýn bittiðini email adresinize bildirecektir.
Email adresiniz:


Antivirüs Versiyon Son Güncelleştirme Sonuç
a-squared 4.5.0.41 2009.11.14 -
AhnLab-V3 5.0.0.2 2009.11.13 -
AntiVir 7.9.1.65 2009.11.13 -
Antiy-AVL 2.0.3.7 2009.11.13 -
Authentium 5.2.0.5 2009.11.14 -
Avast 4.8.1351.0 2009.11.14 -
AVG 8.5.0.425 2009.11.14 -
BitDefender 7.2 2009.11.14 -
CAT-QuickHeal 10.00 2009.11.13 -
ClamAV 0.94.1 2009.11.14 -
Comodo 2955 2009.11.14 -
DrWeb 5.0.0.12182 2009.11.14 -
eSafe 7.0.17.0 2009.11.12 -
eTrust-Vet 35.1.7121 2009.11.14 -
F-Prot 4.5.1.85 2009.11.14 -
F-Secure 9.0.15370.0 2009.11.11 -
Fortinet 3.120.0.0 2009.11.14 -
GData 19 2009.11.14 -
Ikarus T3.1.1.74.0 2009.11.14 -
Jiangmin 11.0.800 2009.11.12 -
K7AntiVirus 7.10.896 2009.11.13 -
Kaspersky 7.0.0.125 2009.11.14 -
McAfee 5802 2009.11.14 -
McAfee+Artemis 5802 2009.11.14 -
McAfee-GW-Edition 6.8.5 2009.11.14 -
Microsoft 1.5202 2009.11.14 -
NOD32 4608 2009.11.14 -
Norman 6.03.02 2009.11.14 -
nProtect 2009.1.8.0 2009.11.14 -
Panda 10.0.2.2 2009.11.14 -
PCTools 7.0.3.5 2009.11.13 -
Prevx 3.0 2009.11.14 -
Rising 22.21.05.04 2009.11.14 -
Sophos 4.47.0 2009.11.14 -
Sunbelt 3.2.1858.2 2009.11.12 -
Symantec 1.4.4.12 2009.11.14 -
TheHacker 6.5.0.2.070 2009.11.14 -
TrendMicro 9.0.0.1003 2009.11.14 -
VBA32 3.12.10.11 2009.11.13 -
ViRobot 2009.11.14.2037 2009.11.14 -
VirusBuster 4.6.5.0 2009.11.14 -
Ýlave Bilgiler
File size: 1373 bytes
MD5...: 5761fe09cbe0ad274fe1462cbadda18f
SHA1..: 632bf6dcf3d58cb66e8609101cb8b43502d020e3
SHA256: 91a71c5187c27a920d4578c53fea857327a83cd22a626cf01ef7f8d288720047
ssdeep: 24:zU9JejqJjSrYN5dKh8ye+y8yy8zFy8dIfG2C/IfQC/IfCCc7ygUyo:zUnejqJ
jK8OGdpIxC/IYC/IKCc7PUP

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

Ne demek istiyor ki...



Y
yaniyorsunfuatabi
14 yıl
Yarbay

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:35:47, on 16.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\CursorXP\CursorXP.exe
C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = OGUZHAN
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [a-squared] "C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe" /d=60
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [CursorXP] C:\Program Files\CursorXP\CursorXP.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\npjpi160.dll
O13 - Gopher Prefix:
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{71A7F614-71E8-4EA9-94F1-6516B5E89A5A}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TOSHIBA Navi Support Service (TNaviSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - c:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

--
End of file - 7375 bytes


Bu mesaja 1 cevap geldi.
D
darksers
14 yıl
Er

merhaba,

bilgisayarımda kendiliğinden silinen programlar ve yavaşlama var. firefox açılmıyor ve virüs taramaları temiz çıkıyor. log dosyalarını inceleyebilirmisiniz acaba.
şimdiden teşekkürler..

ComboFix 09-11-16.03 - Administrator 16.11.2009 3:07..2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.2046.1570 [GMT 2:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: AVG Anti-Virus *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\scrrntr.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-16 00:39 . 2009-11-16 00:39 -------- d-----w- c:\program files\Trend Micro
2009-11-16 00:33 . 2009-11-16 00:33 -------- d-----w- c:\program files\NOS
2009-11-15 21:19 . 2009-11-15 21:21 -------- d-----w- C:\$AVG
2009-11-15 21:19 . 2009-11-15 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-16 00:34 . 2009-07-11 17:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-15 23:58 . 2009-02-02 19:43 -------- d-----w- c:\program files\eMule
2009-11-15 21:19 . 2009-02-02 18:57 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-15 21:19 . 2009-02-02 18:57 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-15 21:19 . 2009-02-02 18:57 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-15 21:19 . 2009-02-02 18:57 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-15 21:19 . 2009-02-02 18:57 -------- d-----w- c:\program files\AVG
2009-11-15 21:10 . 2009-08-16 18:44 -------- d-----w- c:\program files\Hattrick Coach Professional
2009-11-15 20:57 . 2009-11-15 20:57 0 ----a-w- c:\windows\system32\atiicdxx.dat
2009-11-15 20:57 . 2009-11-15 20:57 0 ----a-w- c:\windows\ativpsrm.bin
2009-11-15 20:55 . 2009-11-15 20:53 -------- d-----w- c:\program files\Microsoft
2009-11-15 20:55 . 2009-11-15 20:55 -------- d-----w- c:\program files\Common Files\Apple
2009-11-15 20:54 . 2009-11-15 20:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\ATI Technologies
2009-11-15 20:53 . 2009-08-02 22:48 -------- d-----w- c:\program files\OpenAL
2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\MSBuild
2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\QuickTime
2009-11-15 20:53 . 2009-11-15 20:53 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-15 20:52 . 2009-11-15 18:53 -------- d-----w- c:\program files\HiGames
2009-11-15 20:52 . 2009-11-15 18:53 -------- d-----w- c:\program files\Emoti Match
2009-11-15 20:52 . 2009-02-02 18:30 -------- d-----w- c:\program files\NetLimiter
2009-11-15 20:52 . 2009-02-02 19:25 -------- d-----w- c:\program files\FileZilla FTP Client
2009-11-15 19:02 . 2009-11-15 19:02 -------- d-----w- c:\program files\WildSnake Software
2009-11-15 18:49 . 2009-11-15 18:49 -------- d-----w- c:\program files\Hasbro Interactive
2009-11-15 18:34 . 2009-11-15 18:34 -------- d-----w- c:\program files\MyPlayCity.com
2009-11-09 15:57 . 2009-02-11 18:55 -------- d-----w- c:\program files\Microsoft Works
2009-11-07 14:43 . 2009-02-02 17:58 84704 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-06 19:12 . 2009-11-03 18:03 -------- d-----w- c:\program files\Roxio
2009-11-06 19:12 . 2009-11-03 18:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2009-11-06 19:12 . 2009-11-06 19:12 -------- d-----w- c:\program files\Common Files\Sonic Shared
2009-11-06 19:08 . 2009-11-03 17:59 -------- d-----w- c:\program files\Common Files\Roxio Shared
2009-11-06 19:01 . 2009-11-03 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Research In Motion
2009-11-04 04:41 . 2009-10-11 00:37 256 ----a-w- c:\windows\system32\pool.bin
2009-11-03 22:44 . 2009-11-03 22:44 53248 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{F574616C-4C15-49CE-9C98-E998CD80264A}\ARPPRODUCTICON.exe
2009-11-03 18:05 . 2009-11-03 18:05 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-11-03 18:05 . 2009-11-03 18:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2009-11-03 17:59 . 2009-11-03 17:58 -------- d-----w- c:\program files\Research In Motion
2009-11-03 17:59 . 2009-10-11 00:36 -------- d-----w- c:\program files\Common Files\Research In Motion
2009-10-29 19:15 . 2001-11-22 12:00 82540 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-29 19:15 . 2001-11-22 12:00 430960 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-11 00:37 . 2009-10-11 00:37 -------- d-----w- c:\documents and settings\Administrator\Application Data\Research In Motion
2009-10-01 14:55 . 2009-02-02 19:33 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-09-21 12:00 . 2009-02-02 18:19 -------- d--h--w- c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2007-05-24 07:13 24665 ----a-w- c:\windows\system32\ckpNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\WINDOWS\\system32\\dplaysvr.exe"=
"d:\\oyunlar\\age of 2\\age\\aoe20a_crk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\oyunlar\\age of 2\\age\\empires2.EXE"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\The Creative Assembly\\Medieval - Total War - Gold Edition\\Medieval_TW.exe"=
"c:\\OYUNLAR SETUP (DEVAM)\\World in Conflict Complete Edition\\wic.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [02.02.2009 20:38 11264]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [02.02.2009 20:57 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [02.02.2009 20:57 360584]
R1 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [24.05.2007 09:13 2234800]
R2 avg9emc;AVG E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [15.11.2009 23:46 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15.11.2009 23:19 285392]
R2 CP_OMDRV;Check Point Office Mode Module;c:\windows\system32\drivers\omdrv.sys [24.05.2007 09:13 36368]
R2 VNASC;Check Point Virtual Network Adapter - SecureClient;c:\windows\system32\drivers\vnasc.sys [24.05.2007 09:13 110032]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [24.05.2007 09:13 673456]
S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [04.08.2004 00:45 14336]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
LSP: c:\program files\NetLimiter\nl_lsp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\ee3o23as.default\
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1220945662-1383384898-839522115-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:92,6a,83,6b,e1,24,fa,73,46,48,ce,0e,4f,db,c5,58,7b,6d,30,32,b6,30,5a,
6d,e3,ae,ab,9d,d2,d0,c9,06,58,75,57,b0,54,a8,98,cf,b0,36,12,6e,2e,ed,1c,d5,\
"??"=hex:9d,1b,ff,ec,47,01,e5,b2,d1,12,e2,67,ec,4d,cd,18

[HKEY_USERS\S-1-5-21-1220945662-1383384898-839522115-500\Software\SecuROM\License information*]
"datasecu"=hex:4f,d4,61,2e,2a,0a,f1,15,7d,8b,0b,76,2b,68,c3,12,6a,f6,5d,46,48,
c6,ec,78,4f,28,b5,8f,b6,8c,0b,84,54,e8,56,b3,88,16,15,d8,6e,60,81,d7,7d,f0,\
"rkeysecu"=hex:a9,80,3b,fa,d9,15,45,b5,56,d2,b6,b4,aa,27,04,1f
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(812)
c:\program files\NetLimiter\nl_lsp.dll
c:\windows\system32\nl_msgc.dll

