Yeni Kayıt
Konudaki Resimler
önceki
|
Hızlı 
Bildirim
HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (441. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
4 Misafir - 4 Masaüstü
Giriş
Mesaj
-
-
quote:
Orijinalden alıntı: MrPesimist
Öncelikle iyi forumlar.Gerçekden çok yararlı bir iş yapıyorsunuz sizi can-ı gönülden kutluyorum.Benim Loglarada bir sorun var mı diye bir göz atarsanız sevinirim.
Ayrıca şöyle bir virüs problemim var;
Teşekkürler.
Rica ederim.
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\pchealth\helpctr\System\panels\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://dt-updates.com/activate?query=suepdxstkEueTWdkMMgUApgTj8J5wc9dIdYJdp3YgP2olZ5yvPKGA4%2fglpvcmHU1%2bSVOMGhwm29Jt9GB4xCArY%2b8jbyNX8NjKD9XgzKH%2fzonNSIVCX5MLWeUHifD8XRvArsrFNw3TKTKvnXjHFlz5oCxz5bgVWZ0hopit4bqX8QcL0acpq%2b1hfK4bjs%2fyu9XvvQ8y5OvDLzHVeBL3rtHGoeOEJAVqL9x1UN2w0K16fruGzq6JWelTMteXHs9xmGdNG6GsKXArzFWlqZ8Z9q3ROV%2fHw3IF3jZ3CIDimI6Vew%3d
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = PERFECT XP SP3
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [PopRock] C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\c.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orijinalden alıntı: baba_muhtar
Simdi bir de bir antivirus programi ile tam tarama yaptirin. Sorun kalmaz.
-
Buyrun;
ComboFix 09-10-18.06 - Administrator 19.10.2009 22:21.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2047.1594 [GMT 3:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2009-09-19 to 2009-10-19 )))))))))))))))))))))))))))))))
.
2009-10-19 16:32 . 2009-10-19 16:33 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Risen
2009-10-19 16:28 . 2009-10-19 16:28 -------- d-----w- c:\windows\system32\wbem\snmp
2009-10-19 16:28 . 2009-10-19 16:28 -------- d-----w- c:\windows\system32\xircom
2009-10-19 16:28 . 2009-10-19 16:28 -------- d-----w- c:\program files\microsoft frontpage
2009-10-19 13:40 . 2009-10-19 13:40 -------- d-----w- c:\program files\3B Software
2009-10-19 13:39 . 2009-10-19 13:43 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-10-19 13:39 . 2009-10-19 13:39 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Thinstall
2009-10-19 13:39 . 2009-10-19 13:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\Thinstall
2009-10-19 13:39 . 2009-10-19 13:43 -------- d-----w- c:\program files\Free Registry Fix
2009-10-18 18:21 . 2009-10-18 18:21 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\ESET
2009-10-18 16:57 . 2009-10-18 16:57 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\ESET
2009-10-18 16:49 . 2009-10-18 16:49 -------- d-----w- c:\program files\Trend Micro
2009-10-18 10:04 . 2009-10-18 10:05 -------- d-----w- C:\MenajerMedia
2009-10-17 18:47 . 2009-10-17 18:47 -------- d-----w- c:\windows\Sun
2009-10-17 15:20 . 2009-10-17 15:20 -------- d-----w- c:\program files\Alcohol Soft
2009-10-17 14:09 . 2009-10-17 14:09 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2009-10-17 14:08 . 2008-10-10 01:52 452440 ----a-w- c:\windows\system32\d3dx10_40.dll
2009-10-17 14:08 . 2008-10-10 01:52 4379984 ----a-w- c:\windows\system32\D3DX9_40.dll
2009-10-17 14:08 . 2008-10-10 01:52 2036576 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2009-10-17 14:08 . 2008-10-27 07:04 514384 ----a-w- c:\windows\system32\XAudio2_3.dll
2009-10-17 14:08 . 2008-10-27 07:04 235856 ----a-w- c:\windows\system32\xactengine3_3.dll
2009-10-17 14:08 . 2008-10-27 07:04 23376 ----a-w- c:\windows\system32\X3DAudio1_5.dll
2009-10-17 14:08 . 2008-10-27 07:04 70992 ----a-w- c:\windows\system32\XAPOFX1_2.dll
2009-10-17 14:08 . 2008-07-30 03:20 68616 ----a-w- c:\windows\system32\XAPOFX1_1.dll
2009-10-17 14:06 . 2009-10-17 14:06 -------- d-----w- c:\program files\Deep Silver
2009-10-17 13:57 . 2009-10-17 13:57 -------- d-----w- c:\program files\PowerISO
2009-10-17 13:26 . 2008-07-30 03:20 509448 ----a-w- c:\windows\system32\XAudio2_2.dll
2009-10-17 13:26 . 2008-07-30 03:20 238088 ----a-w- c:\windows\system32\xactengine3_2.dll
2009-10-17 13:26 . 2008-07-10 08:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll
2009-10-17 13:26 . 2008-07-10 08:00 1493528 ----a-w- c:\windows\system32\D3DCompiler_39.dll
2009-10-17 13:26 . 2008-07-10 08:00 3851784 ----a-w- c:\windows\system32\D3DX9_39.dll
2009-10-17 13:26 . 2008-05-30 11:19 507400 ----a-w- c:\windows\system32\XAudio2_1.dll
2009-10-17 13:26 . 2008-05-30 11:17 65032 ----a-w- c:\windows\system32\XAPOFX1_0.dll
2009-10-17 13:26 . 2008-05-30 11:18 238088 ----a-w- c:\windows\system32\xactengine3_1.dll
2009-10-17 13:26 . 2008-05-30 11:17 25608 ----a-w- c:\windows\system32\X3DAudio1_4.dll
2009-10-17 13:26 . 2008-05-30 11:11 467984 ----a-w- c:\windows\system32\d3dx10_38.dll
2009-10-17 13:26 . 2008-05-30 11:11 1491992 ----a-w- c:\windows\system32\D3DCompiler_38.dll
2009-10-17 13:26 . 2008-05-30 11:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
2009-10-17 13:23 . 2009-10-17 13:32 -------- d-----w- c:\program files\MagicDisc
2009-10-17 13:20 . 2009-10-17 13:20 -------- d-----w- c:\windows\Logs
2009-10-16 20:30 . 2009-10-16 20:30 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2009-10-16 19:11 . 2009-10-16 19:11 -------- d-----w- c:\documents and settings\Administrator\Application Data\Nero
2009-10-15 16:21 . 2009-10-18 17:05 138352 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2009-10-15 16:21 . 2009-10-18 17:05 191304 ----a-w- c:\windows\system32\PnkBstrB.exe
2009-10-15 16:21 . 2009-10-15 16:21 -------- d-----w- c:\windows\system32\LogFiles
2009-10-15 16:21 . 2009-10-15 16:21 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2009-10-15 16:21 . 2009-10-15 16:21 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PunkBuster
2009-10-15 16:02 . 2009-10-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-15 15:10 . 2009-10-15 15:10 60416 ----a-w- c:\windows\ALCFDRTM.EXE
2009-10-15 15:10 . 2009-10-15 15:10 -------- d-----w- c:\windows\system32\Lang
2009-10-15 15:10 . 2009-10-15 15:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\GRETECH
2009-10-15 15:10 . 2009-10-15 15:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-10-15 14:08 . 2009-10-18 13:11 -------- d-----w- c:\documents and settings\Administrator\Contacts
