Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (443. sayfa)

Bu Konudaki Kullanıcılar:
4 Misafir - 4 Masaüstü
5 sn
9.878
Cevap
17
Favori
1.234.273
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
0 oy
Öne Çıkar
Sayfa: önceki 441442443444445
Sayfaya Git
Git
sonraki
Giriş
Mesaj
  • quote:

    Orijinalden alıntı: satore

    Malwarebytes Antimalware adlı programı indirdim ve tarattım ve onunda raporu ilk yazdığımda görev yöneticisi açılmıo diye yazmıştım şimdi açılıyor ama şimdide bilgisayarım kendi kendine kapanmaya başladı durup dururken resetliyo kendini ve hala hiç bir antivirüsü yükleyemiyorum kur dediğim anda kapatıyor
    (aradan bir gün geçti ve mesaja eklenti yapmak zorunda kaldım kayıt defteri tekrar kilitledi ve yeni çıkan sorunlarda devam ediyor)

    ComboFix'i tekrar indirip bir log gonderir misin?
  • quote:

    Orijinalden alıntı: mkrts

    Slm, Yardımcı olursanız sevinirim

    Ben kullanıcı bazımda profosyone zannediyordum kendimi fakat 1 hafta önce bi virüs girdi
    klasik kayıt defterini kapatıyor Görev yöneticisini kapatıyor. Kaspersky ile taratmama izin vermiyor Kendiliğinden kapanıyor işin aslı hayran kaldım bu virüse


    Yaparım dedim daha önce başka PC lerde yaptım. Kendi PC m de yapamadım. Kimsye yapamadığımı çaktırmadan format atayım dedim.

    Sistem de C ve D olarak iki ayrı sürücü var. Formattan sonra driverları kurdum bi baktım aynı virüs yani D sürücüsünden bulaşmış. D de arşivim var silemem.

    Hi Jack ile yapabilir miyiz ?

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: (no name) - AutorunsDisabled - (no file)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: (no name) - AutorunsDisabled - (no file)
    O20 - Winlogon Notify: AutorunsDisabled - C:\WINDOWS\


    ComboFix adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
  • ComboFix 09-10-27.08 - savaş 29.10.2009 0:30.3.2 - NTFSx86
    Microsoft Windows XP Home Edition 5.1.2600.3.1254.90.1055.18.446.217 [GMT 2:00]
    Running from: c:\documents and settings\savaş\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning enabled* (Outdated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-28 )))))))))))))))))))))))))))))))
    .

    2009-10-28 08:54 . 2009-10-28 08:54 -------- d-----w- c:\windows\system32\wbem\Repository
    2009-10-28 08:53 . 2009-10-28 08:53 -------- d-----w- c:\program files\LimeWire
    2009-10-26 20:52 . 2009-09-10 12:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-10-26 20:52 . 2009-10-26 20:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-10-26 20:52 . 2009-10-26 20:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2009-10-26 20:52 . 2009-09-10 12:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-10-23 06:53 . 2009-10-23 06:53 -------- d-----w- c:\program files\Trend Micro
    2009-10-18 06:05 . 2009-10-22 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8ls
    2009-10-12 19:01 . 2009-06-25 08:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
    2009-10-12 19:01 . 2009-09-11 14:18 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
    2009-10-12 19:01 . 2009-06-25 08:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
    2009-10-12 19:01 . 2009-06-24 11:18 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
    2009-10-08 14:06 . 2008-05-30 11:11 3850760 ----a-w- c:\windows\system32\D3DX9_38.dll
    2009-10-08 14:06 . 2009-10-08 14:06 -------- d-----w- c:\windows\Logs
    2009-10-08 11:21 . 2006-09-14 14:45 -------- d-----w- c:\program files\Ruya Tabirleri v.1.1
    2009-10-08 09:15 . 2009-10-08 10:03 286720 ------w- c:\windows\Setup1.exe
    2009-10-08 09:15 . 2009-10-08 10:03 73216 ----a-w- c:\windows\ST6UNST.EXE
    2009-10-08 09:05 . 2009-10-08 09:05 -------- d-----w- c:\program files\Shenturk
    2009-10-08 08:17 . 2009-10-19 12:56 -------- d-----w- c:\program files\GCH Guitar academy
    2009-10-08 08:04 . 2009-10-08 08:04 -------- d-----w- c:\program files\Webteh
    2009-10-06 13:27 . 2009-10-08 08:04 -------- d-----w- c:\program files\BS_Player
    2009-10-06 13:27 . 2009-10-06 13:27 -------- d-----w- c:\program files\Webteh(2)
    2009-10-06 12:49 . 2009-10-08 08:04 -------- d-----w- c:\program files\GCH Guitar academy(2)
    2009-10-06 10:00 . 2009-10-06 10:01 -------- d-----w- c:\program files\Guitar Pro 5
    2009-10-05 12:15 . 2009-10-05 12:15 -------- d-----w- c:\program files\Audio Phonics, Inc
    2009-10-05 12:14 . 1998-02-06 19:37 299520 ----a-w- c:\windows\uninst.exe
    2009-10-05 09:41 . 2009-10-05 09:44 -------- d-----w- c:\program files\AP Tuner
    2009-10-03 09:00 . 2009-10-03 09:00 2560 ----a-w- c:\windows\_MSRSTRT.EXE
    2009-10-03 08:48 . 2009-10-03 08:48 -------- d-----w- c:\program files\TryMedia
    2009-10-03 08:30 . 2000-07-08 12:06 87040 ----a-w- c:\windows\UnGins.exe