- - - - - - - > 'explorer.exe'(3492)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\CheckPoint\SecuRemote\bin\SR_GUI.Exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\imapi.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-16 03:14 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-16 01:13

Pre-Run: 53.765.787.648 bayt boş
Post-Run: 54.221.762.560 bayt boş

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 0F40BCEBFFDE991FB6C582B26682D6CE



D
doktorum60
14 yıl
Yüzbaşı

Merhaba kardeşim bu başlığı ilk kez bugün gördüm indirip proğramı çalıştırdım sonuçlar aşağıda bi bakarmısın fizlenmeyi gerektiren var mı?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:21:29, on 16.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NortonAntiBot.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Users\fatih\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 165.228.131.10:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"
O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"
O4 - HKLM\..\Run: [NortonAntiBot] "C:\Program Files\Symantec\Norton AntiBot\agent\bin\NortonAntiBot.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Rezip - Unknown owner - C:\Windows\SYSTEM32\Rezip.exe
O23 - Service: SymantecAntiBotAgent - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABAgent.exe
O23 - Service: SymantecAntiBotWatcher - Symantec - C:\Program Files\Symantec\Norton AntiBot\agent\Bin\NABWatcher.exe
O23 - Service: Uniblue DiskRescue - Uniblue - C:\Program Files\Uniblue\DiskRescue\UBDiskRescueSrv.exe

--
End of file - 6537 bytes


Bu mesaja 1 cevap geldi.
K
karann1905
14 yıl
Yüzbaşı

Orijinalden alıntı: serji


Orijinalden alıntı: karann1905

s.a kardes ustte yolladıgım log tan sonra pc cok dondud ve sistem geri yukleme yaptımduzeldi biraz yeni log; 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll


ComboFix adlı programı masaüstünüze indirin.

http://www.buraksonmez.com/dosyalar/ComboFix.exe

1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


kardes combofixle tarama yaptırdım exe dosyası asagıdadır.birsey yapmam gereklimidir?

ComboFix 09-11-16.05 - Administrator 16.11.2009 12:20:41..1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.510.252 [GMT 2:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\scrrntr.dll

.
((((((((((((((((((((((((( Files Created from 2009-10-16 to 2009-11-16 )))))))))))))))))))))))))))))))
.

2009-11-08 15:39:47 . 2009-11-08 15:40:04 0 d-----w- C:\Program Files\Windows Live
2009-11-08 15:34:57 . 2009-11-08 16:20:09 0 d-----w- C:\WINDOWS\SxsCaPendDel
2009-11-08 15:27:33 . 2009-11-08 15:27:33 0 d-----w- C:\WINDOWS\system32\wbem\Repository
2009-11-08 07:24:12 . 2009-11-08 15:33:33 0 d-----w- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-11-07 17:27:04 . 2009-11-07 17:34:41 35528152 ----a-w- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache\GameManager\GameDB\F2363T1L1\setup_gF2363T1L1_d685289173_l1_s1.exe
2009-11-07 17:19:17 . 2009-11-07 17:34:17 0 d-----w- C:\Documents and Settings\All Users\Application Data\BigFishGamesCache
2009-11-06 05:40:51 . 2009-11-16 08:59:41 0 d-----w- C:\Documents and Settings\Administrator\Tracing
2009-11-06 05:39:46 . 2009-11-06 05:39:46 0 d-----w- C:\Program Files\Microsoft
2009-11-06 05:20:13 . 2009-11-06 05:20:13 0 d-----w- C:\Program Files\Common Files\Windows Live
2009-11-06 05:20:09 . 2009-11-08 15:39:06 18440 ----a-w- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-04 13:01:03 . 2009-11-12 06:53:21 0 d-----w- C:\Program Files\Total Video Converter
2009-11-04 12:43:33 . 2009-04-23 19:25:08 8704 ----a-w- C:\WINDOWS\system32\kbdjpn.dll
2009-11-04 12:43:33 . 2009-04-23 19:25:08 8192 ----a-w- C:\WINDOWS\system32\kbdkor.dll
2009-11-04 12:43:33 . 2009-04-23 19:25:08 6144 ----a-w- C:\WINDOWS\system32\kbd101c.dll
2009-11-04 12:43:33 . 2009-04-23 19:25:08 5632 ----a-w- C:\WINDOWS\system32\kbd103.dll
2009-11-04 12:43:32 . 2009-04-23 19:25:26 6144 ----a-w- C:\WINDOWS\system32\kbd106.dll
2009-11-04 12:43:32 . 2009-04-23 19:25:08 6144 ----a-w- C:\WINDOWS\system32\kbd101b.dll
2009-11-01 13:09:34 . 2009-11-01 13:09:34 0 d-----w- C:\Documents and Settings\Administrator\Local Settings\Application Data\ESET

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-11 11:00:18 . 2009-10-03 10:26:26 0 d---a-w- C:\Documents and Settings\All Users\Application Data\TEMP
2009-11-08 15:30:19 . 2008-04-15 12:00:00 44212 ----a-w- C:\WINDOWS\system32\perfc01F.dat
2009-11-08 15:30:19 . 2008-04-15 12:00:00 297642 ----a-w- C:\WINDOWS\system32\perfh01F.dat
2009-11-07 07:14:39 . 2009-09-28 08:06:23 0 d-----w- C:\Documents and Settings\Administrator\Application Data\LimeWire
2009-10-09 06:06:04 . 2009-10-09 06:06:04 0 ----a-w- C:\WINDOWS\nsreg.dat
2009-09-28 08:04:25 . 2009-09-28 08:05:08 411368 ----a-w- C:\WINDOWS\system32\deploytk.dll
2009-09-28 08:03:52 . 2009-09-28 08:03:52 0 d-----w- C:\Program Files\Java
2009-09-28 08:03:06 . 2009-09-28 08:03:06 152576 ----a-w- C:\Documents and Settings\Administrator\Application Data\Sun\Java\jre1.6.0_16\lzma.dll
2009-09-28 07:59:47 . 2009-09-28 07:58:32 0 d-----w- C:\Program Files\LimeWire
2009-09-27 13:32:33 . 2009-09-19 07:03:02 0 d-----w- C:\Program Files\Common Files\Adobe
2009-09-19 07:08:28 . 2009-09-19 07:08:26 0 d-----w- C:\Program Files\CCleaner
2009-09-19 06:58:34 . 2009-09-19 06:58:34 0 d-----w- C:\Documents and Settings\Administrator\Application Data\IObit
2009-09-19 06:58:22 . 2009-09-19 06:58:22 0 d-----w- C:\Program Files\IObit
2009-09-19 06:57:12 . 2009-09-19 06:57:12 0 d--h--w- C:\Program Files\InstallShield Installation Information
2009-09-19 06:57:06 . 2009-09-18 15:18:02 0 d-----w- C:\Program Files\Common Files\InstallShield
2009-09-19 06:42:54 . 2009-09-19 06:42:54 0 d-----w- C:\Program Files\ESET
2009-09-19 06:42:54 . 2009-09-19 06:42:54 0 d-----w- C:\Documents and Settings\All Users\Application Data\ESET
2009-09-19 06:21:14 . 2009-09-19 06:21:14 29926 ----a-r- C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{13E7F4A4-33A0-16B0-6486-FAA38C2A7067}\ARPPRODUCTICON.exe
2009-09-19 06:21:02 . 2009-09-19 06:21:02 0 d-----w- C:\Program Files\Nero
2009-09-19 06:21:02 . 2009-09-19 06:21:02 0 d-----w- C:\Program Files\Common Files\Ahead
2009-09-19 06:10:20 . 2009-09-19 06:09:18 0 dcsh--w- C:\Program Files\Common Files\WindowsLiveInstaller
2009-09-19 06:09:06 . 2009-09-19 06:09:06 0 d-----w- C:\Documents and Settings\All Users\Application Data\WLInstaller
2009-09-18 15:27:41 . 2009-09-18 14:58:16 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat
2009-09-18 15:14:57 . 2009-09-18 15:14:57 0 d-----w- C:\Documents and Settings\Administrator\Application Data\Conceptworld
2009-09-18 15:00:05 . 2009-09-18 15:00:05 2 ----a-w- C:\WINDOWS\HFSLIP.TMP
2009-09-18 14:55:34 . 2009-09-18 14:55:34 21736 ----a-w- C:\WINDOWS\system32\emptyregdb.dat
.

------- Sigcheck -------

[-] 2009-04-23 18:18:14 . 1F39C7BDBA4C5F3F01C4EABF7EDBF4B3 . 361600 . . [5.1.2600.5625 (xpsp_sp3_qfe.080620-1309)] . . C:\WINDOWS\system32\drivers\tcpip.sys

[-] 2009-04-23 20:14:35 . 106267D1B1188EBD7FA9A95B6ABCAEBA . 557056 . . [5.1.2600.5512 (xpsp.080413-2113)] . . C:\WINDOWS\system32\winlogon.exe

[-] 2009-04-23 20:07:59 . 2E1BE2B73E406E85211B0CC306BB1E56 . 662528 . . [5.82 (xpsp.080413-2105)] . . C:\WINDOWS\system32\comctl32.dll

[-] 2009-04-23 20:11:22 . FBC4C5F06D7397B749D887F84A6CF519 . 2389248 . . [5.1.2600.5755 (xpsp_sp3_qfe.090206-1316)] . . C:\WINDOWS\system32\ntoskrnl.exe

[-] 2009-04-23 20:14:18 . B3A28AB23450EBFEAB3CEE207B97EAA5 . 639488 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\user32.dll

[-] 2009-04-23 20:08:38 . 6996F4174D83FB076851095E8C070BC4 . 2326016 . . [6.00.2900.5512 (xpsp.080413-2105)] . . C:\WINDOWS\explorer.exe

[-] 2009-04-23 20:08:21 . CBC8C36E4610EE06EBEBBEC153364B52 . 40960 . . [5.1.2600.5512 (xpsp.080413-2105)] . . C:\WINDOWS\system32\ctfmon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-03-13 13:48:30 1443072]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-06-15 09:20:00 6803456]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2009-04-23 20:08:21 40960]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_3"="advpack.dll" - C:\WINDOWS\system32\advpack.dll [2009-04-23 18:22:02 128512]