2009-10-15 14:03 . 2009-10-15 14:03 -------- d-----w- c:\program files\DAEMON Tools Lite
2009-10-15 14:00 . 2009-10-15 14:02 -------- d-----w- c:\program files\DAEMON Tools Pro
2009-10-15 14:00 . 2009-10-15 14:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-19 16:22 . 2009-10-15 13:02 -------- d-----w- c:\documents and settings\Administrator\Application Data\Xfire
2009-10-17 14:09 . 2009-10-15 12:07 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-17 13:17 . 2009-10-15 11:21 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-10-17 04:35 . 2009-10-15 10:59 -------- d-----w- c:\program files\FlashGet
2009-10-15 13:59 . 2009-10-15 11:39 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-10-15 13:59 . 2009-10-15 13:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2009-10-15 13:20 . 2009-10-15 13:20 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2009-10-15 13:20 . 2009-10-15 13:20 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2009-10-15 13:02 . 2009-10-15 13:02 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2009-10-15 12:07 . 2009-10-15 12:07 -------- d-----w- c:\program files\AGEIA Technologies
2009-10-15 12:06 . 2009-10-15 11:09 -------- d-----w- c:\program files\Java
2009-10-15 11:57 . 2009-10-15 11:57 0 ----a-w- c:\windows\nsreg.dat
2009-10-15 11:56 . 2009-10-15 11:56 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-10-15 11:55 . 2009-10-15 11:53 -------- d-----w- c:\program files\Winamp
2009-10-15 11:52 . 2009-10-15 11:52 -------- d-----w- c:\program files\GRETECH
2009-10-15 11:51 . 2009-10-15 11:51 -------- d-----w- c:\program files\VideoLAN
2009-10-15 11:50 . 2009-10-15 11:50 -------- d-----w- c:\program files\MSECache
2009-10-15 11:47 . 2001-11-22 19:00 81506 ----a-w- c:\windows\system32\perfc01F.dat
2009-10-15 11:47 . 2001-11-22 19:00 428200 ----a-w- c:\windows\system32\perfh01F.dat
2009-10-15 11:40 . 2009-10-15 11:40 -------- d-----w- c:\documents and settings\Administrator\Application Data\Canneverbe_Limited
2009-10-15 11:39 . 2009-10-15 11:39 -------- d-----w- c:\program files\RivaTuner v2.09
2009-10-15 11:39 . 2009-10-15 11:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools
2009-10-15 11:38 . 2009-10-15 11:38 -------- d-----w- c:\program files\Realtek Sound Manager
2009-10-15 11:38 . 2009-10-15 11:38 -------- d-----w- c:\program files\AvRack
2009-10-15 11:38 . 2009-10-15 11:38 -------- d-----w- c:\program files\AMD
2009-10-15 11:29 . 2009-10-15 11:29 -------- d-----w- c:\documents and settings\All Users\Application Data\ATI
2009-10-15 11:29 . 2009-10-15 11:29 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-10-15 11:28 . 2009-10-15 11:28 0 ----a-w- c:\windows\ativpsrm.bin
2009-10-15 11:26 . 2009-10-15 11:21 -------- d-----w- c:\program files\ATI Technologies
2009-10-15 11:25 . 2009-10-15 11:20 -------- d-----w- c:\program files\Common Files\InstallShield
2009-10-15 11:24 . 2009-10-15 11:24 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-10-15 11:10 . 2009-10-15 11:10 -------- d-----w- c:\program files\ESET
2009-10-15 11:10 . 2009-10-15 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-10-15 11:10 . 2009-10-15 11:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2009-10-15 11:10 . 2009-10-15 11:10 -------- d-----w- c:\program files\Haberler
2009-10-15 11:10 . 2009-10-15 11:10 -------- d-----w- c:\program files\Oyunlar
2009-10-15 11:10 . 2009-10-15 11:10 -------- d-----w- c:\program files\AudioShell
2009-10-15 11:09 . 2009-10-15 11:09 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-10-15 11:09 . 2009-10-15 11:09 -------- d-----w- c:\program files\Common Files\Java
2009-10-15 11:09 . 2009-10-15 11:09 -------- d-----w- c:\program files\Messenger Plus! Live
2009-10-15 11:09 . 2009-10-15 11:17 35800 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-15 11:08 . 2009-10-15 11:08 -------- d-----w- c:\program files\Windows Live
2009-10-15 11:08 . 2009-10-15 11:08 -------- d-----w- c:\program files\Restoration
2009-10-15 11:08 . 2009-10-15 11:08 -------- d-----w- c:\program files\CCleaner
2009-10-15 11:07 . 2009-10-15 11:07 2272 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-15 11:07 . 2009-10-15 11:07 -------- d-----w- c:\program files\MSBuild
2009-10-15 11:07 . 2009-10-15 11:07 -------- d-----w- c:\program files\Reference Assemblies
2009-10-15 11:04 . 2009-10-15 11:04 -------- d-----w- c:\program files\Microsoft Works
2009-10-15 11:00 . 2009-10-15 11:00 21736 ----a-w- c:\windows\system32\emptyregdb.dat
2009-10-15 10:59 . 2009-10-15 10:59 -------- d-----w- c:\program files\Microsoft Silverlight
2009-10-15 10:59 . 2009-10-15 10:59 -------- d-----w- c:\program files\Common Files\Nero
2009-10-15 10:59 . 2009-10-15 10:59 -------- d-----w- c:\program files\Nero
2009-10-15 10:59 . 2009-10-15 10:59 -------- d-----w- c:\program files\Araçlar
2009-10-15 10:58 . 2009-10-15 10:58 -------- d-----w- c:\program files\Paint.NET
2009-10-15 10:58 . 2009-10-15 10:57 -------- d-----w- c:\program files\Reader
2009-10-15 10:57 . 2009-10-15 10:57 -------- d-----w- c:\program files\Windows Media Connect 2
2009-07-25 02:23 . 2009-10-15 11:49 411368 ----a-w- c:\windows\system32\deploytk.dll
.
------- Sigcheck -------
[7] 2008-04-14 . 4A06B20542848FF905E6490159C9B07A . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
[-] 2008-04-14 . 2B4A3B1490A8ED0778A5129BED6F8A57 . 691200 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2001-11-22 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2008-05-21 . 030DC4D48CC2B894FEE2F390D8E66AD5 . 361344 . . [5.1.2600.5512] . . c:\windows\system32\drivers\tcpip.sys
[-] 2008-04-14 . D62561EA168804A1A3D1FBBC19F9360F . 583680 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[-] 2008-03-01 . F1476C665DEA8150DA77F50935C4D6EC . 871936 . . [7.00.6000.20772] . . c:\windows\system32\wininet.dll
[-] 2007-07-30 . 5BCAD5C7BB5C7604CD30FFA2CCBFEF9B . 76120 . . [7.0.6000.381] . . c:\windows\system32\wuauclt.exe
[-] 2008-04-14 . 9307842157D3F44A421F407FA9EA446F . 1508352 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 3FC7CC8501E0DEE1563D31A72D77D967 . 17408 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
c:\windows\system32\wscntfy.exe ... is missing !!
.