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-28 08:54 . 2009-02-17 21:02 -------- d-----w- c:\program files\Windows Live
    2009-10-28 08:53 . 2009-09-14 14:17 -------- d-----w- c:\program files\Microsoft Silverlight
    2009-10-28 08:52 . 2009-09-14 15:53 -------- d-----w- c:\program files\Windows Live Safety Center
    2009-10-25 18:06 . 2009-06-09 19:16 41 ----a-w- c:\windows\popcinfo.dat
    2009-10-25 12:00 . 2006-03-02 12:00 84628 ----a-w- c:\windows\system32\perfc01F.dat
    2009-10-25 12:00 . 2006-03-02 12:00 435992 ----a-w- c:\windows\system32\perfh01F.dat
    2009-10-22 21:22 . 2009-02-17 19:42 -------- d-----w- c:\program files\Google
    2009-10-22 06:50 . 2009-03-09 08:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2009-10-18 04:59 . 2009-02-17 19:56 -------- d-----w- c:\program files\Java
    2009-10-08 16:00 . 2009-02-17 17:05 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-02 18:18 . 2009-07-30 15:27 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-09-25 16:32 . 2009-09-25 16:32 8 ----a-w- c:\documents and settings\All Users\Application Data\VGANGMJYMWPP.SYS
    2009-09-25 16:30 . 2009-09-25 16:30 8 ----a-w- c:\documents and settings\All Users\Application Data\TYRCPHJYWWPP.SYS
    2009-09-20 05:42 . 2009-09-16 17:19 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
    2009-09-20 05:22 . 2009-09-20 05:20 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
    2009-09-16 16:22 . 2009-09-16 16:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
    2009-09-16 16:22 . 2009-09-16 16:22 -------- d-----w- c:\program files\Common Files\Adobe
    2009-09-16 16:22 . 2009-07-04 18:38 -------- d-----w- c:\program files\mIRCTR Script v6.35
    2009-09-16 16:22 . 2009-09-16 07:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Google(2)
    2009-09-16 16:22 . 2009-09-16 07:37 -------- d-----w- c:\program files\Search Guard PlusU
    2009-09-16 16:22 . 2009-09-16 07:37 -------- d-----w- c:\program files\Search Guard Plus
    2009-09-16 12:53 . 2009-09-16 07:37 8192 ----a-w- C:\mtwb.dat
    2009-09-11 14:18 . 2009-09-11 14:18 136192 ----a-w- c:\windows\system32\SETA4.tmp
    2009-09-11 14:18 . 2006-03-02 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
    2009-09-04 21:04 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\msasn1.dll
    2009-08-29 07:27 . 2006-03-02 12:00 832512 ------w- c:\windows\system32\wininet.dll
    2009-08-29 07:27 . 2006-03-02 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-08-29 07:27 . 2006-03-02 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
    2009-08-26 08:01 . 2006-03-02 12:00 247326 ----a-w- c:\windows\system32\strmdll.dll
    2009-08-06 16:24 . 2009-02-17 16:54 327896 ----a-w- c:\windows\system32\wucltui.dll
    2009-08-06 16:24 . 2009-02-17 16:54 209632 ----a-w- c:\windows\system32\wuweb.dll
    2009-08-06 16:24 . 2009-02-17 16:54 35552 ----a-w- c:\windows\system32\wups.dll
    2009-08-06 16:24 . 2009-02-17 16:54 35552 ----a-w- c:\windows\system32\wups(2)(2).dll
    2009-08-06 16:24 . 2008-10-16 12:09 44768 ----a-w- c:\windows\system32\wups2.dll
    2009-08-06 16:24 . 2009-02-17 16:54 53472 ------w- c:\windows\system32\wuauclt.exe
    2009-08-06 16:24 . 2006-03-02 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
    2009-08-06 16:23 . 2009-02-17 16:54 575704 ----a-w- c:\windows\system32\wuapi.dll
    2009-08-06 16:23 . 2009-02-18 12:35 274288 ----a-w- c:\windows\system32\mucltui.dll
    2009-08-06 16:23 . 2009-02-18 12:35 215920 ----a-w- c:\windows\system32\muweb.dll
    2009-08-06 16:23 . 2009-02-17 16:54 1929952 ----a-w- c:\windows\system32\wuaueng.dll
    2009-08-05 09:00 . 2006-03-02 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
    2009-08-04 17:27 . 2006-03-02 12:00 2147328 ------w- c:\windows\system32\ntoskrnl.exe
    2009-08-04 17:27 . 2004-08-04 00:40 2025984 ------w- c:\windows\system32\ntkrnlpa.exe
    2009-08-04 16:52 . 2009-08-04 16:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
    .