Bu mesaja 1 cevap geldi.
Ç
ÇAĞ
14 yıl
Binbaşı

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:44:33, on 17.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgfws8.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\windows\Belgelerim\Downloads\HiJackThis.exe
C:\Documents and Settings\windows\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;*.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: TT Jacker :)
O1 - Hosts: 195.8.214.141 dailymotion.com
O1 - Hosts: 195.8.214.142 dailymotion.com
O1 - Hosts: 195.8.214.140www.dailymotion.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 67.228.223.62 mp3hanesi.com
O1 - Hosts: 67.228.223.62 mp3hanesi.net
O1 - Hosts: 67.228.223.62 mp3hanesi.org
O1 - Hosts: 67.228.223.62www.mp3hanesi.com
O1 - Hosts: 67.228.223.62www.mp3hanesi.net
O1 - Hosts: 67.228.223.62www.mp3hanesi.org
O1 - Hosts: 75.126.2.88 forumtr.com
O1 - Hosts: 75.126.2.88www.forumtr.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [AVGIDS] "C:\Program Files\AVG\AVG8\IdentityProtection\agent\bin\AVGIDSUI.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [AirTiesWUS-300] C:\Program Files\AirTies\AirTiesWUS-300\WUS300.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RelevantKnowledge] C:\program files\relevantknowledge\rlvknlg.exe -boot
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\windows\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F796048-1029-414F-8702-06F946394F01}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: AVG8 Firewall (avgfws8) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgfws8.exe
O23 - Service: AVGIDSAgent - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSAgent.exe
O23 - Service: AVGIDSWatcher - AVG - C:\Program Files\AVG\AVG8\IdentityProtection\agent\Bin\AVGIDSWatcher.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

--
End of file - 14619 bytes


şimdi ne yapmam gerekiyor acaba arkadaşlar ???


Bu mesaja 1 cevap geldi.
S
sercawres
14 yıl
Er

Bilgisayarda ne kadar virus varsa taradım ve kaldırdım hepsini fakat virus programıyla taradığımda bulduğu bir hata var ve bu hatayı düzeltmiyor virus programı. Hata şu verdiği network adresi güvenlik açıkları diye bir hata. Bilgisayarımda internet hızım yavaşladı. Ayrıca her gün girdiğim mahkeme kararıyla engellenmemiş siteler var yani herkesin girebildiği fakat bunlara herkes girebilirken ben giremiyorum, açılmıyorlar ve hoparlörlerden şişe kapağı açılırmış gibi bir ses geliyor düzensiz aralıklarla. Yardımlarınız için şimdiden teşekkür ederim.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:11:54, on 18.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\WebMoney Agent\wmagent.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Registry Clean Expert\RCHelper.exe
C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\HP\KBD\KBD.EXE
c:\windows\system\hpsysdrv.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Documents and Settings\HP_Sahibi\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: TBSB03223 - {B4806C1A-FE8A-4008-9DA3-8CEDB6E82C10} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O3 - Toolbar: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet /keeploaded /nodetect
O4 - HKLM\..\Run: [DMAScheduler] "c:\Program Files\HP DigitalMedia Archive\DMAScheduler.exe"
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [wmagent.exe] "C:\Program Files\WebMoney Agent\wmagent.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [RegClean Expert Scheduler] "C:\Program Files\Registry Clean Expert\RCHelper.exe" /startup
O4 - HKCU\..\Run: [RAMSaverPro] C:\Program Files\Godlike Developers\RAM Saver Professional\ramsaverpro.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\RunOnce: [] (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [] (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\RunOnce: [] (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [] (User 'Default user')
O4 - S-1-5-18 Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe (User 'Default user')
O4 - .DEFAULT Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Startup: AccuWeatherDesktop.lnk = C:\Program Files\AccuWeather\Desktop\AccuWeatherDesktop.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O9 - Extra 'Tools' menuitem: WebMoney Advisor - {3AFFD7F7-FD3D-4C9D-8F83-03296A1A8840} - C:\Program Files\WebMoney Advisor\wmadvisor.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Otomatik LiveUpdate Zamanlayıcı (Automatic LiveUpdate Scheduler) - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe

--
End of file - 10880 bytes


Bu mesaja 2 cevap geldi.
E
EdwardElric
14 yıl
Binbaşı

Belki bir ihtimal cevap veren olur.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:28:22, on 18.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\VistaDrive\VistaDrive.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Opera\opera.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\winrifew.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Documents and Settings\Home\Belgelerim\Downloads\Programs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://search.bearshare.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\Program Files\BearShareTb\BearShareDx.dll
O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user')
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{56AB6F80-D31A-4D30-8E19-77A00848C9E6}: NameServer = 208.67.222.222 208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll
O23 - Service: CiSvc - Unknown owner - C:\WINDOWS\system32\cisvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: UPS - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)

--
End of file - 5188 bytes


Bu mesaja 2 cevap geldi.
B
bozcaadalı
14 yıl
Yarbay

Bilgisayarı her açışta tanımadığım bir link çalışıyor, ad awer ve nod 32 ile kaldıramadım görünmüyor başlangıç programlarındada yok internet özelliklerindenmi komut alıyor diye baktım oradada yok en sonunda HijackThis yükleyip çalıştırdım çıkan liste bu hangisini fix lemem lağzım yardımlar için teşekkür ederim.
link: meetlocalpeople.org


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:44:56, on 18.11.2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10c.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: TT Jacker 3 :)
O1 - Hosts: TTNET Kiss Kiss :p
O1 - Hosts: 208.117.236.71 ru.youtube.com
O1 - Hosts: 208.117.236.71 fr.youtube.com
O1 - Hosts: 208.117.236.71 youtube.com
O1 - Hosts: 208.117.236.71www.youtube.com
O1 - Hosts: 208.117.236.71 au.youtube.com
O1 - Hosts: 208.117.236.71 ca.youtube.com
O1 - Hosts: 208.117.236.71 m.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 209.85.165.102 gdata.youtube.com
O1 - Hosts: 208.117.236.71 ru.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 72.14.205.104 help.youtube.com
O1 - Hosts: 72.14.205.147 help.youtube.com
O1 - Hosts: 72.14.205.99 help.youtube.com
O1 - Hosts: 58.27.3.132www.sopcast.com
O1 - Hosts: 58.27.3.132 sopcast.com
O1 - Hosts: 119.110.96.136www.sopcast.org
O1 - Hosts: 119.110.96.136 sopcast.org
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.3.4501.1418\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F711CC09-7C42-46FD-9193-E2A76D99E962}: NameServer = 208.67.222.222,208.67.220.220
O20 - Winlogon Notify: DfLogon - LogonDll.dll (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: DFServ - Unknown owner - C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 12194 bytes


Bu mesaja 1 cevap geldi.
M
mcekinir
14 yıl
Onbaşı

sayın hocalarım, bilgisyarımda c ve e sürücüleri var, e sürücüsünde fotoğ. müzikler var son zamanlarda ne fotoğraflara bakabiliyorom ne de müzik dinleyebiliyorum, bilgisyar direk donuyor. e sürücüsünü hem avastla hem de not 32 ile taramaya çalışıyorum ama olmuyor belli bir yere gelip o programlar da bilgisyar da donuyor. combofix raporu aşağıda ilgilenirseniz sevinirim. bir de ne yapmam gerektiğini detaylı açıklarsanız sevinirim, biraz acemiyim zorlanıyorum. saygılarımla

ComboFix 08-08-03.05 - mahmut 2009-11-18 18:46:10.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1254.1.1055.18.1328 [GMT 2:00]
Running from: C:\Users\mahmut\Desktop\18628-ComboFix.exe
* Created a new restore point
.
- REDUCED FUNCTIONALITY MODE -
.

((((((((((((((((((((((((( Files Created from 2009-10-18 to 2009-11-18 )))))))))))))))))))))))))))))))
.