((((((((((((((((((((((((((((( SnapShot@2009-10-19_15.54.50 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-10-15 13:50 . 2009-10-19 16:28 179448 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VistaDrive"="c:\windows\VistaDrive\VistaDrive.exe" [2006-10-05 280779]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-04-23 1438976]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\SOUNDMAN.EXE [2004-06-18 67584]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 17408]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" - c:\windows\system32\advpack.dll [2008-03-01 124928]
c:\documents and settings\Administrator\Start Menu\Programlar\BaŸlang‡\
Scheduler.lnk - c:\program files\3B Software\Common\Scheduler\wcomschd.exe [2009-10-19 464240]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSMConfigurePrograms"= 1 (0x1)
"NoSMMyPictures"= 1 (0x1)
[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programlar^Başlangıç^Registry Repair Pro.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programlar\Başlangıç\Registry Repair Pro.lnk
backup=c:\windows\pss\Registry Repair Pro.lnkStartup
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\NVIDIA\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"d:\\x-Fire\\Xfire\\xfire.exe"=
"e:\\Call of Duty 2\\CoD2MP_s.exe"=
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [23.04.2008 15:00 33800]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [01.05.2008 01:09 472320]
.
.
------- Supplementary Scan -------
.
IE: &FlashGet ile indir - c:\program files\FlashGet\jc_link.htm
IE: &Tümünü FlashGet ile indir - c:\program files\FlashGet\jc_all.htm
IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {425E52E0-BBB5-428C-ACD2-46F0FE0E1648} = 4.2.2.2,4.2.2.4
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\3kiq0p9u.default\
FF - prefs.js: browser.startup.homepage - www.google.com
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-19 22:24
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(704)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\cscui.dll
c:\windows\system32\COMRes.dll
- - - - - - - > 'explorer.exe'(2852)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\msi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\wpdshserviceobj.dll
c:\windows\system32\portabledevicetypes.dll
c:\windows\system32\portabledeviceapi.dll
c:\windows\system32\credui.dll
.
Completion time: 2009-10-19 22:25
ComboFix-quarantined-files.txt 2009-10-19 19:25
ComboFix2.txt 2009-10-19 15:55
Pre-Run: 17.825.251.328 bayt boş
Post-Run: 17.798.746.112 bayt boş
- - End Of File - - DAE51313D4BACA15CFD4A0A974D26E8F
-
@serji merhaba,
işyerinde kullandığım PC de iki haftadır,görev çubuğunda donma,word ve excel in 5-7 dakika sonra açılması veya hiç açılmaması gibi sorunlar ortaya çıktı.
pc de klasör veya excel açınca kilitlenmeye başladı.Avira premium devamlı kurulu pc de.Malwarebytes' Anti-Malware ile taratınca 3 öge buldu ve bunları sildi ama sorun devam ediyor.
logfile ekledim,teşekkürler.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:50:55, on 20.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlservr.exe
C:\WINDOWS\system32\S3LoadSv.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
C:\PROGRA~1\MICROS~2\MSSQL\binn\sqlagent.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Documents and Settings\PC\Desktop\hij\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O1 - Hosts: 208.65.153.251 uk.youtube.com
O1 - Hosts: 208.65.153.253 de.youtube.com
O1 - Hosts: 208.117.236.70 youtube.com
O1 - Hosts: 208.117.236.70www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
O1 - Hosts: 64.15.125.35 sjc-v96.sjc.youtube.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [Veri Gönderim Uygulaması] D:\Mavi Ay\Sabis\Araci.Exe
O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252993891015
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252993877953
O17 - HKLM\System\CS2\Services\Tcpip\..\{25EC4968-1D4F-4571-BB79-5FA9A6D4EABA}: NameServer = 208.67.222.222,208.67.220.220
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe (file missing)
O23 - Service: S3LoadSv - S3 Graphics Co., Inc. - C:\WINDOWS\system32\S3LoadSv.exe
O23 - Service: TeamViewer 4 (TeamViewer4) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
--
End of file - 11286 bytes
< Bu mesaj bu kişi tarafından değiştirildi tyll -- 20 Ekim 2009; 12:52:09 >
-
quote:
Orijinalden alıntı: MrPesimist
Buyrun;
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
quote:
Orijinalden alıntı: tyll
@serji merhaba,
işyerinde kullandığım PC de iki haftadır,görev çubuğunda donma,word ve excel in 5-7 dakika sonra açılması veya hiç açılmaması gibi sorunlar ortaya çıktı.
pc de klasör veya excel açınca kilitlenmeye başladı.Avira premium devamlı kurulu pc de.Malwarebytes' Anti-Malware ile taratınca 3 öge buldu ve bunları sildi ama sorun devam ediyor.
logfile ekledim,teşekkürler.
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Program Files\Windows Live\Messenger\wlchtc.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: Windows Live Toolbar Beta - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Windows Live Toolbar Beta - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
Merhaba kardeşim kolay gelsin.
Benim sorunum bir sitede bulunan üyelere mesaj gönderme butonuna tıkladığımda" internet explorere bu internet sitesini açamıyor" uyarısı geliyor ve orda kalıyor. Fakat bir baska üyenin mesaj butonu çalışıyor baskasinda bu durum oluyor.
Bir de nette gezinirken bazen kısa aralıklı winamp takılıyor bozuk çalıyor.
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 01:48:58, on 21.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\ibmpmsvc.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\S24EvMon.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
D:\Program Files\Alwil Software\Avast4\ashServ.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\Program Files\Comodo\Firewall\cmdagent.exe
D:\WINDOWS\system32\RegSrvc.exe
D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
D:\WINDOWS\System32\TPHDEXLG.EXE
D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
D:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
D:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
D:\WINDOWS\system32\TpShocks.exe
D:\Program Files\Comodo\Firewall\CPF.exe
D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\QuickTime\qttask.exe
D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
D:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Digital Line Detect\DLG.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Program Files\Internet Explorer\IEXPLORE.EXE
D:\Documents and Settings\cano\Desktop\HiJackThis_v2.exe
O4 - HKLM\..\Run: [SoundMAXPnP] D:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] D:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [ATIPTA] D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPHOTKEY] D:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [COMODO Firewall Pro] "D:\Program Files\Comodo\Firewall\CPF.exe" /background
O4 - HKLM\..\Run: [avast!] D:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [OrderReminder] D:\Program Files\Hewlett-Packard\OrderReminder\OrderReminder.exe
O4 - HKLM\..\Run: [NeroFilterCheck] D:\WINDOWS\system32\NeroCheck.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Send To &Bluetooth - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O20 - Winlogon Notify: xxywXNde - xxywXNde.dll (file missing)
O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - D:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - D:\WINDOWS\system32\browseui.dll
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - D:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - D:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - D:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Comodo Application Agent (CmdAgent) - COMODO - D:\Program Files\Comodo\Firewall\cmdagent.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Unknown owner - D:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: RegSrvc - Intel Corporation - D:\WINDOWS\system32\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - D:\WINDOWS\system32\S24EvMon.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - D:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - D:\WINDOWS\System32\TPHDEXLG.EXE
--
End of file - 5317 bytes
-
@serji
combofix.txt ekledim teşekkürler.