    ((((((((((((((((((((((((((((( SnapShot@2009-10-23_16.41.52 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2009-02-17 20:11 . 2009-05-26 11:43 17272 c:\windows\system32\spmsg.dll
    + 2009-02-17 20:11 . 2008-07-08 13:22 17272 c:\windows\system32\spmsg.dll
    + 2009-07-26 14:44 . 2009-07-26 14:44 48448 c:\windows\system32\sirenacm.dll
    + 2006-03-02 12:00 . 2009-10-25 12:00 74120 c:\windows\system32\perfc009.dat
    + 2007-08-13 16:39 . 2009-06-29 11:07 13824 c:\windows\system32\ieudinit.exe
    - 2009-07-29 07:01 . 2008-07-08 13:22 26488 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\update\spcustom.dll
    - 2009-07-29 07:01 . 2008-07-08 13:22 17272 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\spmsg.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 44544 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\pngfilt.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 52224 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\msfeedsbs.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 27648 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\jsproxy.dll
    - 2009-06-29 11:25 . 2009-06-29 11:25 13824 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieudinit.exe
    - 2009-06-29 16:12 . 2009-06-29 16:12 44544 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\iernonce.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 78336 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieencode.dll
    - 2009-06-29 11:29 . 2009-06-29 11:29 70656 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ie4uinit.exe
    - 2009-06-29 16:12 . 2009-06-29 16:12 63488 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\icardie.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 17408 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\corpol.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 44544 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\pngfilt.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 52224 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\msfeedsbs.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 27648 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\jsproxy.dll
    - 2009-06-29 11:07 . 2009-06-29 11:07 13824 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieudinit.exe
    - 2009-06-29 15:57 . 2009-06-29 15:57 44544 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\iernonce.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 78336 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieencode.dll
    - 2009-06-29 11:07 . 2009-06-29 11:07 70656 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ie4uinit.exe
    - 2009-06-29 15:57 . 2009-06-29 15:57 63488 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\icardie.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 17408 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\corpol.dll
    + 2009-10-27 11:35 . 2009-10-27 11:35 22016 c:\windows\Installer\f848bb.msi
    + 2009-10-27 11:33 . 2009-10-27 11:33 27136 c:\windows\Installer\f84893.msi
    + 2009-10-27 11:34 . 2009-10-27 11:34 80395 c:\windows\Installer\{DA966F45-F8A1-41F5-B186-36E184409432}\MsblIco.Exe
    + 2009-10-27 11:35 . 2009-10-27 11:35 58945 c:\windows\Installer\{8F7BC615-A7E3-4309-B60E-BC8BF3DEAE83}\wlmail.exe
    - 2009-07-10 09:49 . 2009-02-06 17:31 308104 c:\windows\WLXPGSS.SCR
    + 2009-07-10 10:49 . 2009-02-06 17:31 308104 c:\windows\WLXPGSS.SCR
    + 2006-03-02 12:00 . 2009-10-25 12:00 448418 c:\windows\system32\perfh009.dat
    + 2007-07-11 10:27 . 2009-06-29 15:57 380928 c:\windows\system32\ieapfltr.dll
    - 2007-07-11 10:27 . 2009-08-29 07:27 380928 c:\windows\system32\ieapfltr.dll
    - 2009-02-17 20:27 . 2009-08-29 07:27 380928 c:\windows\system32\dllcache\ieapfltr.dll
    + 2009-02-17 20:27 . 2009-06-29 15:57 380928 c:\windows\system32\dllcache\ieapfltr.dll
    - 2009-07-29 07:01 . 2009-05-26 11:43 386424 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\update\updspapi.dll
    - 2009-07-29 07:01 . 2009-05-26 11:43 756600 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\update\update.exe
    - 2009-07-29 07:01 . 2008-07-08 13:22 232824 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\spuninst.exe
    - 2009-06-29 16:12 . 2009-06-29 16:12 828928 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\wininet.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 233472 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\webcheck.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 105984 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\url.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 102912 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\occache.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 671232 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\mstime.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 193024 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\msrating.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 477696 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\mshtmled.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 459264 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\msfeeds.dll
    - 2009-06-29 07:25 . 2009-06-29 07:25 634632 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\iexplore.exe
    - 2009-06-29 16:12 . 2009-06-29 16:12 268288 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\iertutil.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 388608 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\iedkcs32.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 380928 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieapfltr.dll
    - 2009-06-29 07:23 . 2009-06-29 07:23 161792 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieakui.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 230400 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieaksie.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 153088 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieakeng.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 132608 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\extmgr.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 214528 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\dxtrans.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 347136 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\dxtmsft.dll
    - 2009-06-29 16:12 . 2009-06-29 16:12 124928 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\advpack.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 827392 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\wininet.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 233472 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\webcheck.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 105984 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\url.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 102912 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\occache.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 671232 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\mstime.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 193024 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\msrating.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 477696 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\mshtmled.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 459264 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\msfeeds.dll
    - 2009-06-29 08:35 . 2009-06-29 08:35 634632 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\iexplore.exe
    - 2009-06-29 15:57 . 2009-06-29 15:57 268288 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\iertutil.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 385024 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\iedkcs32.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 380928 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieapfltr.dll
    - 2009-06-29 08:33 . 2009-06-29 08:33 161792 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieakui.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 230400 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieaksie.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 153088 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieakeng.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 133120 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\extmgr.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 214528 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\dxtrans.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 347136 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\dxtmsft.dll
    - 2009-06-29 15:57 . 2009-06-29 15:57 124928 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\advpack.dll
    + 2009-10-27 11:35 . 2009-10-27 11:35 861696 c:\windows\Installer\f848e1.msi
    + 2009-10-27 11:34 . 2009-10-27 11:34 430080 c:\windows\Installer\f848b4.msi
    + 2009-10-27 11:33 . 2009-10-27 11:33 155648 c:\windows\Installer\f8489f.msi
    + 2009-08-27 07:25 . 2009-10-28 08:55 1220500 c:\windows\system32\Restore\rstrlog.dat
    + 2009-05-01 18:30 . 2009-05-01 18:30 3448832 c:\windows\system32\GPhotos.scr
    - 2009-06-29 16:12 . 2009-06-29 16:12 1163264 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\urlmon.dll
    - 2009-07-19 13:20 . 2009-07-19 13:20 3600384 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\mshtml.dll
    - 2009-07-19 13:20 . 2009-07-19 13:20 6070784 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieframe.dll
    - 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3qfe\ieapfltr.dat
    - 2009-06-29 15:57 . 2009-06-29 15:57 1159680 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\urlmon.dll
    - 2009-07-19 13:27 . 2009-07-19 13:27 3597824 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\mshtml.dll
    - 2009-07-19 13:27 . 2009-07-19 13:27 6067200 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieframe.dll
    - 2009-06-29 08:33 . 2009-06-29 08:33 2452872 c:\windows\SoftwareDistribution\Download\ec870da4b346729792fa41dca96ae49c\sp3gdr\ieapfltr.dat
    + 2009-10-27 11:39 . 2009-10-27 11:39 15706112 c:\windows\Installer\f8497b.msp
    + 2009-10-27 15:29 . 2009-10-27 15:29 15709696 c:\windows\Installer\a660fa.msp
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1768960]
    "Google Update"="c:\documents and settings\savaş\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-03-21 206832]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-22 39408]
    "minihava"="c:\program files\Shenturk\Mini Hava\minihava.exe" [2009-09-16 399360]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
    "Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-03-02 208952]
    "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
    "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-03-02 455168]
    "RaidTool"="c:\program files\VIA\RAID\raid_tool.exe" [2004-10-11 659456]
    "Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-03-06 1920512]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 393216]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 117616]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 218520]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-07-14 413696]
    "Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" [2009-09-16 122368]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1488208]
    "VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-08 229376]
    "VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-11-01 233472]
    "SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-11-17 753664]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

    c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang‡\
    AirTies ADSL Hizmet Program.lnk - c:\program files\AirTies\ADSL Hizmet Program\AirTies_util3.exe [2009-6-8 2452992]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
    "AntiVirusOverride"=dword:00000001
    "AntiVirusDisableNotify"=dword:00000001
    "FirewallDisableNotify"=dword:00000001
    "FirewallOverride"=dword:00000001
    "UpdatesDisableNotify"=dword:00000001
    "UacDisableNotify"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Program Files\\Google\\Common\\Google Updater\\GoogleUpdaterService.exe"=
    "c:\\WINDOWS\\system32\\VTTimer.exe"=
    "c:\\Program Files\\VIA\\RAID\\raid_tool.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\jusched.exe"=
    "c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Update\\GoogleUpdate.exe"=
    "c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
    "c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\PixArt\\PAC7302\\Monitor.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "c:\\Program Files\\Adobe\\Reader 9.0\\Reader\\Reader_sl.exe"=
    "c:\\WINDOWS\\system32\\VTtrayp.exe"=
    "c:\\WINDOWS\\system32\\ntvdm.exe"=
    "c:\\WINDOWS\\system32\\wuauclt.exe"=
    "c:\\Program Files\\Windows Live\\Toolbar\\wltuser.exe"=
    "c:\\WINDOWS\\SOUNDMAN.EXE"=
    "c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
    "c:\\Program Files\\Google\\Picasa3\\Picasa3.exe"=
    "c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\jucheck.exe"=
    "c:\\Program Files\\Google\\Google Desktop Search\\GoogleDesktop.exe"=
    "c:\\Program Files\\Shenturk\\Mini Hava\\minihava.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\jqs.exe"=
    "c:\\Documents and Settings\\savaş\\Local Settings\\Application Data\\Google\\Update\\1.2.183.7\\GoogleCrashHandler.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [17.02.2009 23:10 55152]
    R3 abp470n5;abp470n5;\??\c:\windows\system32\drivers\nlpjtn.sys --> c:\windows\system32\drivers\nlpjtn.sys [?]
    S2 gupdate1c9a08f6ed5a052;Google Güncelleme Hizmeti (gupdate1c9a08f6ed5a052);c:\program files\Google\Update\GoogleUpdate.exe [09.03.2009 10:16 309232]
    S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
    S3 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\NIS\1000000.07D\BHDrvx86.sys [28.05.2009 15:41 254512]
    S3 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1000000.07D\ccHPx86.sys [28.05.2009 15:41 362544]
    S3 fsssvc;Windows Live Aile Koruması;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 22:48 533360]
    S3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20080826.006\IDSxpx86.sys [28.05.2009 15:41 274808]
    S3 PAC7302;PC VGA Camer@ Plus;c:\windows\system32\drivers\PAC7302.SYS [10.09.2007 08:50 457984]
    S3 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1000000.07D\SymEFA.sys [28.05.2009 15:41 309296]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *Deregistered* - mbr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-28 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-17 10:47]