No new files created in this timespan

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-18 12:21 --------- d-----w C:\ProgramData\ESET
2009-11-17 21:01 --------- d-----w C:\Program Files\Alwil Software
2009-11-12 01:07 --------- d-----w C:\Program Files\Windows Mail
2009-11-08 01:21 --------- d-----w C:\Program Files\Windows Calendar
2009-11-03 15:35 268,800 ----a-w C:\Windows\System32\es.dll
2009-11-03 01:02 2,048 ----a-w C:\Windows\System32\tzres.dll
2009-11-03 01:00 61,440 ----a-w C:\Windows\System32\winipsec.dll
2009-11-03 01:00 361,984 ----a-w C:\Windows\System32\IPSECSVC.DLL
2009-11-03 01:00 28,672 ----a-w C:\Windows\System32\FwRemoteSvr.dll
2009-11-03 01:00 272,896 ----a-w C:\Windows\System32\polstore.dll
2009-11-02 21:06 96,760 ----a-w C:\Windows\System32\dfshim.dll
2009-11-02 21:06 83,968 ----a-w C:\Windows\System32\mscories.dll
2009-11-02 21:06 41,984 ----a-w C:\Windows\System32\netfxperf.dll
2009-11-02 21:06 282,112 ----a-w C:\Windows\System32\mscoree.dll
2009-11-02 21:06 158,720 ----a-w C:\Windows\System32\mscorier.dll
2009-11-02 20:36 174 --sha-w C:\Program Files\desktop.ini
2009-11-02 20:30 --------- d-----w C:\Program Files\Windows Sidebar
2009-11-02 20:01 95,232 ----a-w C:\Windows\System32\PortableDeviceClassExtension.dll
2009-11-02 20:01 241,152 ----a-w C:\Windows\System32\PortableDeviceApi.dll
2009-11-02 20:01 160,768 ----a-w C:\Windows\System32\PortableDeviceTypes.dll
2009-11-02 19:59 87,040 ----a-w C:\Windows\System32\msoert2.dll
2009-11-02 19:59 39,424 ----a-w C:\Windows\System32\ACCTRES.dll
2009-11-02 19:59 205,824 ----a-w C:\Windows\System32\msoeacct.dll
2009-11-02 19:56 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2009-11-02 19:56 542,720 ----a-w C:\Windows\System32\sysmain.dll
2009-11-02 19:56 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2009-11-02 19:56 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2009-11-02 19:56 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2009-11-02 19:56 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2009-11-02 19:56 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2009-11-02 19:55 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2009-11-02 19:55 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2009-11-02 19:54 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2009-11-02 19:54 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2009-11-02 19:54 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2009-11-02 19:54 299,520 ----a-w C:\Windows\System32\wlansec.dll
2009-11-02 19:54 289,280 ----a-w C:\Windows\System32\wlanmsm.dll
2009-11-02 19:54 123,904 ----a-w C:\Windows\System32\L2SecHC.dll
2009-11-02 19:51 72,704 ----a-w C:\Windows\System32\fontsub.dll
2009-11-02 19:51 34,304 ----a-w C:\Windows\System32\atmlib.dll
2009-11-02 19:51 289,792 ----a-w C:\Windows\System32\atmfd.dll
2009-11-02 19:51 24,064 ----a-w C:\Windows\System32\lpk.dll
2009-11-02 19:51 156,160 ----a-w C:\Windows\System32\t2embed.dll
2009-11-02 19:51 10,240 ----a-w C:\Windows\System32\dciman32.dll
2009-11-02 19:50 72,704 ----a-w C:\Windows\System32\secur32.dll
2009-11-02 19:50 7,680 ----a-w C:\Windows\System32\lsass.exe
2009-11-02 19:50 408,136 ----a-w C:\Windows\system32\drivers\ksecdd.sys
2009-11-02 19:50 216,576 ----a-w C:\Windows\System32\msv1_0.dll
2009-11-02 19:50 175,104 ----a-w C:\Windows\System32\wdigest.dll
2009-11-02 19:50 1,233,920 ----a-w C:\Windows\System32\lsasrv.dll
2009-11-02 19:48 98,816 ----a-w C:\Windows\System32\mfps.dll
2009-11-02 19:48 52,736 ----a-w C:\Windows\System32\rrinstaller.exe
2009-11-02 19:48 24,576 ----a-w C:\Windows\System32\mfpmp.exe
2009-11-02 19:48 2,855,424 ----a-w C:\Windows\System32\mf.dll
2009-11-02 19:48 2,048 ----a-w C:\Windows\System32\mferror.dll
2009-11-02 19:46 376,832 ----a-w C:\Windows\System32\winhttp.dll
2009-11-02 19:44 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2009-11-02 19:41 71,680 ----a-w C:\Windows\System32\atl.dll
2009-11-02 19:39 41,984 ----a-w C:\Windows\system32\drivers\monitor.sys
2009-11-02 19:39 297,472 ----a-w C:\Windows\System32\gdi32.dll
2009-11-02 19:39 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
2009-11-02 19:35 3,502,152 ----a-w C:\Windows\System32\ntkrnlpa.exe
2009-11-02 19:35 3,467,864 ----a-w C:\Windows\System32\ntoskrnl.exe
2009-11-02 19:34 211,456 ----a-w C:\Windows\system32\drivers\mrxsmb10.sys
2009-11-02 19:33 374,456 ----a-w C:\Windows\System32\mcupdate_GenuineIntel.dll
2009-11-02 19:32 500,736 ----a-w C:\Windows\System32\msdtcprx.dll
2009-11-02 19:32 30,208 ----a-w C:\Windows\System32\xolehlp.dll
2009-11-02 19:32 156,160 ----a-w C:\Windows\System32\wkssvc.dll
2009-11-02 19:31 36,352 ----a-w C:\Windows\System32\tsgqec.dll
2009-11-02 19:31 116,736 ----a-w C:\Windows\System32\aaclient.dll
2009-11-02 19:31 1,871,872 ----a-w C:\Windows\System32\mstscax.dll
2009-11-02 19:30 303,616 ----a-w C:\Windows\System32\wmpeffects.dll
2009-11-02 19:29 2,048 ----a-w C:\Windows\System32\msxml3r.dll
2009-11-02 19:29 1,194,496 ----a-w C:\Windows\System32\msxml3.dll
2009-11-02 19:28 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2009-11-02 19:27 86,016 ----a-w C:\Windows\System32\icfupgd.dll
2009-11-02 19:27 63,488 ----a-w C:\Windows\system32\drivers\mpsdrv.sys
2009-11-02 19:27 61,952 ----a-w C:\Windows\System32\cmifw.dll
2009-11-02 19:27 396,800 ----a-w C:\Windows\System32\MPSSVC.dll
2009-11-02 19:27 392,192 ----a-w C:\Windows\System32\FirewallAPI.dll
2009-11-02 19:27 23,040 ----a-w C:\Windows\system32\drivers\tunnel.sys
2009-11-02 19:27 178,688 ----a-w C:\Windows\System32\iphlpsvc.dll
2009-11-02 19:27 16,896 ----a-w C:\Windows\System32\wfapigp.dll
2009-11-02 19:27 15,360 ----a-w C:\Windows\system32\drivers\TUNMP.SYS
2009-11-02 19:25 428,032 ----a-w C:\Windows\System32\EncDec.dll
2009-11-02 19:25 292,352 ----a-w C:\Windows\System32\psisdecd.dll
2009-11-02 19:25 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2009-11-02 19:22 88,576 ----a-w C:\Windows\System32\avifil32.dll
2009-11-02 19:22 82,944 ----a-w C:\Windows\System32\mciavi32.dll
2009-11-02 19:22 696,832 ----a-w C:\Windows\System32\localspl.dll
2009-11-02 19:22 65,024 ----a-w C:\Windows\System32\avicap32.dll
2009-11-02 19:22 31,232 ----a-w C:\Windows\System32\msvidc32.dll
2009-11-02 19:22 123,904 ----a-w C:\Windows\System32\msvfw32.dll
2009-11-02 19:22 12,800 ----a-w C:\Windows\System32\msrle32.dll
2009-11-02 19:21 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2009-11-02 19:21 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
2009-11-02 19:21 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2009-11-02 19:21 2,923,520 ----a-w C:\Windows\explorer.exe
2009-11-02 19:21 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
2009-11-02 19:21 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
2009-11-02 20:52 458736 --a------ C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe" [2006-11-13 13:35 413696]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-02 20:52 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-06-08 04:53 894512]
"Toshiba Registration"="C:\Program Files\Toshiba\Registration\ToshibaRegistration.exe" [2007-02-19 16:00 571024]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2007-02-12 14:37 174872]
"MSConfig"="C:\Windows\System32\msconfig.exe" [2006-11-02 11:45 222208]
"Google Quick Search Box"="C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-11-02 20:52 122368]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 13:56 81000]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-13 07:11 4489216 C:\Windows\RtHDVCpl.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= C:\PROGRA~1\COMMON~1\ULEADS~1\vio\dvacm.acm

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
--a------ 2007-05-22 15:32 538744 C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camera Assistant Software]
--a------ 2007-04-10 16:40 413696 C:\Program Files\Camera Assistant Software for Toshiba\traybar.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2007-01-09 23:59 115816 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Desktop SMS]
--a------ 2007-06-18 09:51 1507328 C:\Program Files\IDM\Desktop SMS\DesktopSMS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
--a------ 2006-11-02 14:35 125440 C:\Windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HSON]
--a------ 2006-12-07 15:49 55416 C:\Program Files\TOSHIBA\TBS\HSON.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IS CfgWiz]
--a------ 2007-01-12 20:28 431752 C:\Program Files\Common Files\Symantec Shared\OPC\{31011D49-D90C-4da0-878B-78D28AD507AF}\cltUIStb.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KeNotify]
--a------ 2006-11-06 16:14 34352 C:\Program Files\TOSHIBA\Utilities\KeNotify.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
--a------ 2007-05-23 14:57 509496 C:\Program Files\TOSHIBA\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
--a------ 2006-11-10 12:35 90112 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SVPWUTIL]
--a------ 2006-03-22 20:42 438272 C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\topi]
--a------ 2007-04-02 11:48 577536 C:\Program Files\TOSHIBA\Toshiba Online Product Information\TOPI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
--a------ 2007-05-28 14:39 1826816 C:\Windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 CplIR;Embedded IR Driver;C:\Windows\system32\DRIVERS\CplIR.SYS [2007-03-06 14:01]
R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2009-09-15 13:55]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2009-09-15 13:55]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2009-09-15 13:55]
R3 atikmdag;atikmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [2007-06-21 11:36]
S3 getPlusHelper;getPlus(R) Helper;C:\Windows\System32\svchost.exe [2006-11-02 11:45]
S3 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20070108.003\IDSvix86.sys [2006-12-28 00:48]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d86f7a85-c88e-11de-af41-001b3843f3e3}]
\shell\AutoRun\command - D:\mwfubaob.exe
\shell\open\Command - D:\mwfubaob.exe

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-HWSetup - \HWSetup.exe
MSConfigStartUp-NDSTray - NDSTray.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.com.tr/
O8 -: Microsoft Excel'e Gö&nder - C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 -: {C08CAF1D-C0A3-40D5-9970-06D067EAC017} -http://www.webtip.ch/cgi-bin/toshiba/tracker_url.pl?TR

O16 -: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB
C:\Windows\Downloaded Program Files\JaguarEditControl.INF
C:\Windows\Downloaded Program Files\JaguarEditControl.dll

O16 -: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
C:\Windows\Downloaded Program Files\PhotoUploader55.inf
C:\Windows\System32\unicows.dll
C:\Windows\Downloaded Program Files\PhotoUploader55.ocx

O16 -: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
C:\Windows\Downloaded Program Files\gp.inf
C:\Windows\System32\atl.dll
C:\Windows\Downloaded Program Files\gp.ocx


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-11-18 18:46:48
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
TOSCDSPD = C:\Program Files\TOSHIBA\TOSCDSPD\TOSCDSPD.exe?/i?????????{???8???`????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2009-11-18 18:49:19
ComboFix-quarantined-files.txt 2009-11-18 16:48:57

Pre-Run: Sistem, Application için ileti dosyası içinde 0x2379 ileti numarası için ileti metnini bulamıyor.
Post-Run: 46,679,150,592 bayt boş

221 --- E O F --- 2009-11-18 14:43:54


Bu mesaja 1 cevap geldi.
A
atakan22m
14 yıl
Çavuş

evet güzel


Bu mesaja 1 cevap geldi.
E
evon610c
14 yıl
Teğmen

Üstad bir de benim loglara bakabilirmisin,bir sorun varmı acaba.Çok tesekkurler...