ComboFix 09-10-20.03 - PC 21.10.2009 8:33.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.1918.1470 [GMT 3:00]
Running from: c:\documents and settings\PC\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\Installer\47fbac.msi
c:\windows\Installer\47fbad.msp
c:\windows\Installer\47fbae.msp
c:\windows\Installer\47fbaf.msp
c:\windows\Installer\47fbb0.msp
c:\windows\Installer\47fbb1.msp
c:\windows\Installer\47fbb2.msp
c:\windows\Installer\47fbb3.msp
c:\windows\Installer\47fbb4.msp
c:\windows\Installer\47fbb5.msp
c:\windows\Installer\47fbb6.msp
c:\windows\Installer\aa9d.msi
c:\windows\system32\ieuinit.inf
c:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_R_SERVER
-------\Service_r_server
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-20 11:42 . 2009-10-20 11:42 1024 ----a-w- c:\windows\system32\pdfeditor.dat
2009-10-20 11:40 . 2009-10-20 11:42 -------- d-----w- c:\program files\VeryPDF PDF Editor v2.5
2009-10-19 10:06 . 2009-10-19 10:06 -------- d-----w- c:\program files\Hewlett-Packard
2009-10-19 09:03 . 2009-10-19 09:03 -------- d-----w- c:\documents and settings\PC\Application Data\Malwarebytes
2009-10-19 09:03 . 2009-09-10 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-19 09:03 . 2009-10-19 09:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-19 09:03 . 2009-10-19 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-19 09:03 . 2009-09-10 11:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-19 05:26 . 2009-10-19 05:26 -------- d-----w- c:\documents and settings\NetworkService\Application Data\TeamViewer
2009-10-16 12:36 . 2009-10-16 12:36 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\TeamViewer
2009-10-16 12:36 . 2009-10-16 12:36 -------- d-----w- c:\program files\TeamViewer
2009-10-16 12:12 . 2009-10-16 12:12 -------- d-----w- c:\documents and settings\PC\Application Data\Avira
2009-10-16 11:47 . 2006-10-27 13:26 69632 ----a-w- c:\windows\system32\vuins32.dll
2009-10-16 11:47 . 2009-06-16 15:28 46592 ----a-w- c:\windows\system32\drivers\fetnd5bv.sys
2009-10-16 06:44 . 2009-10-16 06:45 -------- d-----w- c:\windows\SHELLNEW
2009-10-16 06:43 . 2009-10-16 06:43 -------- d-----r- C:\MSOCache
2009-10-16 05:35 . 2009-08-03 12:07 403816 ----a-w- c:\windows\system32\OGACheckControl.DLL
2009-10-09 05:29 . 2009-10-09 05:29 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{3E9A4E8F-1B02-42F8-BBFE-5BBCAA031860}
2009-10-01 06:50 . 2009-10-01 06:50 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\LogMeIn
2009-10-01 06:50 . 2009-10-01 06:50 -------- d-----w- c:\documents and settings\All Users\Application Data\LogMeIn
2009-10-01 06:50 . 2009-09-28 16:34 28984 ----a-w- c:\windows\system32\LMIport.dll
2009-10-01 06:31 . 2009-10-01 06:49 -------- d-----w- c:\documents and settings\PC\Local Settings\Application Data\Deployment
2009-09-29 12:26 . 2009-09-28 16:34 83288 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2009-09-29 12:26 . 2008-08-11 09:41 47640 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-09-29 12:26 . 2009-09-28 16:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
2009-09-29 12:26 . 2009-10-21 05:21 -------- d-----w- c:\program files\LogMeIn
2009-09-28 11:18 . 2009-10-07 15:13 -------- d-----w- C:\Neuroogle_AHBYS
2009-09-28 09:26 . 2009-10-06 11:08 -------- d-----w- c:\documents and settings\PC\Application Data\TeamViewer
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 16:57 . 2009-02-09 08:47 -------- d-----w- c:\documents and settings\PC\Application Data\DMCache
2009-10-20 11:03 . 2009-08-19 13:15 75776 ----a-w- c:\windows\cadkasdeinst01e.exe
2009-10-19 11:25 . 2002-02-23 18:51 23704 ----a-w- c:\documents and settings\PC\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 10:03 . 2009-06-04 12:59 -------- d--h--w- c:\program files\Avago-HP
2009-10-16 06:50 . 2008-12-26 07:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-16 06:42 . 2009-05-28 11:00 -------- d-----w- c:\program files\Microsoft.NET
2009-10-09 05:29 . 2009-09-07 11:04 27612 ----a-w- c:\windows\syscall.dat
2009-10-09 05:29 . 2009-09-07 11:04 -------- d-----w- c:\program files\AntiLogger
2009-09-28 11:28 . 2006-03-02 12:00 492778 ----a-w- c:\windows\system32\perfh01F.dat
2009-09-28 11:28 . 2006-03-02 12:00 106612 ----a-w- c:\windows\system32\perfc01F.dat
2009-09-28 11:25 . 2007-09-26 08:18 -------- d-----w- c:\program files\Microsoft SQL Server
2009-09-16 13:06 . 2009-09-16 13:06 -------- d-----w- c:\program files\A4Tech
2009-09-16 05:25 . 2009-09-16 05:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-09-16 05:25 . 2009-09-16 05:25 -------- d-----w- c:\program files\MSBuild
2009-09-16 05:25 . 2009-09-16 05:25 -------- d-----w- c:\program files\Reference Assemblies
2009-09-16 05:24 . 2009-09-16 05:24 -------- d-----w- c:\documents and settings\PC\Application Data\Office Genuine Advantage
2009-09-15 06:17 . 2002-02-23 18:55 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-09-14 10:10 . 2008-04-15 06:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-09-09 05:47 . 2009-09-09 05:47 -------- d-----w- c:\program files\Avira
2009-09-09 05:47 . 2009-03-24 08:53 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-09-08 13:08 . 2009-06-25 10:34 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-05 09:06 . 2006-03-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-03 12:07 . 2009-08-03 12:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 12:07 . 2009-08-03 12:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2009-07-29 04:51 . 2006-03-02 12:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:51 . 2006-03-02 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 13:33 . 2009-03-24 08:53 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"WheelMouse"="c:\program files\A4Tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Veri Gönderim Uygulaması"="d:\mavi ay\Sabis\araci.exe" [2009-10-14 1069568]
"AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-10-08 2480496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2006-03-02 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 16:34 87352 ----a-w- c:\windows\system32\LMIinit.dll
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Golden Launcher 1.2.lnk]
path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\Golden Launcher 1.2.lnk
backup=c:\windows\pss\Golden Launcher 1.2.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programlar^Başlangıç^Service Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programlar\Başlangıç\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"SSDPSRV"=3 (0x3)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\HP1006MC.EXE"=
"c:\\Documents and Settings\\PC\\temp\\TeamViewer3\\TeamViewer.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4899:TCP"= 4899:TCP:r1
"4899:UDP"= 4899:UDP:r2
R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [23.02.2002 21:54 17920]
R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [08.10.2009 11:43 116080]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [09.09.2009 08:47 194817]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [09.09.2009 08:47 108289]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [17.10.2008 11:45 56344]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [29.09.2009 15:26 47640]
R2 S3LoadSv;S3LoadSv;c:\windows\system32\s3loadsv.exe [15.09.2009 09:13 69632]
R3 S3GIGP;S3GIGP;c:\windows\system32\drivers\S3gIGPm.sys [23.02.2002 21:55 561152]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [11.08.2008 12:41 12856]
S2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [30.09.2009 10:10 185640]
S3 Amps2prt;A4Tech PS/2 Port Mouse Driver;c:\windows\system32\drivers\Amps2prt.sys [16.09.2009 16:06 14336]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [04.09.2008 22:03 512536]
S4 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [09.09.2009 08:47 434945]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.tr/
uInternet Connection Wizard,ShellNext = iexplore
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e &Ver - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\PC\Application Data\Mozilla\Firefox\Profiles\iph2aj87.default\
FF - prefs.js: browser.startup.homepage -www.google.com.tr
FF - component: c:\documents and settings\PC\Application Data\IDM\idmmzcc3\components\idmmzcc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-HijackThis - c:\documents and settings\PC\Desktop\HijackThis.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-21 08:36
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):92,e4,41,61,a7,cd,52,13,e6,27,05,f9,cd,8e,5e,ed,92,b5,07,d0,15,
ac,7f,d0,f3,87,71,8d,0f,1d,a2,27,33,a8,8e,8b,f8,9c,39,e7,00,00,00,00,00,00,\
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{b7446fe5-6231-47f4-9b5c-2c290c66fa61}]
@Denied: (Full) (Everyone)
"Model"=dword:000000a7
"Therad"=dword:0000001e
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,98,07,ff,fc,5d,
df,1c,2f,3b,8a,0a,32,11,89,01,b5,34,0e,22,ce,48,2c,7f,36,16,8a,b2,cb,10,05,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(680)
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll
- - - - - - - > 'lsass.exe'(736)
c:\program files\Avira\AntiVir Desktop\avsda.dll
.