    2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 08:16]

    2009-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-03-09 08:16]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.tr/
    uDefault_Search_URL = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Microsoft Excel'e Gö&nder - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2009-10-29 00:36
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-796845957-1004336348-682003330-1004\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3788)
    c:\windows\system32\WININET.dll
    c:\progra~1\WINDOW~2\wmpband.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2009-10-28 0:40
    ComboFix-quarantined-files.txt 2009-10-28 22:40
    ComboFix2.txt 2009-10-25 12:11

    Pre-Run: 49.986.445.312 bayt boş
    Post-Run: 50.254.938.112 bayt boş

    - - End Of File - - 98BB4E84FE9051F5F4442E9B9D1DEC0D
  • Selam kardeş,gerçekten büyük bi hizmet veriyosun ve bu kadar kişinin hayır duasını alıyosun.
    Hp notebook kullanıyorum 32bit service pack 2 ve güncel vista sistemimde;
    -Avast antivirüs
    -PC Tools Spyware doctor
    -Advanced System Care Pro programları var.(hepsi günceldir)

    Benim problemlerime gelecek olursak;
    -PC kapanırken conime.exe(windows system dosyası)ile ilgili bi problem çıkarıyo,conime.exe düzgün olarak açılamadı
    yada kapanamadı gibisinden ve bu sorun herzaman karşıma çıkmıyo ama çıktığı zamanda
    kıllanıyorum.
    -Son zamanlarda pc açarken karşıma "kişisel ayarlar(yanıt vermiyor)" diye bi pencere çıkıyo
    karşıma ve vista başlamıyor öylece siyah ekranda kalıyo,fakat ctrl-alt-del yapıp pc'yi yeniden başlatınca gayet normal
    bi şekilde vista başlıyo,pc açılıyo.

    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 10:25:34, on 29.10.2009
    Platform: Windows Vista SP2 (WinNT 6.00.1906)
    MSIE: Internet Explorer v8.00 (8.00.6001.18828)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\winlogon.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\svchost.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Users\Emre\Desktop\HiJackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.mynet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Araç Çubugu 5.0\aoltb.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Araç Çubugu 5.0\aoltb.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
    O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" update "Software\CyberLink\YouCam\2.0"
    O4 - HKLM\..\Run: [DpAgent] C:\Program Files\DigitalPersona\Bin\dpagent.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [OnScreenDisplay] C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKLM\..\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O4 - Global Startup: Bluetooth.lnk = ?
    O8 - Extra context menu item: &AOL Araç Çubuğu Araması - C:\ProgramData\AOL\ieToolbar\resources\tr-TR\local\search.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O13 - Gopher Prefix:
    O17 - HKLM\System\CS13\Services\Tcpip\..\{3EA66098-2AEB-4793-8C3D-94D85F9CD62D}: NameServer = 4.2.2.1,4.2.2.2
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\aestsrv.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: QuickPlay Background Capture Service (QBCS) (QPCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    O23 - Service: QuickPlay Task Scheduler (QTS) (QPSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_030ac640\STacSV.exe
    O23 - Service: Validity Fingerprint Service (vfsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vfsFPService.exe

    --
    End of file - 14263 bytes
  • merhaba bende dosyayı ekledim yardımcı olursan sevinirim



    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:59:46, on 29.10.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\acs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
    C:\Program Files\RocketDock\RocketDock.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\TEMİZLER.USERPC.002\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TEMİZLER.USERPC.002\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\TEMİZLER.USERPC.002\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    d:\Downloads\Programs\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.aytr.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.aytr.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://nid.altervista.org/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MI1933~1\Office12\GR99D3~1.DLL
    O23 - Service: Atheros Yapılandırma Hizmeti (ACS) - Atheros - C:\WINDOWS\system32\acs.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowGold\ScsiAccess.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

    --
    End of file - 8426 bytes
  • quote:

    Orijinalden alıntı: satore

    The Avenger adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/avenger.exe

    1. Aşağıda renkli yazılmış olan yazıların tamamını seçip CTRL+C basın ve kopyalayın.

    Drivers to disable: 
    abp470n5
    MBR
    mbr

    Drivers to delete:
    abp470n5
    MBR
    mbr

    2. Program ikonunun üzerine çift tıklayarak programı çalıştırın.

    * Load Script altında Paste from Clipboard seçin.
    * Execute butonuna basın.
    * Program soru sorarsa Evet tıklayın.

    3. bilgisayarınız yeniden başlayacak. (2 kez yeniden başlayabilir) Daha sonra bir takım işlemler yapılacaktır.
    4. Tarama işlemi bittikten sonra C:\avenger.txt olarak bir log dosyası yaratılacaktır. (Yedekleriniz C:\avenger\backup.zip dizininde olacaktır.)
    5. C:\avenger.txt dosyasını mesajınıza ekleyerek bize gönderin. [code][/code]

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
  • quote:

    Orijinalden alıntı: Tasher

    Selam kardeş,gerçekten büyük bi hizmet veriyosun ve bu kadar kişinin hayır duasını alıyosun.
    Hp notebook kullanıyorum 32bit service pack 2 ve güncel vista sistemimde;
    -Avast antivirüs
    -PC Tools Spyware doctor
    -Advanced System Care Pro programları var.(hepsi günceldir)

    Benim problemlerime gelecek olursak;
    -PC kapanırken conime.exe(windows system dosyası)ile ilgili bi problem çıkarıyo,conime.exe düzgün olarak açılamadı
    yada kapanamadı gibisinden ve bu sorun herzaman karşıma çıkmıyo ama çıktığı zamanda
    kıllanıyorum.
    -Son zamanlarda pc açarken karşıma "kişisel ayarlar(yanıt vermiyor)" diye bi pencere çıkıyo
    karşıma ve vista başlamıyor öylece siyah ekranda kalıyo,fakat ctrl-alt-del yapıp pc'yi yeniden başlatınca gayet normal
    bi şekilde vista başlıyo,pc açılıyo.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.mynet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Araç Çubugu 5.0\aoltb.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Araç Çubugu 5.0\aoltb.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &AOL Araç Çubuğu Araması - C:\ProgramData\AOL\ieToolbar\resources\tr-TR\local\search.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL


    ComboFix adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
  • quote:

    Orijinalden alıntı: nctemiz

    merhaba bende dosyayı ekledim yardımcı olursan sevinirim

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.aytr.net 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.aytr.net
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://nid.altervista.org/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MI1933~1\Office12\GRA8E1~1.DLL
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - C:\Program Files\Styler\TB\StylerTB.dll
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  • Merhaba burak nasılsın.Dostum pc de son günlerde bir ağırlaşma sözkonusu . Kontrol ettim donanım çakışması veya uyuşmazlık görünmüyor.arada bir cclenear,ad. systemcare,vit registry,smart defrag,norman malw clenar kullanıyorum.iyi günler.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 11:55:46, on 29.10.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\SYSTEM32\Ati2evxx.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Tall Emu\Online Armor\oacat.exe
    C:\Program Files\Tall Emu\Online Armor\oasrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir Desktop\sched.exe
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    C:\WINDOWS\system32\agrsmsvc.exe
    C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
    C:\WINDOWS\system32\hasplms.exe
    C:\Program Files\ESRI\License\arcgis9x\ARCGIS.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Tall Emu\Online Armor\oaui.exe
    C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
    C:\Program Files\Tall Emu\Online Armor\OAhlp.exe
    C:\Program Files\AntiLogger\AntiLogger.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\DOWNLOAD\HijackThis.exe

    O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Tall Emu\Online Armor\oaui.exe"
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
    O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
    O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\WINDOWS\system32\agrsmsvc.exe
    O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avmailc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
    O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
    O23 - Service: ArcGIS License Manager - Unknown owner - C:\Program Files\ESRI\License\arcgis9x\lmgrd.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: HASP License Manager (hasplms) - Aladdin Knowledge Systems Ltd. - C:\WINDOWS\system32\hasplms.exe
    O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
    O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files\O2Micro Oz128 Driver\o2flash.exe
    O23 - Service: Online Armor Helper Service (OAcat) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oacat.exe
    O23 - Service: Sentinel Protection Server (SentinelProtectionServer) - SafeNet, Inc - C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    O23 - Service: Online Armor (SvcOnlineArmor) - Tall Emu - C:\Program Files\Tall Emu\Online Armor\oasrv.exe

    --
    End of file - 4397 bytes
  • quote:

    Orijinalden alıntı: atakans

    Merhaba burak nasılsın.Dostum pc de son günlerde bir ağırlaşma sözkonusu . Kontrol ettim donanım çakışması veya uyuşmazlık görünmüyor.arada bir cclenear,ad. systemcare,vit registry,smart defrag,norman malw clenar kullanıyorum.iyi günler.

    Evet bir problem gozukmuyor burada. ComboFix ile bir log gonderir msiin?
  • usta bnm internet explorer çift tıkladıgmda acılıyor ama ana sayfa cok gec acılıyor ve menu cubuguda gorunmuyor inş senın sayende cozcez problemı x)