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:05:31, on 19.11.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvraidservice.exe
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\vVX3000.exe
C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe
C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sony\SonicStage\Omgjbox.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SsDbConnection.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Piaggio\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [NVRaidService] C:\WINDOWS\system32\nvraidservice.exe
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [Launch LgDeviceAgent] "C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe"
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe"
O4 - HKLM\..\Run: [Launch LGDCore] "C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" /SHOWHIDE
O4 - HKLM\..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [2F4Yrqatray] "C:\Program Files\2F4Y.com\Admin Request Notifier\rqatray.exe" -tray
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe"
O4 - HKCU\..\RunOnce: [WiseStubReboot] MSIEXEC /quiet SKIP_PPU_DRIVER_INSTALL=1 /I "C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MSI" TRANSFORMS="C:\Program Files\Common Files\Wise Installation Wizard\WISC5C1C0F0D62F4DBF81D4D7EF397C228B_9_09_0814.MST" WISE_SETUP_EXE_PATH="c:\nvidia\displaydriver\191.07\winxp\international\PhysX_9.09.0814_SystemSoftware.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: HP Akıllı Seçim - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{A57FD8C3-0920-4C47-B729-4DB95997FC28}: NameServer = 4.2.2.5,4.2.2.6
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: SATARaid5 Configuration Service (SATARaid5 Config Service) - Unknown owner - C:\Program Files\Silicon Image\3132-W-I32-S SATARAID5\SATARaid5ConfigService.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe

--
End of file - 10163 bytes


Bu mesaja 1 cevap geldi.
B
byrmlbrbr
14 yıl
Teğmen

Serji senide yoruyoruz ama bide buna bi bakabilirmisin...
Windows görev yöneticisinde garip şeyler görüyorum(mesela explorer.exe:userini.exe gibi)


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:00, on 19.11.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\AvaFind\AvaFind.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
E:\Yedek D\Prog\serhan program dvd\anti virüs\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [AvaFind] "C:\Program Files\AvaFind\AvaFind.exe" /minimized
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKCU\..\Policies\Explorer\Run: [userini] C:\WINDOWS\system32\userini.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
O4 - Global Startup: AutorunsDisabled
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1247544337328
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1247544298750
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) -http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CS1\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5
O17 - HKLM\System\CS2\Services\Tcpip\..\{8F9AD8AB-03ED-4346-AA16-105DBA5B8117}: NameServer = 4.2.2.1,4.2.2.5
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

--
End of file - 5998 bytes


Bu mesaja 1 cevap geldi.
T
taco_paso_24
14 yıl
Yüzbaşı

Sana zahmet bi benim bilgisayara bakarmısın. YouTube tarzı Steam video yüklemelerinde bir yavaşlık söz konusu. Kullandığım Tarayıcıdan da olabilir. Yardımcı olursan sevinirim. 

Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 23:30:24, on 19.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\nvsvc32.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\Eset\nod32kui.exe 
  C:\WINDOWS\RTHDCPL.EXE 
  C:\WINDOWS\SOUNDMAN.EXE 
  C:\Program Files\Norton Ghost\Agent\VProTray.exe 
  C:\WINDOWS\system32\RUNDLL32.EXE 
  C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe 
  C:\Program Files\cFosSpeed\cFosSpeed.exe 
  C:\Program Files\iTunes\iTunesHelper.exe 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\DNA\btdna.exe 
  C:\Program Files\Internet Download Manager\IDMan.exe 
  C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe 
  C:\Program Files\Pando Networks\Media Booster\PMB.exe 
  C:\program files\steam\steam.exe 
  C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe 
  C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
  C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 
  C:\Program Files\Bonjour\mDNSResponder.exe 
  C:\Program Files\cFosSpeed\spd.exe 
  C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe 
  C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\Microsoft LifeCam\MSCamS32.exe 
  C:\Program Files\Eset\nod32krn.exe 
  C:\Program Files\Norton Ghost\Agent\VProSvc.exe 
  C:\WINDOWS\system32\PnkBstrA.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 
  C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe 
  C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
  C:\Program Files\iPod\bin\iPodService.exe 
  C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe 
  C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe 
  C:\WINDOWS\system32\wbem\wmiapsrv.exe 
  C:\Program Files\Internet Download Manager\IEMonitor.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\wscntfy.exe 
  C:\Program Files\Microsoft LifeCam\LifeTray.exe 
  C:\WINDOWS\system32\PnkBstrB.exe 
  C:\Program Files\Mozilla Firefox\firefox.exe 
  D:\Programlar\HijackThis.exe 
   
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch 
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local 
  O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll 
  O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll 
  O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE 
  O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe 
  O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE 
  O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE 
  O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE 
  O4 - HKLM\..\Run: [Norton Ghost 12.0] "C:\Program Files\Norton Ghost\Agent\VProTray.exe" 
  O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe" 
  O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install 
  O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup 
  O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit 
  O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" 
  O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime 
  O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe 
  O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" 
  O4 - HKCU\..\Run: [EPSON Stylus DX8400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICEE.EXE /FU "C:\WINDOWS\TEMP\E_S6F.tmp" /EF "HKCU" 
  O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot 
  O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Documents and Settings\Ev\Application Data\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun 
  O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe 
  O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent 
  O4 - HKCU\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray 
  O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe 
  O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm 
  O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm 
  O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm 
  O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\ssv.dll 
  O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll 
  O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll 
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab 
  O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) -http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab 
  O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251470904984 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O17 - HKLM\System\CCS\Services\Tcpip\..\{72D8E278-20CF-455E-9CBB-358937289715}: NameServer = 208.67.222.222,208.67.220.220 
  O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll 
  O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe 
  O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe 
  O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe 
  O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe 
  O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe 
  O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe 
  O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe 
  O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE 
  O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe 
  O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe 
  O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset  - C:\Program Files\Eset\nod32krn.exe 
  O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton Ghost\Agent\VProSvc.exe 
  O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) 
  O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe 
  O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe 
  O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe 
  O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe 
   
  -- 
  End of file - 9877 bytes


Bu mesaja 2 cevap geldi.
P
playup
14 yıl
Er

Merhaba Kaspersky İnternet Security 8 kullanıyorum.Pc her açılıştan sonra kis tarafından Win32 Agent.amjd saptayıp siliyor.İçeren klasör olarak system32 /drvstore gösteriyor.Ekteki Log dosyasını inceleyebilirmisiniz.Teşekkürler... 
Logfile of Trend Micro HijackThis v2.0.2 
  Scan saved at 15:36:18, on 20.11.2009 
  Platform: Windows XP SP3 (WinNT 5.01.2600) 
  MSIE: Internet Explorer v8.00 (8.00.6001.18702) 
  Boot mode: Normal 
   
  Running processes: 
  C:\WINDOWS\System32\smss.exe 
  C:\WINDOWS\system32\winlogon.exe 
  C:\WINDOWS\system32\services.exe 
  C:\WINDOWS\system32\lsass.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\WINDOWS\System32\svchost.exe 
  C:\WINDOWS\system32\spoolsv.exe 
  C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 
  C:\Program Files\Intel\AMT\atchksrv.exe 
  C:\WINDOWS\etlisrv.exe 
  C:\Program Files\Java\jre6\bin\jqs.exe 
  C:\Program Files\Common Files\LightScribe\LSSrvc.exe 
  C:\Program Files\Intel\AMT\LMS.exe 
  C:\Program Files\Google\Update\1.2.183.13\GoogleCrashHandler.exe 
  C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe 
  C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe 
  C:\WINDOWS\system32\svchost.exe 
  C:\Program Files\Intel\AMT\UNS.exe 
  C:\WINDOWS\Explorer.EXE 
  C:\Program Files\CheckPoint\SecuRemote\bin\SR_GUI.Exe 
  C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  C:\WINDOWS\system32\igfxtray.exe 
  C:\WINDOWS\system32\hkcmd.exe 
  C:\WINDOWS\system32\igfxsrvc.exe 
  C:\WINDOWS\system32\igfxpers.exe 
  C:\Program Files\Intel\AMT\atchk.exe 
  C:\Program Files\Winamp\winampa.exe 
  C:\WINDOWS\VMSnap3.exe 
  C:\WINDOWS\Domino.exe 
  C:\Program Files\Java\jre6\bin\jusched.exe 
  C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe 
  C:\Program Files\Microsoft ActiveSync\wcescomm.exe 
  C:\Program Files\DAEMON Tools Lite\daemon.exe 
  C:\PROGRA~1\MICROS~3\rapimgr.exe 
  C:\Documents and Settings\term1\Local Settings\Application Data\Google\Update\1.2.183.13\GoogleCrashHandler.exe 
  C:\WINDOWS\system32\etlitr50.exe 
  M:\Tiger2\LENGINE1.EXE 
  C:\WINDOWS\system32\ctfmon.exe 
  C:\Program Files\Windows Live\Messenger\msnmsgr.exe 
  C:\Program Files\Windows Live\Contacts\wlcomm.exe 
  C:\Program Files\Internet Explorer\iexplore.exe 
  C:\Program Files\Internet Explorer\iexplore.exe 
  C:\Program Files\Internet Explorer\iexplore.exe 
  C:\Program Files\Trend Micro\HijackThis\HijackThis.exe 
   