Completion time: 2009-10-21 8:38
ComboFix-quarantined-files.txt 2009-10-21 05:38
Pre-Run: 28.038.524.928 bayt boş
Post-Run: 28.004.855.808 bayt boş
- - End Of File - - 6E02D93A62F48AFE5BA910F7168AF03E
-
Dün gece yarısı bir siteden indirdiğim exe uzantılı "torrentleech generator" uygulaması indirdim. Avira uyarı vermeyince çalıştırdım. Çalıştırdığım dosya kayboldu. Avira ile tarattım bir şey bulamadı. Bilgisayarımı henüz yeniden başlatmış değilim. Acaba mı? diyorum. Kurt düştü içime. Format atıp temiz bir şekildetekrar kurmayı düşünüyorum Windows u???
*************************************************************
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:32:19, on 21.10.2009
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWow64\Macromed\Flash\FlashUtil10c.exe
C:\Users\Mhmt\Desktop\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 72.55.188.183 richarddawkins.net
O1 - Hosts: 72.55.188.183www.richarddawkins.net
O1 - Hosts: 74.125.79.100 sites.google.com
O1 - Hosts: 208.109.181.194 makat.org
O1 - Hosts: 208.109.181.194www.makat.org
O1 - Hosts: 208.117.236.69 youtube.com
O1 - Hosts: 208.117.236.69www.youtube.com
O1 - Hosts: 74.125.65.118 img.youtube.com
O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\ASTSRV.EXE
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NitroPDFDriverCreatorReadSpool (NitroDriverReadSpool) - Nitro PDF Software - C:\Program Files\Common Files\Nitro PDF\Professional\6.0\NitroPDFDriverServicex64.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12910 bytes
-
quote:
Orijinalden alıntı: serji
Simdi bir de bir antivirus programi ile tam tarama yaptirin. Sorun kalmaz.
ilgilendiğiniz için teşekkür ederim tarama yaptırdım birşey çıkmadı. ben yinede son kez bir hijackthis yaptım.
birde sorum olacak bundan sonra ne sıklıkla sizi rahatsız edeceğiz yoksawww.hijackthis.de den online taratıp bir sorun çıkarsa mı sizden yardım alalım?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:36:12, on 21.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
C:\Program Files\A4Tech\Mouse\Amoumain.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://tr.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O3 - Toolbar: ZoneAlarm Toolbar - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [USIUDF_Eject_Monitor] C:\Program Files\Common Files\Ulead Systems\DVD\USISrv.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WheelMouse] C:\Program Files\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [ISW] "C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /icon="hidden"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobil Sık Kullanılanı Oluştur... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DrmRemoval\YouTubeRipper.dll
O9 - Extra 'Tools' menuitem: Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\DrmRemoval\YouTubeRipper.dll
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1237894515531
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD496969-9A2F-40C6-AA46-D95F7BE2A71D}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: hpdj - Unknown owner - C:\DOCUME~1\@\LOCALS~1\Temp\hpdj.exe (file missing)
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: SMServer - SMServer - C:\WINDOWS\system32\snmvtsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--
End of file - 7532 bytes
< Bu mesaj bu kişi tarafından değiştirildi baba_muhtar -- 21 Ekim 2009; 17:47:51 >
-
quote:
Orijinalden alıntı: saymar
Merhaba kardeşim kolay gelsin.
Benim sorunum bir sitede bulunan üyelere mesaj gönderme butonuna tıkladığımda" internet explorere bu internet sitesini açamıyor" uyarısı geliyor ve orda kalıyor. Fakat bir baska üyenin mesaj butonu çalışıyor baskasinda bu durum oluyor.
Bir de nette gezinirken bazen kısa aralıklı winamp takılıyor bozuk çalıyor.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: tyll
@serji
combofix.txt ekledim teşekkürler.
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
quote:
Orijinalden alıntı: Katafalk101
Dün gece yarısı bir siteden indirdiğim exe uzantılı "**** generator" uygulaması indirdim. Avira uyarı vermeyince çalıştırdım. Çalıştırdığım dosya kayboldu. Avira ile tarattım bir şey bulamadı. Bilgisayarımı henüz yeniden başlatmış değilim. Acaba mı? diyorum. Kurt düştü içime. Format atıp temiz bir şekildetekrar kurmayı düşünüyorum Windows u???
Format atmak en kesin cozum, ama atmayacaksaniz:
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
quote:
Orijinalden alıntı: baba_muhtar
ilgilendiğiniz için teşekkür ederim tarama yaptırdım birşey çıkmadı. ben yinede son kez bir hijackthis yaptım.
birde sorum olacak bundan sonra ne sıklıkla sizi rahatsız edeceğiz yoksawww.hijackthis.de den online taratıp bir sorun çıkarsa mı sizden yardım alalım?
Baslat - calistir - services.msc yazip entera basın.
hpdj (varsa) çift tıklayın. Durdur'a tıklayın ve başlangıç türünü devre dışı olarak ayarlayın.
Siteden de taratabilirsiniz fakat site otomatik olarak incelediği için yeni virüsleri ve nadir olanlari tanimayabiliyor. Ben elimden geldigi kadar cok kisiye yardimci olmaya devam edecegim yine de. Ara sira orada taratabilirsiniz.
-
Buyrun Malwarebytes sonuçları;
Malwarebytes' Anti-Malware 1.41
Veritabanı sürümü: 2775
Windows 5.1.2600 Service Pack 3
21.10.2009 19:13:31
mbam-log-2009-10-21 (19-13-31).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|E:\|)
Taranan öğeler: 200893
Geçen süre: 49 minute(s), 8 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 0
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 2
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
D:\System Volume Information\_restore{1D4C737A-AAF4-4838-A0BB-45C77184D8DC}\RP4\A0000697.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
E:\System Volume Information\_restore{1D4C737A-AAF4-4838-A0BB-45C77184D8DC}\RP4\A0000700.dll (Malware.Packer) -> Quarantined and deleted successfully.