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:08:32, on 29.10.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    F:\CafePlusFilter1\cafeplusfilterinject.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    F:\CafePlusFilter1\cafeplusfilter.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    F:\Server\CafePlus.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtblfs.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Documents and Settings\Administrator\Belgelerim\Downloads\Programs\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.inndir.com/program.php?id=39066
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 85.17.105.10 server37.files.youporn.com
    O1 - Hosts: 84.16.252.97 server61.files.youporn.com
    O1 - Hosts: 84.16.230.128 server62.files.youporn.com
    O1 - Hosts: 89.149.209.12 server63.files.youporn.com
    O1 - Hosts: 89.149.209.13 server64.files.youporn.com
    O1 - Hosts: 89.149.209.15 server65.files.youporn.com
    O1 - Hosts: 89.149.209.40 server66.files.youporn.com
    O1 - Hosts: 89.149.208.248 server67.files.youporn.com
    O1 - Hosts: 84.16.227.97 server68.files.youporn.com
    O1 - Hosts: 84.16.252.142 server69.files.youporn.com
    O1 - Hosts: 84.16.242.76 server70.files.youporn.com
    O1 - Hosts: 38.103.4.235 server71.files.youporn.com
    O1 - Hosts: 38.100.22.69 server87.files.youporn.com
    O1 - Hosts: 84.16.240.193 server96.files.youporn.com
    O1 - Hosts: 84.16.231.177 server97.files.youporn.com
    O1 - Hosts: 89.149.197.210 server98.files.youporn.com
    O1 - Hosts: 89.149.197.211 server99.files.youporn.com
    O1 - Hosts: 89.149.197.212 server100.files.youporn.com
    O1 - Hosts: 89.149.197.213 server101.files.youporn.com
    O1 - Hosts: 89.149.197.214 server102.files.youporn.com
    O1 - Hosts: 89.149.197.215 server103.files.youporn.com
    O1 - Hosts: 89.149.197.216 server104.files.youporn.com
    O1 - Hosts: 89.149.197.217 server105.files.youporn.com
    O1 - Hosts: 84.16.227.95 server125.files.youporn.com
    O1 - Hosts: 84.16.227.52 server126.files.youporn.com
    O1 - Hosts: 84.16.231.193 server127.files.youporn.com
    O1 - Hosts: 89.149.195.79 server128.files.youporn.com
    O1 - Hosts: 89.149.208.227 server129.files.youporn.com
    O1 - Hosts: 89.149.208.230 server130.files.youporn.com
    O1 - Hosts: 89.149.209.33 server131.files.youporn.com
    O1 - Hosts: 89.149.196.203 server132.files.youporn.com
    O1 - Hosts: 89.149.196.206 server133.files.youporn.com
    O1 - Hosts: 89.149.196.208 server134.files.youporn.com
    O1 - Hosts: 84.16.224.96 server135.files.youporn.com
    O1 - Hosts: 89.149.202.63 server136.files.youporn.com
    O1 - Hosts: 89.149.202.66 server137.files.youporn.com
    O1 - Hosts: 89.149.202.67 server138.files.youporn.com
    O1 - Hosts: 89.149.202.68 server139.files.youporn.com
    O1 - Hosts: 89.149.202.69 server140.files.youporn.com
    O1 - Hosts: 89.149.202.70 server141.files.youporn.com
    O1 - Hosts: 89.149.202.73 server142.files.youporn.com
    O1 - Hosts: 89.149.202.74 server143.files.youporn.com
    O1 - Hosts: 89.149.202.75 server144.files.youporn.com
    O1 - Hosts: 89.149.217.245 server175.files.youporn.com
    O1 - Hosts: 89.149.217.246 server176.files.youporn.com
    O1 - Hosts: 89.149.217.247 server177.files.youporn.com
    O1 - Hosts: 89.149.217.248 server178.files.youporn.com
    O1 - Hosts: 89.149.217.249 server179.files.youporn.com
    O1 - Hosts: 89.149.217.250 server180.files.youporn.com
    O1 - Hosts: 89.149.217.251 server181.files.youporn.com
    O1 - Hosts: 89.149.202.84 server182.files.youporn.com
    O1 - Hosts: 89.149.202.85 server183.files.youporn.com
    O1 - Hosts: 89.238.136.98 server184.files.youporn.com
    O1 - Hosts: 89.238.136.99 server185.files.youporn.com
    O1 - Hosts: 89.238.136.100 server186.files.youporn.com
    O1 - Hosts: 89.238.136.101 server187.files.youporn.com
    O1 - Hosts: 89.238.136.102 server188.files.youporn.com
    O1 - Hosts: 89.149.209.41 server189.files.youporn.com
    O1 - Hosts: 89.149.202.80 server190.files.youporn.com
    O1 - Hosts: 89.149.195.104 server191.files.youporn.com
    O1 - Hosts: 84.16.240.229 server192.files.youporn.com
    O1 - Hosts: 89.149.195.105 server193.files.youporn.com
    O1 - Hosts: 84.16.230.33 server194.files.youporn.com
    O1 - Hosts: 217.20.112.161 server195.files.youporn.com
    O1 - Hosts: 89.149.197.225 server196.files.youporn.com
    O1 - Hosts: 89.149.195.106 server197.files.youporn.com
    O1 - Hosts: 89.238.136.103 server198.files.youporn.com
    O1 - Hosts: 38.103.4.237 server199.files.youporn.com
    O1 - Hosts: 217.20.112.153 server200.files.youporn.com
    O1 - Hosts: 89.149.196.205 server201.files.youporn.com
    O1 - Hosts: 89.149.196.207 server202.files.youporn.com
    O1 - Hosts: 89.149.202.59 server203.files.youporn.com
    O1 - Hosts: 89.149.202.81 server204.files.youporn.com
    O1 - Hosts: 84.16.231.175 server205.files.youporn.com
    O1 - Hosts: 84.16.242.82 server206.files.youporn.com
    O1 - Hosts: 84.16.242.75 server207.files.youporn.com
    O1 - Hosts: 84.16.252.20 server208.files.youporn.com
    O1 - Hosts: 89.238.136.104 server209.files.youporn.com
    O1 - Hosts: 38.103.4.238 server210.files.youporn.com
    O1 - Hosts: 89.238.136.105 server211.files.youporn.com
    O1 - Hosts: 89.238.136.106 server212.files.youporn.com
    O1 - Hosts: 89.238.136.107 server213.files.youporn.com
    O1 - Hosts: 84.16.224.120 server214.files.youporn.com
    O1 - Hosts: 84.16.227.60 server215.files.youporn.com
    O1 - Hosts: 84.16.230.110 server216.files.youporn.com
    O1 - Hosts: 84.16.252.133 server217.files.youporn.com
    O1 - Hosts: 84.16.243.239 server218.files.youporn.com
    O1 - Hosts: 84.16.252.16 server219.files.youporn.com
    O1 - Hosts: 89.149.209.101 server220.files.youporn.com
    O1 - Hosts: 89.149.209.99 server221.files.youporn.com
    O1 - Hosts: 89.149.202.186 server222.files.youporn.com
    O1 - Hosts: 89.149.217.231 server223.files.youporn.com
    O1 - Hosts: 84.16.252.162 server224.files.youporn.com
    O1 - Hosts: 89.149.217.21 server225.files.youporn.com
    O1 - Hosts: 84.16.252.161 server226.files.youporn.com
    O1 - Hosts: 89.149.194.199 server227.files.youporn.com
    O1 - Hosts: 84.16.224.98 server228.files.youporn.com
    O1 - Hosts: 217.20.112.142 server229.files.youporn.com
    O1 - Hosts: 84.16.230.28 server230.files.youporn.com
    O1 - Hosts: 84.16.231.187 server231.files.youporn.com
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe"
    O4 - HKLM\..\Run: [AKINSOFT CafeFilter] F:\CafePlusFilter1\cafeplusfilter.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" -H
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
    O8 - Extra context menu item: Açılır Pencere Engelleyicisine ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ie_banner_deny.htm
    O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm
    O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {AA0FB75C-C50E-47B6-B7E0-3B9C3FAA8AC4} (CamImage Class) -http://192.168.2.4/Comm/IPCamControl.cab
    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{55D9B990-8255-4035-857F-AD074CE9CFEB}: NameServer = 192.168.2.1
    O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    O23 - Service: CafePlusFilterServiceMain - Unknown owner - F:\CafePlusFilter1\cafeplusfilterinject.exe
    O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbguard.exe
    O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_0\bin\fbserver.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

    --
    End of file - 12903 bytes
  • quote:

    Orijinalden alıntı: serji


    quote:

    Orijinalden alıntı: atakans

    Merhaba burak nasılsın.Dostum pc de son günlerde bir ağırlaşma sözkonusu . Kontrol ettim donanım çakışması veya uyuşmazlık görünmüyor.arada bir cclenear,ad. systemcare,vit registry,smart defrag,norman malw clenar kullanıyorum.iyi günler.

    Evet bir problem gozukmuyor burada. ComboFix ile bir log gonderir msiin?


    ComboFix 09-10-28.08 - User 29.10.2009 18:55.6.2 - NTFSx86
    Microsoft Windows XP Professional 5.1.2600.3.1254.90.1055.18.2046.1439 [GMT 2:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: AntiVir Desktop *On-access scanning disabled* (Updated) {11638345-E4FC-4BEE-BB73-EC754659C5F6}
    AV: Kaspersky Internet Security *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
    FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
    SP: Kaspersky Internet Security *disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
    .