  R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 
  R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
  R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 
  R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local 
  R3 - URLSearchHook: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll 
  O1 - Hosts: 193.202.221.20 webserver 
  O1 - Hosts: 193.202.221.20 webserver.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.36 ulpa1_boot 
  O1 - Hosts: 193.202.221.94 ulpdb ulpvip 
  O1 - Hosts: 193.202.221.100 ulpdb_boot 
  O1 - Hosts: 193.202.221.101 ulpa1 
  O1 - Hosts: 193.202.221.103 ulpa2 
  O1 - Hosts: 193.202.221.104 ulpa3 
  O1 - Hosts: 193.202.221.105 ulpa4 
  O1 - Hosts: 193.202.221.221 ulpa5 
  O1 - Hosts: 193.202.221.252 ulpa6 
  O1 - Hosts: 193.202.221.93 ulpa7 
  O1 - Hosts: 193.202.221.118 ulpa8 
  O1 - Hosts: 193.202.221.116 ulpa9 
  O1 - Hosts: 193.202.221.119 ulpa10 
  O1 - Hosts: 193.202.221.124 ulpa11 
  O1 - Hosts: 193.202.221.133 ulpa12 
  O1 - Hosts: 194.27.120.6 bogazici 
  O1 - Hosts: 194.27.120.7 portland 
  O1 - Hosts: 145.55.45.7 cgiu029a.eu.unilever.com 
  O1 - Hosts: 145.55.45.7 cgiu029a 
  O1 - Hosts: 145.55.68.64 ar1s002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 ar1d002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 ar1q002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.65 ab2d002a.eu.unilever.com 
  O1 - Hosts: 145.55.64.71 ab2p002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.65 ab2q002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 ar1r002a.eu.unilever.com 
  O1 - Hosts: 145.55.64.73 ar1p002a.eu.unilever.com 
  O1 - Hosts: 145.55.68.64 psiu014a.eu.unilever.com 
  O1 - Hosts: 152.109.232.234 istsemb20001 
  O1 - Hosts: 152.109.232.234 istsemb20001.s2.ms.unilever.com 
  O1 - Hosts: 193.202.205.182 univpn 
  O1 - Hosts: 193.202.205.182 univpn.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.205.182 istsapp20002 
  O1 - Hosts: 193.202.205.182 istsapp20002.s2.ms.unilever.com 
  O1 - Hosts: 145.17.109.233 istsapp20015 
  O1 - Hosts: 145.17.109.233 istsapp20015.s2.ms.unilever.com 
  O1 - Hosts: 161.193.116.238 im.unilever.com 
  O1 - Hosts: 194.133.173.159 istsapp20009 
  O1 - Hosts: 194.133.173.159 istsapp20009.s2.ms.unilever.com 
  O1 - Hosts: 193.202.205.177 istsapp20022 
  O1 - Hosts: 193.202.205.177 istsapp20022.s2.ms.unilever.com 
  O1 - Hosts: 193.202.221.126 unisat 
  O1 - Hosts: 193.202.221.126 unisat.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.220 pera 
  O1 - Hosts: 193.202.221.220 pera.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.126 istsapp20008 
  O1 - Hosts: 193.202.221.126 istsapp20008.s2.ms.unilever.com 
  O1 - Hosts: 193.202.221.220 istsapp20004 
  O1 - Hosts: 193.202.221.220 istsapp20004.s2.ms.unilever.com 
  O1 - Hosts: 193.202.221.20 creditcards 
  O1 - Hosts: 193.202.221.20 creditcards.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.31 ist-cmi 
  O1 - Hosts: 193.202.221.31 ist-fci 
  O1 - Hosts: 193.202.221.31 ist-fusion 
  O1 - Hosts: 193.202.221.31 ist-genesis 
  O1 - Hosts: 193.202.221.31 ist-hukuk 
  O1 - Hosts: 193.202.221.31 ist-imagesolutions 
  O1 - Hosts: 193.202.221.31 ist-mc 
  O1 - Hosts: 193.202.221.31 ist-merchandising 
  O1 - Hosts: 193.202.221.31 ist-npibuying 
  O1 - Hosts: 193.202.221.31 ist-sctr 
  O1 - Hosts: 193.202.221.31 ist-taxnotes 
  O1 - Hosts: 193.202.221.31 ist-teknoport 
  O1 - Hosts: 193.202.221.31 ist-ufsportal 
  O1 - Hosts: 193.202.221.31 ist-universe 
  O1 - Hosts: 193.202.221.31 univert 
  O1 - Hosts: 193.202.221.20 uniselweb 
  O1 - Hosts: 193.202.221.20 uniselweb.ho.u2638.unilever.com 
  O1 - Hosts: 193.202.221.102 mevlana 
  O1 - Hosts: 193.202.221.20 pmstr 
  O1 - Hosts: 193.202.221.20 pmstr.ho.u2638.unilever.com 
  O2 - BHO: (no name) - {04DE8C6E-B6BF-405E-ACAB-9877068E35Ad} - C:\WINDOWS\System32\ddeml32.dll 
  O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll 
  O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll 
  O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll 
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) 
  O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll 
  O2 - BHO: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll 
  O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll 
  O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll 
  O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - C:\PROGRA~1\FlashFXP\IEFlash.dll (file missing) 
  O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll 
  O3 - Toolbar: TurkeyForum Yeni Toolbar - {954155f1-68a2-4246-8ba7-3165a4eb213f} - C:\Program Files\TurkeyForum_Yeni\tbTur1.dll 
  O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe 
  O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe 
  O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe 
  O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe 
  O4 - HKLM\..\Run: [LayoutM] KLayMgr.exe 
  O4 - HKLM\..\Run: [atchk] "C:\Program Files\Intel\AMT\atchk.exe" 
  O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" 
  O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" 
  O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" 
  O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.exe 
  O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.exe 
  O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" 
  O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" 
  O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden 
  O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c 
  O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" 
  O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun 
  O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe 
  O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-US)_AppleWebKit/532.0_(KHTML,_like_Gecko)_Chrome/3.0.195.27_Safari/532.0" -"http://www.miniclip.com/games/masters-of-wrestling/en/master_of_wrestling.dcr" 
  O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') 
  O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') 
  O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe 
  O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe 
  O4 - Global Startup: Entrust.lnk = C:\WINDOWS\system32\etlitr50.exe 
  O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE 
  O8 - Extra context menu item: Banner Ad Blocker’a ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm 
  O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll 
  O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.33.0\gears.dll 
  O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll 
  O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\WINDOWS\system32\shdocvw.dll 
  O9 - Extra button: Web trafiği koruması istatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll 
  O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll 
  O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll 
  O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll 
  O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL 
  O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe 
  O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe 
  O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB 
  O16 - DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} (RSClientPrint 2005 Class) -http://pera/Reserved.ReportViewerWebControl.axd?ReportSession=fmyqfxmvoetneu555zwpyj45&ControlID=b7a636084f784c4bbb18811b0a783059&Culture=1055&UICulture=1055&ReportStack=1&OpType=PrintCab 
  O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -http://88.247.223.172:8090/webgis/adapazari/activex/mgaxctrl.cab 
  O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) -http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab 
  O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab 
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab 
  O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab 
  O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe 
  O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe 
  O23 - Service: Entrust Login Interface (ELIService) - Entrust(R) - C:\WINDOWS\etlisrv.exe 
  O23 - Service: EpsonBidirectionalService - Unknown owner - C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe 
  O23 - Service: Google Update Service (gupdate1c9a9624c8f6588) (gupdate1c9a9624c8f6588) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe 
  O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 
  O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe 
  O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe 
  O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe 
  O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe 
  O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe 
  O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe 
   
  -- 
  End of file - 14709 bytes 
  

ComboFix 09-11-19.05 - Term1 20.11.2009 13:35.2.2 - x86 
  Microsoft Windows XP Professional  5.1.2600.3.1254.90.1033.18.2002.1534 [GMT 2:00] 
  Running from: c:\documents and settings\term1\My Documents\New Programs\Anti virüs\ComboFix.exe 
  AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0} 
  FW: Kaspersky Internet Security *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0} 
  . 
   
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  c:\windows\system32\LocalService 
  . 
  ---- Previous Run ------- 
  . 
  c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease on the Web.lnk 
  c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Spyware Cease.lnk 
  c:\documents and settings\All Users\Start Menu\Programs\Spyware Cease\Uninstall Spyware Cease.lnk 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684C.manifest 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684O.manifest 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684P.manifest 
  c:\documents and settings\term1\Application Data\02000000ff2ed2ed684S.manifest 
  c:\program files\Spyware Cease\AutoUpdate.exe 
  c:\program files\Spyware Cease\bmgac 
  c:\program files\Spyware Cease\dxddd 
  c:\program files\Spyware Cease\fp.fpl 
  c:\program files\Spyware Cease\hrdb.hrl 
  c:\program files\Spyware Cease\idamx 
  c:\program files\Spyware Cease\iflee 
  c:\program files\Spyware Cease\LSR.lsr 
  c:\program files\Spyware Cease\md5.dll 
  c:\program files\Spyware Cease\mtools.dll 
  c:\program files\Spyware Cease\networkdll.dll 
  c:\program files\Spyware Cease\opfile.dll 
  c:\program files\Spyware Cease\QAreaDLL.dll 
  c:\program files\Spyware Cease\rgp.tmp 
  c:\program files\Spyware Cease\RkHitApi.dll 
  c:\program files\Spyware Cease\sctools.dll 
  c:\program files\Spyware Cease\spkdll.dll 
  c:\program files\Spyware Cease\SpywareCease.chm 
  c:\program files\Spyware Cease\SpywareCease.exe 
  c:\program files\Spyware Cease\SpywareCease.url 
  c:\program files\Spyware Cease\tmp5 
  c:\program files\Spyware Cease\udefend.dll 
  c:\program files\Spyware Cease\unins000.dat 
  c:\program files\Spyware Cease\unins000.exe 
  c:\program files\Spyware Cease\update\Update.ini 
  c:\program files\Spyware Cease\update\uplist.up 
  c:\program files\Spyware Cease\update1 
  c:\program files\Spyware Cease\update2 
  c:\program files\Spyware Cease\update3 
  c:\program files\Spyware Cease\ussafe.dll 
  c:\program files\Spyware Cease\vf 
  c:\program files\Spyware Cease\vsn.lst 
  c:\program files\Spyware Cease\wl.swl 
  c:\program files\Spyware Cease\xxcum 
  c:\program files\Spyware Cease\zlib1.dll 
  c:\windows\system32\D3D8THK32.DLL 
  c:\windows\system32\drivers\RKHit.sys 
  c:\windows\system32\GroupPolicy000.dat 
  c:\windows\system32\Ijl11.dll 
  c:\windows\system32\LocalService\329.crack.zip 
  c:\windows\system32\LocalService\329.crack.zip.kwd 
  c:\windows\system32\LocalService\330.keygen.zip 
  c:\windows\system32\LocalService\330.keygen.zip.kwd 
  c:\windows\system32\LocalService\331.serial.zip 
  c:\windows\system32\LocalService\331.serial.zip.kwd 
  c:\windows\system32\LocalService\332.setup.zip 
  c:\windows\system32\LocalService\332.setup.zip.kwd 
  c:\windows\system32\LocalService\333.music.au 
  c:\windows\system32\LocalService\333.music.au.kwd 
  c:\windows\system32\LocalService\334.music2.au 
  c:\windows\system32\LocalService\334.music2.au.kwd 
  c:\windows\system32\LocalService\335.music3.au 
  c:\windows\system32\LocalService\335.music3.au.kwd 
  c:\windows\system32\LocalService\336.music4.au 
  c:\windows\system32\LocalService\336.music4.au.kwd 
   
  . 
  (((((((((((((((((((((((((((((((((((((((   Drivers/Services   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
   
  -------\Legacy_RKHIT 
  -------\Service_RkHit 
   
   
  (((((((((((((((((((((((((   Files Created from 2009-10-20 to 2009-11-20  ))))))))))))))))))))))))))))))) 
  . 
   