-
Bendede pc de kasmalar oyunlarda kasmalar fln oluyor
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:06:06, on 21.10.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Deniz\Application Data\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\WINDOWS\VMSnap3.EXE
C:\WINDOWS\Domino.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Documents and Settings\Deniz\Local Settings\Application Data\Google\Update\1.2.183.7\GoogleCrashHandler.exe
C:\Program Files\Electronic Arts\EADM\Core.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Deniz\Belgelerim\Downloads\Programs\HiJackThis.exe
C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=explorer.exe "C:\Documents and Settings\Deniz\Application Data\svchost.exe"
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DepositFiles.com BHO - {9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Deposit IE Toolbar - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Deniz\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [svchost] "C:\Documents and Settings\Deniz\Application Data\svchost.exe"
O4 - HKCU\..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DF Manager] C:\DepositFiles\Depositfiles Filemanager with FTP\dfmanager.exe -minimize
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: &Search -http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZZ
O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Cevir / Translate - C:\WINDOWS\system32\IETranslator.htm
O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
O9 - Extra button: Download all with DF Manager - {D5AD327A-A089-4F04-89FD-4EA9812B3913} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{067B764A-8916-4339-AF5F-1C91BC40AFD1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS1\Services\Tcpip\..\{067B764A-8916-4339-AF5F-1C91BC40AFD1}: NameServer = 208.67.222.222,208.67.220.220
O17 - HKLM\System\CS2\Services\Tcpip\..\{067B764A-8916-4339-AF5F-1C91BC40AFD1}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
--
End of file - 11510 bytes
-
@serji,
txt dosyası aşağıda.teşekkürler
Malwarebytes' Anti-Malware 1.41
Veritabanı sürümü: 3005
Windows 5.1.2600 Service Pack 2
21.10.2009 19:17:39
mbam-log-2009-10-21 (19-17-39).txt
Tarama biçimi: Gelişmiş Tarama (C:\|D:\|)
Taranan öğeler: 161178
Geçen süre: 28 minute(s), 59 second(s)
Etkilenmiş Hafıza İşlemleri: 0
Etkilenmiş Hafıza Modülleri: 0
Etkilenmiş Kayıt Anahtarları: 0
Etkilenmiş Kayıt Değerleri: 0
Etkilenmiş Kayıt Verisi Öğeleri: 3
Etkilenmiş Klasörler: 0
Etkilenmiş Dosyalar: 0
Etkilenmiş Hafıza İşlemleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Hafıza Modülleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Anahtarları:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Değerleri:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Kayıt Verisi Öğeleri:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Etkilenmiş Klasörler:
(Herhangi bir tehlikeli öğe bulunmadı)
Etkilenmiş Dosyalar:
(Herhangi bir tehlikeli öğe bulunmadı)
-
Bu arada donanımhaber.com sayfaları çok ağır açılıyor.
Combofix raporu.
ComboFix 09-10-17.01 - cano 21.10.2009 20:39.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.1535.1162 [GMT 2:00]
Running from: d:\documents and settings\cano\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1356 [VPS 091020-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall Pro *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\drivers
d:\windows\system32\ieuinit.inf
d:\windows\system32\jkkKcYQg.dll
d:\windows\system32\opnnmNff.dll
d:\windows\system32\rqRIxywW.dll
d:\windows\system32\scrrntr.dll
.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-18 17:00 . 2009-10-18 17:00 -------- d-----w- d:\documents and settings\All Users\Application Data\Messenger Plus!
2009-10-18 04:43 . 2009-10-18 04:43 -------- d-----w- d:\windows\system32\LogFiles
2009-10-18 03:34 . 2009-10-18 03:35 -------- d-----w- d:\documents and settings\cano\.jpi_cache
2009-10-18 03:23 . 2009-10-18 03:23 -------- d-----w- d:\program files\Common Files\Nero
2009-10-18 03:22 . 2000-06-26 09:45 106496 ----a-w- d:\windows\system32\TwnLib20.dll
2009-10-18 03:22 . 2004-07-26 15:16 471040 ------w- d:\windows\system32\ImagXRA7.dll
2009-10-18 03:22 . 2004-07-26 15:16 476320 ------w- d:\windows\system32\ImagXpr7.dll
2009-10-18 03:22 . 2004-07-26 15:16 262144 ------w- d:\windows\system32\ImagXR7.dll
2009-10-18 03:22 . 2004-07-26 15:16 1568768 ------w- d:\windows\system32\ImagX7.dll
2009-10-18 03:22 . 2001-07-09 09:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
2009-10-18 03:21 . 2009-10-20 22:42 -------- d-----w- d:\program files\Ahead
2009-10-18 03:16 . 2004-08-03 21:01 25856 -c--a-w- d:\windows\system32\dllcache\usbprint.sys
2009-10-18 03:16 . 2004-08-03 21:01 25856 ----a-w- d:\windows\system32\drivers\usbprint.sys
2009-10-18 03:14 . 2006-01-30 09:00 143360 ----a-r- d:\windows\apptune1020.exe
2009-10-18 03:14 . 2006-01-30 09:00 86016 ----a-r- d:\windows\system32\ZSPOOL.DLL
2009-10-18 03:14 . 2006-01-30 09:00 28672 ----a-r- d:\windows\system32\zlm.dll
2009-10-18 03:14 . 2006-01-30 09:00 28672 ----a-r- d:\windows\system32\IMF32.DLL
2009-10-18 03:14 . 2006-01-30 09:00 24576 ----a-r- d:\windows\system32\ZTAG32.DLL
2009-10-18 03:14 . 2006-01-30 09:00 102400 ----a-r- d:\windows\system32\ZLhp1020.dll
2009-10-18 03:14 . 2006-01-30 09:00 106496 ----a-r- d:\windows\system32\vshp1020.dll
2009-10-18 03:14 . 2009-10-18 03:15 -------- d-----w- d:\program files\Hewlett-Packard
2009-10-18 03:14 . 2006-01-30 09:00 442368 ----a-r- d:\windows\system32\zshp1020.exe
2009-10-18 03:14 . 2009-10-18 03:14 -------- d--h--w- d:\program files\Zenographics
2009-10-18 03:13 . 2000-01-04 20:20 86016 ----a-w- d:\windows\unvise32qt.exe
2009-10-18 03:12 . 2009-10-20 22:41 -------- d-----w- d:\program files\QuickTime
2009-10-18 03:12 . 2009-10-20 22:41 -------- d-----w- d:\windows\system32\QuickTime
2009-10-18 03:12 . 2009-10-18 03:12 -------- d-----w- d:\documents and settings\All Users\Application Data\QuickTime
2009-10-18 03:07 . 2009-10-20 22:41 -------- d-----w- d:\program files\Canon
2009-10-18 03:02 . 2009-10-18 03:02 -------- d-----w- d:\windows\ShellNew
2009-10-18 02:47 . 2009-10-18 02:47 -------- d--h--w- d:\windows\system32\GroupPolicy
2009-10-18 02:37 . 2009-10-18 02:37 -------- d-----w- d:\program files\MessengerPlus! 3
2009-10-18 02:33 . 2009-10-18 02:33 15240 ----a-w- d:\documents and settings\cano\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll
2009-10-18 02:30 . 2009-10-18 02:30 -------- d-----w- d:\program files\MSN Messenger