    2009-10-28 21:31 . 2009-10-28 21:32 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
    2009-10-28 21:31 . 2009-10-28 21:31 -------- d-----w- c:\program files\NOS
    2009-10-26 20:47 . 2009-10-26 20:47 -------- d-----w- c:\documents and settings\User\DoctorWeb
    2009-10-26 11:28 . 2009-10-29 11:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
    2009-10-26 11:28 . 2009-10-26 11:32 -------- d-----w- c:\program files\Kaspersky Lab
    2009-10-26 11:27 . 2009-10-26 11:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-10-25 09:03 . 2009-10-25 09:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Sunbelt
    2009-10-24 06:24 . 2009-10-24 06:24 -------- d-----w- c:\documents and settings\User\Application Data\Avira
    2009-10-23 22:38 . 2009-10-23 22:38 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E8DD7A4A-3EE8-4019-898E-952A32C3B613}
    2009-10-23 22:21 . 2009-05-08 11:13 97608 ----a-w- c:\windows\system32\drivers\avfwot.sys
    2009-10-23 22:21 . 2009-03-30 07:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
    2009-10-23 22:21 . 2009-02-24 10:06 69632 ----a-w- c:\windows\system32\drivers\avfwim.sys
    2009-10-23 22:21 . 2009-02-13 09:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
    2009-10-23 22:21 . 2009-02-13 09:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
    2009-10-23 22:21 . 2009-10-23 22:21 -------- d-----w- c:\program files\Avira
    2009-10-23 21:12 . 2009-10-23 21:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
    2009-10-20 18:34 . 2009-10-20 18:34 219664 ----a-w- c:\windows\system32\klogon.dll
    2009-10-17 08:55 . 2009-10-17 08:58 -------- d-----w- c:\documents and settings\User\Application Data\UpdateStar
    2009-10-15 10:53 . 2009-10-15 10:56 -------- d-----w- C:\RTNet
    2009-10-14 20:54 . 2009-10-14 20:54 -------- d-----w- C:\MTXWEBTEMP
    2009-10-14 20:53 . 2009-10-15 04:53 -------- d-----w- C:\MATRIKS
    2009-10-13 19:08 . 2009-10-13 19:08 888 ----a-w- c:\windows\unins000.dat
    2009-10-13 19:08 . 2009-10-13 19:08 -------- d-----w- c:\documents and settings\User\Application Data\Flatcast
    2009-10-13 19:08 . 2009-10-13 19:08 695578 ----a-w- c:\windows\unins000.exe
    2009-10-10 07:38 . 2009-10-10 07:46 -------- d-----w- c:\program files\Extra DVD to MPEG Ripper
    2009-10-03 11:35 . 2009-10-03 12:26 -------- d-----w- C:\PUB
    2009-10-03 11:25 . 2006-02-11 00:48 41984 ----a-w- c:\windows\killproc.exe
    2009-10-03 11:25 . 2006-02-11 01:08 913408 ----a-w- c:\windows\system32\contfilt.dll
    2009-10-03 11:25 . 2006-02-11 00:56 110592 ----a-w- c:\windows\system32\mwnsp.dll
    2009-10-03 11:25 . 2005-10-09 15:53 125440 ----a-w- c:\windows\system32\UNZDLL.DLL
    2009-10-03 11:25 . 2000-04-03 19:00 130560 ----a-w- c:\windows\system32\ZIPDLL.DLL
    2009-10-03 11:25 . 1997-09-18 03:12 7680 ----a-w- c:\windows\sporder.exe
    2009-10-03 11:25 . 1997-09-18 03:12 9488 ----a-w- c:\windows\sporder.dll
    2009-10-03 11:25 . 2006-02-11 00:58 90112 ----a-w- c:\windows\inst_tsp.exe
    2009-10-03 11:25 . 2006-02-11 00:58 335872 ----a-w- c:\windows\system32\mwtsp.dll
    2009-10-03 11:25 . 2009-10-03 11:25 -------- d-----w- c:\windows\system32\FLCSS.EXE
    2009-09-30 17:39 . 2009-01-07 18:14 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
    2009-09-30 17:18 . 2009-10-01 05:22 -------- d-----w- c:\program files\Advanced System Optimizer 3

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-29 16:55 . 2001-11-22 10:00 77260 ----a-w- c:\windows\system32\perfc01F.dat
    2009-10-29 16:55 . 2001-11-22 10:00 398506 ----a-w- c:\windows\system32\perfh01F.dat
    2009-10-29 16:50 . 2009-05-13 18:41 -------- d-----w- c:\documents and settings\User\Application Data\vlc
    2009-10-29 08:55 . 2009-09-20 19:56 -------- d-----w- c:\program files\a-squared Free
    2009-10-28 06:51 . 2008-08-26 14:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-26 22:54 . 2009-06-02 14:03 -------- d-----w- c:\documents and settings\User\Application Data\dvdcss
    2009-10-25 09:10 . 2009-05-19 13:36 -------- d-----w- c:\documents and settings\User\Application Data\AIMP
    2009-10-24 08:41 . 2008-08-26 15:36 -------- d-----w- c:\program files\Messenger Plus! Live
    2009-10-23 22:41 . 2009-03-17 17:50 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
    2009-10-23 22:38 . 2009-07-23 22:15 27612 ----a-w- c:\windows\syscall.dat
    2009-10-23 22:38 . 2009-03-05 17:52 -------- d-----w- c:\program files\AntiLogger
    2009-10-23 22:26 . 2008-08-26 11:05 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-23 22:21 . 2009-09-19 08:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
    2009-10-15 06:23 . 2009-07-01 09:54 -------- d-----w- c:\program files\Java
    2009-10-10 09:46 . 2009-05-23 07:31 -------- d-----w- c:\program files\IObit
    2009-10-09 18:44 . 2009-03-05 11:23 29776 ----a-w- c:\windows\system32\drivers\OAnet.sys
    2009-10-09 18:43 . 2009-03-05 11:23 24656 ----a-w- c:\windows\system32\drivers\OAmon.sys
    2009-10-09 18:43 . 2009-03-05 11:23 200784 ----a-w- c:\windows\system32\drivers\OADriver.sys
    2009-10-03 12:26 . 2009-10-03 11:26 -------- d-----w- c:\program files\Common Files\MicroWorld
    2009-09-30 17:46 . 2009-09-19 07:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Systweak
    2009-09-30 17:46 . 2009-06-25 10:31 -------- d-----w- c:\documents and settings\User\Application Data\Systweak
    2009-09-30 17:40 . 2009-05-10 20:34 -------- d-----w- c:\program files\K-Lite Codec Pack
    2009-09-23 06:18 . 2009-07-31 06:42 95259 ------w- c:\windows\system32\drivers\klick.dat
    2009-09-23 06:18 . 2009-07-31 06:42 107547 ------w- c:\windows\system32\drivers\klin.dat
    2009-09-21 09:11 . 2008-11-23 17:51 -------- d-----w- c:\program files\Common Files\Softwin
    2009-09-21 09:10 . 2008-10-29 16:01 81984 ------w- c:\windows\system32\bdod.bin
    2009-09-19 07:37 . 2009-09-19 07:37 -------- d-----w- c:\program files\FormatFactory
    2009-09-19 07:35 . 2009-09-19 05:52 -------- d-----w- c:\program files\Driver Validation
    2009-09-19 07:35 . 2009-09-19 05:54 -------- d-----w- c:\program files\Norton Ghost
    2009-09-19 07:35 . 2009-08-01 14:45 -------- d-----w- c:\program files\Common Files\Symantec Shared
    2009-09-18 21:00 . 2009-09-18 21:00 -------- d-----w- c:\program files\Trend Micro
    2009-09-12 13:55 . 2009-07-07 14:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-09-11 05:52 . 2008-09-04 20:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-09-10 11:54 . 2008-09-04 20:34 38224 ------w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-09-10 11:53 . 2008-09-04 20:34 19160 ------w- c:\windows\system32\drivers\mbam.sys
    2009-09-06 07:57 . 2009-09-06 07:57 -------- d-----w- c:\program files\VITSOFT
    2009-09-04 19:58 . 2008-08-26 14:24 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-09-01 13:29 . 2009-09-01 13:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
    2009-08-30 07:20 . 2009-04-24 20:57 971168 ----a-w- c:\windows\system32\drivers\tdrpm140.sys
    2009-08-30 07:20 . 2009-08-20 19:37 540000 ----a-w- c:\windows\system32\drivers\timntr.sys
    2009-08-30 07:20 . 2009-08-20 19:37 44704 ----a-w- c:\windows\system32\drivers\tifsfilt.sys
    2009-08-30 07:20 . 2009-08-30 07:20 134272 ----a-w- c:\windows\system32\drivers\snman380.sys
    2009-08-23 10:29 . 2009-08-23 10:29 368480 ----a-w- c:\windows\system32\drivers\tdrpman.sys
    2009-08-16 15:08 . 2008-09-01 17:01 178176 ------w- c:\windows\system32\unrar.dll
    2009-08-15 12:00 . 2009-08-15 11:58 47 ----a-w- c:\windows\system32\_1PUTILS.dat
    2009-08-01 14:57 . 2009-08-01 14:57 127 ----a-w- c:\documents and settings\User\Local Settings\Application Data\fusioncache.dat
    2009-07-14 22:03 . 2009-07-14 22:00 952 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    [-] 2008-05-07 . E47D77A2F5D64974D9B6724552EB44AD . 1571840 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
    .
    ((((((((((((((((((((((((((((( SnapShot@2009-10-29_16.28.45 )))))))))))))))))))))))))))))))))))))))))
    .
    - 2001-11-22 10:00 . 2009-10-29 16:12 66874 c:\windows\system32\perfc009.dat
    + 2001-11-22 10:00 . 2009-10-29 16:55 66874 c:\windows\system32\perfc009.dat
    + 2001-11-22 10:00 . 2009-10-29 16:55 408158 c:\windows\system32\perfh009.dat
    - 2001-11-22 10:00 . 2009-10-29 16:12 408158 c:\windows\system32\perfh009.dat
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "@OnlineArmor GUI"="c:\program files\Tall Emu\Online Armor\oaui.exe" [2009-10-09 6393544]
    "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
    "AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-10-23 2478448]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "SynchronousMachineGroupPolicy"= 0 (0x0)
    "SynchronousUserGroupPolicy"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoResolveTrack"= 1 (0x1)