  2009-11-20 11:35 . 2008-04-13 18:40	96512	-c--a-w-	c:\windows\system32\dllcache\atapi.sys 
  2009-11-20 11:35 . 2008-04-13 18:40	96512	----a-w-	c:\windows\system32\drivers\atapi.sys 
  2009-11-20 07:28 . 2009-11-20 07:28	187904	----a-w-	c:\windows\system32\ddeml32.dll 
  2009-11-19 14:51 . 2009-11-19 14:51	187904	----a-w-	c:\windows\system32\hccoin32.dll 
  2009-11-19 14:45 . 2009-11-19 14:45	187904	----a-w-	c:\windows\system32\etmimres32.dll 
  2009-11-19 10:40 . 2009-11-19 10:40	187904	----a-w-	c:\windows\system32\dpnwsock32.dll 
  2009-11-19 07:35 . 2009-11-19 07:35	187904	----a-w-	c:\windows\system32\dxtmeta232.dll 
  2009-11-18 15:10 . 2009-11-18 15:10	187904	----a-w-	c:\windows\system32\drmclien32.dll 
  2009-11-18 07:38 . 2009-11-18 07:38	187904	----a-w-	c:\windows\system32\etdsk32.dll 
  2009-11-17 09:13 . 2009-11-17 09:13	187904	----a-w-	c:\windows\system32\d3drm32.dll 
  2009-11-17 08:51 . 2009-11-18 12:15	--------	d-----w-	c:\program files\Loaris Trojan Remover 
  2009-11-17 07:59 . 2009-11-17 07:59	187904	----a-w-	c:\windows\system32\esent32.dll 
  2009-11-17 07:39 . 2009-11-17 07:39	187904	----a-w-	c:\windows\system32\dot3cfg32.dll 
  2009-11-16 09:01 . 2009-11-16 09:01	187904	----a-w-	c:\windows\system32\cryptdlg32.dll 
  2009-11-14 07:45 . 2006-09-16 17:44	314368	----a-w-	c:\windows\system32\avisynth.dll 
  2009-11-14 07:45 . 2004-05-26 19:37	719872	----a-w-	c:\windows\system32\devil.dll 
  2009-11-14 07:45 . 2009-11-14 07:46	--------	d-----w-	c:\program files\Video Convert Master 
  2009-11-04 07:42 . 2009-11-04 07:42	152576	----a-w-	c:\documents and settings\term1\Application Data\Sun\Java\jre1.6.0_17\lzma.dll 
  2009-11-04 07:33 . 2009-11-04 07:34	--------	d-----w-	c:\documents and settings\NetworkService\Local Settings\Application Data\Temp 
  2009-11-03 14:23 . 2009-11-03 14:23	--------	d-----w-	c:\documents and settings\term1\Local Settings\Application Data\IsolatedStorage 
  2009-11-03 09:52 . 2009-11-03 09:52	--------	d-----w-	c:\windows\system32\wbem\Repository 
  2009-11-02 14:47 . 2009-11-14 08:05	--------	d-----w-	c:\program files\PDF Password Remover v3.1 
  2009-11-02 14:32 . 2009-11-14 08:06	--------	d-----w-	c:\program files\ElcomSoft 
  2009-11-02 13:37 . 2009-11-02 13:37	--------	d-----w-	c:\program files\Your Uninstaller 
  2009-10-31 15:14 . 2009-10-31 15:15	1455930	----a-w-	c:\documents and settings\term1\Application Data\Move Networks\MoveMediaPlayerWinSilent_071504000001.exe 
  2009-10-31 15:13 . 2009-10-31 15:13	127872	----a-w-	c:\documents and settings\term1\Application Data\Move Networks\uninstall.exe 
  2009-10-31 15:13 . 2009-11-02 12:16	--------	d-----w-	c:\documents and settings\term1\Application Data\Move Networks 
  2009-10-24 11:44 . 2009-10-24 11:44	--------	d-----w-	c:\program files\NCT 
  2009-10-24 11:43 . 2009-10-24 11:50	--------	d-----w-	c:\program files\Text to Speech Maker 
   
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  2009-11-20 11:25 . 2009-08-25 14:26	--------	d-----w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab 
  2009-11-20 11:22 . 2009-08-25 14:26	630816	--sha-w-	c:\windows\system32\drivers\fidbox2.dat 
  2009-11-20 11:22 . 2009-08-25 14:26	3236	--sha-w-	c:\windows\system32\drivers\fidbox2.idx 
  2009-11-20 11:22 . 2009-08-25 14:26	2569760	--sha-w-	c:\windows\system32\drivers\fidbox.dat 
  2009-11-20 11:22 . 2009-08-25 14:26	21156	--sha-w-	c:\windows\system32\drivers\fidbox.idx 
  2009-11-19 14:50 . 2009-04-06 15:06	--------	d---a-w-	c:\documents and settings\All Users\Application Data\TEMP 
  2009-11-19 14:44 . 2009-10-07 10:29	--------	d-----w-	c:\program files\kikin 
  2009-11-16 09:01 . 2009-11-16 09:01	0	----a-w-	c:\windows\system32\21.tmp 
  2009-11-16 07:38 . 2009-11-16 07:38	0	----a-w-	c:\windows\system32\5.tmp 
  2009-11-14 07:45 . 2009-04-25 06:34	--------	d-----w-	c:\documents and settings\term1\Application Data\Vso 
  2009-11-14 07:45 . 2009-04-25 06:34	81920	----a-w-	c:\documents and settings\term1\Application Data\ezpinst.exe 
  2009-11-14 07:45 . 2009-04-25 06:34	81920	----a-w-	c:\documents and settings\term1\Application Data\ezpinst.exe 
  2009-11-14 07:45 . 2009-04-25 06:34	47360	----a-w-	c:\windows\system32\drivers\pcouffin.sys 
  2009-11-14 07:45 . 2009-04-25 06:34	47360	----a-w-	c:\documents and settings\term1\Application Data\pcouffin.sys 
  2009-11-14 07:45 . 2009-04-25 06:34	47360	----a-w-	c:\documents and settings\term1\Application Data\pcouffin.sys 
  2009-11-14 05:10 . 2009-11-14 05:10	0	----a-w-	c:\windows\system32\1AD.tmp 
  2009-11-09 07:56 . 2008-11-29 12:24	--------	d-----w-	c:\program files\Messenger Plus! Live 
  2009-11-04 07:43 . 2008-12-29 11:53	--------	d-----w-	c:\program files\Java 
  2009-11-04 07:35 . 2009-03-20 13:46	--------	d-----w-	c:\program files\Google 
  2009-11-02 13:34 . 2009-06-10 08:01	--------	d-----w-	c:\program files\Your Uninstaller 2008 
  2009-11-02 12:23 . 2008-11-25 07:36	--------	d-----w-	c:\program files\Opera 
  2009-10-31 15:13 . 2009-06-16 06:35	4183416	----a-w-	c:\documents and settings\term1\Application Data\Move Networks\plugins\npqmp071503000010.dll 
  2009-10-22 07:29 . 2008-01-23 14:14	--------	d-----w-	c:\program files\Common Files\Adobe 
  2009-10-14 13:31 . 2009-08-25 14:27	95259	----a-w-	c:\windows\system32\drivers\klick.dat 
  2009-10-14 13:31 . 2009-08-25 14:27	108059	----a-w-	c:\windows\system32\drivers\klin.dat 
  2009-10-11 02:17 . 2008-12-29 11:53	411368	----a-w-	c:\windows\system32\deploytk.dll 
  2009-10-10 15:51 . 2009-10-10 15:51	--------	d-----w-	c:\program files\ConvertHelper 
  2009-10-07 13:04 . 2009-10-07 10:29	--------	d-----w-	c:\documents and settings\term1\Application Data\kikin 
  2009-10-07 06:26 . 2009-09-04 14:51	--------	d-----w-	c:\program files\Spreng- und Abriss-Simulator 
  2009-10-06 15:05 . 2009-10-06 14:49	--------	d-----w-	c:\documents and settings\term1\Application Data\LimeWire 
  2009-10-06 15:03 . 2009-10-06 15:03	0	----a-w-	c:\windows\system32\BF.tmp 
  2009-10-06 14:51 . 2009-10-06 14:51	7680	----a-w-	c:\documents and settings\term1\Application Data\Thinstall\LimeWire PRO 5.3.6\10000001000003i\ipconfig.exe 
  2009-10-05 15:08 . 2009-10-05 15:08	--------	d-----w-	c:\program files\WatermarkSoftware 
  2009-09-30 11:18 . 2009-09-30 11:18	--------	d-----w-	c:\program files\Microsoft 
  2009-09-25 16:31 . 2009-09-16 09:02	--------	d-----w-	c:\program files\Landwirtschafts-Simulator 2009 Demo 
  2009-09-25 16:03 . 2009-09-25 16:03	--------	d-----w-	c:\documents and settings\term1\Application Data\DAEMON Tools Pro 
  2009-09-23 07:10 . 2009-09-23 07:10	--------	d-----w-	c:\documents and settings\All Users\Application Data\Office Genuine Advantage 
  2009-09-23 07:10 . 2009-09-23 07:10	--------	d-----w-	c:\documents and settings\term1\Application Data\Office Genuine Advantage 
  2009-09-22 14:13 . 2009-03-16 14:09	--------	d-----w-	c:\documents and settings\term1\Application Data\Winamp 
  2009-09-22 13:52 . 2009-09-22 13:52	--------	d-----w-	c:\program files\Aiseesoft Studio 
  2009-09-22 13:34 . 2008-12-12 15:39	--------	d-----w-	c:\program files\XnView 
  2009-09-22 13:26 . 2009-03-18 15:01	--------	d-----w-	c:\program files\FlashFXP 
  2009-09-22 13:26 . 2009-01-31 13:55	--------	d-----w-	c:\program files\GoldWave 
  2009-09-22 13:25 . 2009-08-25 13:29	--------	d-----w-	c:\program files\Audacity 
  2009-09-22 13:23 . 2008-12-22 12:45	--------	d-----w-	c:\program files\Image Mender 
  2009-09-22 13:17 . 2009-09-22 12:28	--------	d-----w-	c:\documents and settings\term1\Application Data\Leawo 
  2009-09-22 13:10 . 2009-09-22 12:28	--------	d-----w-	c:\program files\Leawo 
  2009-09-11 14:18 . 1980-01-01 00:00	136192	----a-w-	c:\windows\system32\msv1_0.dll 
  2009-09-04 21:03 . 1980-01-01 00:00	58880	----a-w-	c:\windows\system32\msasn1.dll 
  2009-09-04 14:50 . 2009-09-04 14:50	268048	----a-w-	c:\windows\system32\dxtmeta2.dll 
  2009-09-04 14:45 . 2009-09-04 14:45	721904	----a-w-	c:\windows\system32\drivers\sptd.sys 
  2009-09-03 12:56 . 2009-09-03 12:56	2560	----a-w-	c:\windows\_MSRSTRT.EXE 
  2009-08-29 08:08 . 1980-01-01 00:00	916480	----a-w-	c:\windows\system32\wininet.dll 
  2009-08-26 08:00 . 1980-01-01 00:00	247326	----a-w-	c:\windows\system32\strmdll.dll 
  2009-08-25 14:43 . 2008-01-29 14:29	33808	----a-w-	c:\windows\system32\drivers\klbg.sys 
  2009-08-25 14:43 . 2009-08-25 14:43	109072	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll 
  2009-08-25 14:43 . 2009-08-25 14:43	59920	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll 
  2009-08-25 14:43 . 2009-08-25 14:43	33808	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys 
  2009-08-25 14:43 . 2009-08-25 14:43	208616	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe 
  2009-08-25 14:43 . 2009-08-25 14:43	226832	----a-w-	c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys 
  . 
   