2009-10-18 02:22 . 2009-10-18 02:28 -------- d-----w- d:\program files\Total Video Converter
2009-10-18 02:20 . 2005-03-11 22:48 109568 ------w- d:\windows\system32\pxinsi64.exe
2009-10-18 02:20 . 2005-03-11 22:48 108544 ------w- d:\windows\system32\pxcpyi64.exe
2009-10-18 02:20 . 2005-03-11 22:28 151552 ------w- d:\windows\system32\pxwma.dll
2009-10-18 02:20 . 2005-03-11 22:28 20640 ------w- d:\windows\system32\drivers\PxHelp20.sys
2009-10-18 02:19 . 2009-10-18 02:30 -------- d-----w- d:\program files\Winamp
2009-10-18 02:18 . 2009-10-18 02:18 -------- d-----w- d:\program files\AVI MPEG RM WMV Joiner
2009-10-18 02:17 . 2009-10-18 02:17 -------- d-----w- d:\program files\AVI MPEG RM WMV Splitter
2009-10-18 02:16 . 2009-10-18 02:16 -------- d-----w- d:\program files\Witcobber
2009-10-18 02:15 . 2009-10-18 02:15 -------- d-----w- D:\MTU
2009-10-18 02:15 . 2009-10-18 02:15 876032 ----a-w- d:\windows\system32\VFP6RENU.DLL
2009-10-18 02:15 . 2009-10-18 02:15 24990 ----a-w- d:\windows\system32\VFP6RUN.EXE
2009-10-18 02:15 . 2009-10-18 02:15 3373328 ----a-w- d:\windows\system32\VFP6R.DLL
2009-10-18 02:07 . 2004-08-04 00:45 221184 ----a-w- d:\windows\system32\wmpns.dll
2009-10-18 01:46 . 2009-10-18 01:48 -------- d-----w- d:\program files\MemoriesOnTV
2009-10-18 01:36 . 2009-10-18 01:36 -------- d-----w- d:\documents and settings\cano\Bluetooth Software
2009-10-18 01:33 . 2009-10-18 01:33 -------- d-----w- d:\program files\WIDCOMM
2009-10-18 01:32 . 2009-01-07 18:14 60273 ----a-w- d:\windows\system32\pthreadGC2.dll
2009-10-18 01:31 . 2009-10-18 01:31 -------- d-----w- d:\documents and settings\cano\.javaws
2009-10-18 01:31 . 2009-10-18 01:31 -------- d-----w- d:\program files\Java Web Start
2009-10-18 01:31 . 2009-10-18 03:43 -------- d-----w- d:\program files\Java
2009-10-18 01:30 . 1997-01-30 18:08 21504 ----a-w- d:\windows\Ulead iPhoto Plus 4.SCR
2009-10-18 01:30 . 1995-07-31 12:44 212480 ----a-w- d:\windows\PCDLIB32.DLL
2009-10-18 01:30 . 2009-10-18 01:30 -------- d-----w- d:\program files\iPhoto Plus 4
2009-10-18 01:30 . 2009-10-18 01:30 -------- d-----w- d:\windows\ULEAD.DAT
2009-10-18 01:04 . 2009-09-15 10:54 23152 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2009-10-18 01:04 . 2009-09-15 10:54 52368 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2009-10-18 01:04 . 2009-09-15 10:53 27408 ----a-w- d:\windows\system32\drivers\aavmker4.sys
2009-10-18 01:04 . 2009-09-15 10:53 97480 ----a-w- d:\windows\system32\AvastSS.scr
2009-10-18 01:04 . 2009-09-15 10:56 93424 ----a-w- d:\windows\system32\drivers\aswmon.sys
2009-10-18 01:04 . 2009-09-15 10:56 94160 ----a-w- d:\windows\system32\drivers\aswmon2.sys
2009-10-18 01:04 . 2009-09-15 10:55 114768 ----a-w- d:\windows\system32\drivers\aswSP.sys
2009-10-18 01:04 . 2009-09-15 10:55 20560 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2009-10-18 01:04 . 2009-09-15 10:59 1279968 ----a-w- d:\windows\system32\aswBoot.exe
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-20 22:42 . 2009-10-20 22:42 -------- d-----w- d:\program files\Common Files\Ahead
2009-10-20 22:41 . 2009-10-17 22:40 -------- d-----w- d:\program files\Common Files\InstallShield
2009-10-20 22:41 . 2009-10-20 22:41 -------- d-----w- d:\documents and settings\cano\Application Data\Microsoft Web Folders
2009-10-20 22:21 . 2009-10-20 22:21 17928 ----a-w- d:\documents and settings\cano\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-19 23:17 . 2009-10-19 23:17 -------- d-----w- d:\program files\Google
2009-10-19 23:17 . 2009-10-17 22:41 -------- d--h--w- d:\program files\InstallShield Installation Information
2009-10-18 03:00 . 2009-10-17 22:30 -------- d-----w- d:\program files\microsoft frontpage
2009-10-18 01:32 . 2009-10-17 23:11 -------- d-----w- d:\program files\K-Lite Codec Pack
2009-10-18 00:51 . 2009-10-17 23:00 -------- d-----w- d:\program files\Common Files\Adobe
2009-10-18 00:46 . 2009-10-18 00:46 -------- d-----w- d:\documents and settings\All Users\Application Data\Adobe Systems
2009-10-18 00:45 . 2009-10-18 00:45 -------- d-----w- d:\program files\Common Files\Adobe Systems Shared
2009-10-18 00:35 . 2009-10-18 00:35 -------- d-----w- d:\program files\Imagenomic
2009-10-17 23:24 . 2009-10-17 23:03 51328 ----a-w- d:\windows\system32\drivers\inspect.sys
2009-10-17 23:24 . 2009-10-17 23:03 75520 ----a-w- d:\windows\system32\drivers\cmdmon.sys
2009-10-17 23:13 . 2009-10-17 23:13 -------- d-----w- d:\program files\Prolific Publishing, Inc
2009-10-17 23:12 . 2009-10-17 23:12 -------- d-----w- d:\program files\Namaz Hocası
2009-10-17 23:12 . 2009-10-17 23:12 -------- d-----w- d:\documents and settings\cano\Application Data\Media Player Classic
2009-10-17 23:08 . 2009-10-17 23:08 -------- d-----w- d:\documents and settings\cano\Application Data\Comodo
2009-10-17 23:08 . 2009-10-17 23:08 -------- d-----w- d:\documents and settings\All Users\Application Data\Comodo
2009-10-17 23:04 . 2009-10-17 23:04 -------- d-----w- d:\program files\Alwil Software
2009-10-17 23:03 . 2009-10-17 23:03 -------- d-----w- d:\program files\Comodo
2009-10-17 22:57 . 2009-10-17 22:57 -------- d-----w- d:\program files\ACDSee32
2009-10-17 22:49 . 2009-10-17 22:49 -------- d-----w- d:\program files\Intel
2009-10-17 22:48 . 2009-10-17 22:45 -------- d-----w- d:\program files\Lenovo
2009-10-17 22:48 . 2009-10-17 22:48 21275 ----a-w- d:\windows\system32\drivers\AegisP.sys
2009-10-17 22:48 . 2001-11-22 11:00 46164 ----a-w- d:\windows\system32\perfc01F.dat
2009-10-17 22:48 . 2001-11-22 11:00 300874 ----a-w- d:\windows\system32\perfh01F.dat
2009-10-17 22:48 . 2009-10-17 22:48 -------- d-----w- d:\program files\Digital Line Detect
2009-10-17 22:47 . 2009-10-17 22:47 -------- d-----w- d:\program files\NetWaiting
2009-10-17 22:47 . 2009-10-17 22:47 -------- d-----w- d:\program files\CONEXANT
2009-10-17 22:46 . 2009-10-17 22:46 0 ---ha-r- d:\windows\system32\drivers\IBM_2373_6YG_TP.MRK
2009-10-17 22:46 . 2009-10-17 22:46 -------- d-----w- d:\program files\ThinkPad
2009-10-17 22:43 . 2009-10-17 22:43 -------- d-----w- d:\program files\ATI Technologies
2009-10-17 22:41 . 2009-10-17 22:41 -------- d-----w- d:\program files\Analog Devices
2009-10-17 22:27 . 2009-10-17 22:27 21736 ----a-w- d:\windows\system32\emptyregdb.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="d:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]
"ATIPTA"="d:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-05-25 344064]
"TPHOTKEY"="d:\progra~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-05-10 94208]