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] 
  "{954155f1-68a2-4246-8ba7-3165a4eb213f}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296] 
   
  [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{04DE8C6E-B6BF-405E-ACAB-9877068E35Ad}] 
  2009-11-20 07:28	187904	----a-w-	c:\windows\system32\ddeml32.dll 
   
  [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
  2009-11-03 10:38	2166296	----a-w-	c:\program files\TurkeyForum_Yeni\tbTur1.dll 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] 
  "{954155f1-68a2-4246-8ba7-3165a4eb213f}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296] 
   
  [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
   
  [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] 
  "{954155F1-68A2-4246-8BA7-3165A4EB213F}"= "c:\program files\TurkeyForum_Yeni\tbTur1.dll" [2009-11-03 2166296] 
   
  [HKEY_CLASSES_ROOT\clsid\{954155f1-68a2-4246-8ba7-3165a4eb213f}] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-11-19 2295072] 
  "Google Update"="c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-06-30 133104] 
  "H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-06-26 1207080] 
  "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656] 
   
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 
  "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe" [2009-07-31 468408] 
   
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-07-10 1036288] 
  "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-07 141848] 
  "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-09-07 166424] 
  "Persistence"="c:\windows\system32\igfxpers.exe" [2007-09-07 137752] 
  "atchk"="c:\program files\Intel\AMT\atchk.exe" [2007-06-07 408344] 
  "WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-01-22 36352] 
  "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696] 
  "AVP"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe" [2009-08-25 208616] 
  "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] 
  "Domino"="c:\windows\Domino.exe" [2006-07-04 49152] 
  "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288] 
  "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] 
  "LayoutM"="KLayMgr.exe" - c:\windows\KLayMgr.exe [2004-08-26 45056] 
   
  [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] 
  "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify] 
  2004-07-13 20:14	24673	----a-w-	c:\windows\system32\ckpNotify.dll 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center] 
  "AntiVirusOverride"=dword:00000001 
  "FirewallOverride"=dword:00000001 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] 
  "DisableMonitoring"=dword:00000001 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] 
  "EnableFirewall"= 0 (0x0) 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] 
  "c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"= 
  "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager 
  "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager 
  "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application 
  "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= 
   
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] 
  "3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009 
  "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service 
   
  R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [29.01.2008 16:29 33808] 
  R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [04.09.2009 16:45 721904] 
  R1 Asapi;Asapi;c:\windows\system32\drivers\asapi.sys [12.01.2009 09:30 11264] 
  R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [23.01.2008 16:20 17456] 
  R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\Intel\AMT\UNS.exe [25.01.2008 08:21 2521880] 
  R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [23.01.2008 16:20 670128] 
  R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [23.01.2008 16:21 2041904] 
  R3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\drivers\klfltdev.sys [13.03.2008 17:02 26640] 
  R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [30.04.2008 16:06 24592] 
  S2 gupdate1c9a9624c8f6588;Google Update Service (gupdate1c9a9624c8f6588);c:\program files\Google\Update\GoogleUpdate.exe [20.03.2009 15:46 133104] 
  S3 HPKBCCID;HP Keyboard Smart Card Driver;c:\windows\system32\drivers\HPKBCCID.sys [25.01.2008 08:12 46976] 
  S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [23.01.2008 16:21 14924] 
  S3 STC2DFU;STCII DFU Adapter;c:\windows\system32\drivers\Stc2Dfu.sys [25.10.2004 00:04 7796] 
  S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [03.10.2009 15:02 480128] 
  S3 ZSMC0303;A4 TECH PC Camera H;c:\windows\system32\Drivers\usbVM303.sys --> c:\windows\system32\Drivers\usbVM303.sys [?] 
   
  --- Other Services/Drivers In Memory --- 
   
  *NewlyCreated* - CLASSPNP_2 
  *Deregistered* - CLASSPNP_2 
   
  [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}] 
  "c:\program files\Common Files\LightScribe\LSRunOnce.exe" 
  . 
  Contents of the 'Scheduled Tasks' folder 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job 
  - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:46] 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job 
  - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-20 13:46] 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1078145449-725345543-1003Core.job 
  - c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 11:23] 
   
  2009-11-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1078145449-725345543-1003UA.job 
  - c:\documents and settings\term1\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-08-08 11:23] 
  . 
  . 
  ------- Supplementary Scan ------- 
  . 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = local 
  IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 
  IE: {{0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - {E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll 
  DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} - hxxps://sube.garanti.com.tr/lib/JaguarEditControl.CAB 
  DPF: {41861299-EAB2-4DCC-986C-802AE12AC499} - hxxp://pera/Reserved.ReportViewerWebControl.axd?ReportSession=fmyqfxmvoetneu555zwpyj45&ControlID=b7a636084f784c4bbb18811b0a783059&Culture=1055&UICulture=1055&ReportStack=1&OpType=PrintCab 
  . 
  - - - - ORPHANS REMOVED - - - - 
   
  BHO-{E601996F-E400-41CA-804B-CD6373A7EEE2} - c:\program files\kikin\ie_kikin.dll 
  HKCU-Run-DLD.EXE - c:\program files\Download Direct\DLD.exe 
  HKLM-Run-SpywareCease.exe - c:\program files\Spyware Cease\SpywareCease.exe 
  Notify-6cae463d684 - c:\windows\System32\d3d8thk32.dll 
  AddRemove-DAEMON Tools Toolbar - c:\program files\DAEMON Tools Toolbar\uninst.exe 
   
   
   
  ************************************************************************** 
   
  catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net 
  Rootkit scan 2009-11-20 13:38 
  Windows 5.1.2600 Service Pack 3 NTFS 
   
  scanning hidden processes ...   
   
  scanning hidden autostart entries ...  
   
  scanning hidden files ...   
   
  scan completed successfully 
  hidden files: 0 
   
  ************************************************************************** 
   
  Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net 
   
  device: opened successfully 
  user: MBR read successfully 
  called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spvb.sys >>UNKNOWN [0x8A5D0938]<<  
  kernel: MBR read successfully 
  detected MBR rootkit hooks: 
  \Driver\Disk -> CLASSPNP.SYS @ 0xba0ecf28 
  \Driver\ACPI -> ACPI.sys @ 0xb9e66cb8 
  \Driver\atapi -> atapi.sys @ 0xb9dfbb40 
  IoDeviceObjectType -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 
   ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 
  \Device\Harddisk0\DR0 -> DeleteProcedure -> ntkrnlpa.exe @ 0x805836a8 
   ParseProcedure -> ntkrnlpa.exe @ 0x805827e8 
  NDIS:  -> SendCompleteHandler -> 0x0 
   PacketIndicateHandler -> 0x0 
   SendHandler -> 0x0 
  user & kernel MBR OK  
  Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net 
   
  atapi.sys @ 0x0 0x0 bytes 
   
  \Driver\atapi [ IRP_MJ_CREATE ] 0xA6F2 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_CLOSE ] 0xA6F2 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_DEVICE_CONTROL ] 0xA712 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_INTERNAL_DEVICE_CONTROL ] 0x6852 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_POWER ] 0xA73C != 0xB9DFBB40 atapi.sys 
  \Driver\atapi [ IRP_MJ_SYSTEM_CONTROL ] 0x11336 != 0xB9DFBB40 atapi.sys 
  \Driver\atapi IRP hooks detected ! 
   
  ************************************************************************** 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
   
  [HKEY_USERS\S-1-5-21-1960408961-1078145449-725345543-1003\Software\Local AppWizard-Generated Applications\S*T*B*L*i*n*k*_*2*.*0*1* *D*ü*z*e*n*l*e*m*e* *v*e* *Ç*e*v*i*r*i*:*T*a*s*a*r*1m*"!\Recent File List] 
  "File1"="c:\\Documents and Settings\\term1\\My Documents\\yedek\\My Documents\\next ye 2000 cx s.plus\\PROGRAM\\UserDataBase_12042008_2.UDB" 
  "File2"="c:\\Documents and Settings\\term1\\My Documents\\yedek\\My Documents\\next ye 2000 cx s.plus\\PROGRAM\\UserDataBase_12042008_1.UDB" 
  . 
  --------------------- DLLs Loaded Under Running Processes --------------------- 
   
  - - - - - - - > 'explorer.exe'(3332) 
  c:\windows\system32\WININET.dll 
  c:\windows\system32\ieframe.dll 
  c:\windows\system32\webcheck.dll 
  . 
  Completion time: 2009-11-20 13:40 
  ComboFix-quarantined-files.txt  2009-11-20 11:40 
   
  Pre-Run: 131.032.530.944 bytes free 
  Post-Run: 130.987.986.944 bytes free 
   
  WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe 
  [boot loader] 
  timeout=2 
  default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS 
  [operating systems] 
  c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons 
  multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect 
   
  - - End Of File - - 2FB367F2CEB40F213376AFAA26302212





< Bu mesaj bu kişi tarafından değiştirildi playup -- 20 Kasım 2009; 15:37:47 >

Donanım Sponsoru: incehesap.com
Yüklenme süresi: 2,844