"COMODO Firewall Pro"="d:\program files\Comodo\Firewall\CPF.exe" [2009-10-17 1115728]
"avast!"="d:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
"MessengerPlus3"="d:\program files\MessengerPlus! 3\MsgPlus.exe" [2009-10-18 190024]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2009-10-18 98304]
"OrderReminder"="d:\program files\Hewlett-Packard\OrderReminder\OrderReminder.exe" [2006-01-30 98304]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TpShocks"="TpShocks.exe" - d:\windows\system32\TpShocks.exe [2005-11-07 106496]
d:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - d:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
BTTray.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2003-7-29 499773]
Digital Line Detect.lnk - d:\program files\Digital Line Detect\DLG.exe [2009-10-18 24576]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-05 20:45 28672 ----a-w- d:\windows\system32\notifyf2.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 17:16 24576 ----a-w- d:\windows\system32\tphklock.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
R1 aswSP;avast! Self Protection;d:\windows\system32\drivers\aswSP.sys [18.10.2009 03:04 114768]
R2 aswFsBlk;aswFsBlk;d:\windows\system32\drivers\aswFsBlk.sys [18.10.2009 03:04 20560]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mynet.com/
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Send To &Bluetooth - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
TCP: {14485310-CBF2-4810-AD61-97C1D00B794A} = 4.2.2.1,4.2.2.2
.
- - - - ORPHANS REMOVED - - - -
Notify-xxywXNde - xxywXNde.dll
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
Rootkit scan 2009-10-21 20:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(740)
d:\windows\system32\Ati2evxx.dll
d:\windows\system32\tphklock.dll
- - - - - - - > 'explorer.exe'(2200)
d:\program files\MessengerPlus! 3\MsgPlusLoader.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\ibmpmsvc.exe
d:\windows\system32\ati2evxx.exe
d:\windows\system32\S24EvMon.exe
d:\windows\system32\ati2evxx.exe
d:\program files\Alwil Software\Avast4\aswUpdSv.exe
d:\program files\Alwil Software\Avast4\ashServ.exe
d:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\program files\Comodo\Firewall\cmdagent.exe
d:\windows\system32\RegSrvc.exe
d:\program files\Analog Devices\SoundMAX\SMAgent.exe
d:\windows\system32\TPHDEXLG.exe
d:\program files\Alwil Software\Avast4\ashMaiSv.exe
d:\program files\Alwil Software\Avast4\ashWebSv.exe
d:\windows\system32\wscntfy.exe
d:\combofix\CF21429.exe
d:\program files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
.
**************************************************************************
.
Completion time: 2009-10-21 20:45 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-21 18:45
Pre-Run: 23.965.806.592 bayt boş
Post-Run: 24.048.926.720 bayt boş
214
-
quote:
Orijinalden alıntı: MrPesimist
Buyrun Malwarebytes sonuçları;
Tamamdir bir sorun gozukmuyor su anda.
quote:
Orijinalden alıntı: jokerbow
Bendede pc de kasmalar oyunlarda kasmalar fln oluyor
* HijackThis adlı programı açın.
* Do a system scan only seçeneğine tıklayın.
* Aşağıdaki satırları işaretleyin.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://search.live.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.daemon-search.com/startpage
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =http://search.live.com/sphome.aspx
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://toolbar.ask.com/toolbarv/askRedirect?o=101668&gct=&gc=1&q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\bar\2.bin\MWSSRCAS.DLL
F2 - REG:system.ini: Shell=explorer.exe "C:\Documents and Settings\Deniz\Application Data\svchost.exe"
O2 - BHO: (no name) - {00A6FAF1-072E-44cf-8957-5838F569A31D} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DepositFiles.com BHO - {9DFE2FE9-CF99-4ADF-A28E-9B5ADB8DC74F} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\****\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_P.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\2.bin\MWSBAR.DLL
O3 - Toolbar: Deposit IE Toolbar - {6AA40521-14E7-4B1D-B1B4-98528C1388C9} - C:\DEPOSI~1\DEPOSI~1\DEPOSI~1.DLL
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [My Web Search Bar] rundll32 C:\PROGRA~1\MYWEBS~1\bar\2.bin\MWSBAR.DLL,S
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE
O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
O4 - HKCU\..\Run: [svchost] "C:\Documents and Settings\Deniz\Application Data\svchost.exe"
O4 - HKCU\..\Run: [DF Manager] C:\DepositFiles\Depositfiles Filemanager with FTP\dfmanager.exe -minimize
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
* CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
ComboFix adlı programı masaüstünüze indirin.
http://www.buraksonmez.com/dosyalar/ComboFix.exe
1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
-
quote:
Orijinalden alıntı: tyll
@serji,
txt dosyası aşağıda.teşekkürler
Tamamdir su anda bir sorun gozukmuyor.
quote:
Orijinalden alıntı: saymar
Bu arada donanımhaber.com sayfaları çok ağır açılıyor.
Combofix raporu.
Malwarebytes Antimalware adlı programı indirin.
http://www.buraksonmez.com/dosyalar/mbam-setup.exe
* Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
* Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
* Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
* Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
* Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
* Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
* Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
* Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
* Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
-
Teşekkürler. 
-
serji hocam pc berbat durumda kis ile taramaya yaptığımda veya biraz fazla uygulama açtığımda tak kitleniyor.veya pc açılınca direk kitleniyor buda log:
quote:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:20:13, on 22.10.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\VM_STI.EXE
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Documents and Settings\Administrator\Belgelerim\İndirilenler\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Apache USB PC Camera
O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252614255375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1252614238484
O17 - HKLM\System\CCS\Services\Tcpip\..\{795225C6-3E09-4565-BEA6-72D42631A926}: NameServer = 208.67.222.222,208.67.220.220
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
--
End of file - 6796 bytes
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