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Tall Emu\Online Armor\oaevent.dll" [2009-10-09 852680]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "a2AntiMalware"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\Documents and Settings\\User\\desktop\\oyunlar\\KingNET.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "c:\\PROGRA~1\\COMMON~1\\MicroWorld\\Agent\\MWAGENT.EXE"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1947:TCP"= 1947:TCP:HASP SRM
    "1947:UDP"= 1947:UDP:HASP SRM

    R0 hotcore3;Hotcore helper;c:\windows\system32\drivers\hotcore3.sys [02.05.2009 21:01 40496]
    R0 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [26.08.2008 15:03 39680]
    R0 O2SDRDR;O2SDRDR;c:\windows\system32\drivers\o2sd.sys [26.08.2008 15:03 35712]
    R0 snapman380;Acronis Snapshots Manager (Build 380);c:\windows\system32\drivers\snman380.sys [30.08.2009 09:20 134272]
    R0 tdrpman140;Acronis Try&Decide and Restore Points filter (build 140);c:\windows\system32\drivers\tdrpm140.sys [24.04.2009 22:57 971168]
    R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [23.10.2009 11:47 116080]
    R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [05.03.2009 13:23 200784]
    R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [05.03.2009 13:23 29776]
    R1 pctfw2;pctfw2;c:\windows\system32\drivers\pctfw2.sys [12.12.2008 00:02 160792]
    R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [24.10.2009 00:21 194817]
    R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [24.10.2009 00:21 108289]
    R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [24.10.2009 00:21 434945]
    R2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run --> c:\windows\system32\hasplms.exe -run [?]
    R2 OAcat;Online Armor Helper Service;c:\program files\Tall Emu\Online Armor\oacat.exe [05.03.2009 13:23 1244360]
    R2 SvcOnlineArmor;Online Armor;c:\program files\Tall Emu\Online Armor\oasrv.exe [05.03.2009 13:23 3316936]
    R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [13.12.2007 12:28 24592]
    S1 aswSP;avast! Self Protection; [x]
    S1 cmdGuard;cmdGuard;c:\windows\system32\DRIVERS\cmdguard.sys --> c:\windows\system32\DRIVERS\cmdguard.sys [?]
    S1 cmdHlp;cmdHlp;c:\windows\system32\DRIVERS\cmdhlp.sys --> c:\windows\system32\DRIVERS\cmdhlp.sys [?]
    S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [05.03.2009 13:23 24656]
    S2 ArcGIS License Manager;ArcGIS License Manager;c:\program files\ESRI\License\arcgis9x\lmgrd.exe [26.08.2008 19:52 467968]
    S2 aswFsBlk;aswFsBlk;c:\windows\system32\DRIVERS\aswFsBlk.sys --> c:\windows\system32\DRIVERS\aswFsBlk.sys [?]
    S3 BCASPROT;Advanced System Protector;\??\c:\program files\Systweak\Advanced System Protector\sasprot32.sys --> c:\program files\Systweak\Advanced System Protector\sasprot32.sys [?]
    S3 BioNT_BS;BioNT_BS;\??\c:\program files\Paragon Software\Drive Backup 9 Professional\bluescrn\BioNT_bs.sys --> c:\program files\Paragon Software\Drive Backup 9 Professional\bluescrn\BioNT_bs.sys [?]
    S3 cpuz130;cpuz130;\??\c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\User\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
    S3 EuDisk;EASEUS Disk Enumerator;c:\windows\system32\drivers\EuDisk.sys [23.08.2009 02:38 122504]
    S3 getPlusHelper;getPlus(R) Helper;c:\windows\System32\svchost.exe -k getPlusHelper [14.04.2008 08:00 14336]
    S3 PROCEXP113;PROCEXP113;\??\c:\windows\system32\Drivers\PROCEXP113.SYS --> c:\windows\system32\Drivers\PROCEXP113.SYS [?]
    S3 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
    S3 SBTEDrv;SBTEDrv;\??\c:\windows\SYSTEM32\drivers\SBTEDrv.sys --> c:\windows\SYSTEM32\drivers\SBTEDrv.sys [?]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - CLASSPNP_2
    *Deregistered* - mbr

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    getPlusHelper REG_MULTI_SZ getPlusHelper
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1677128483-1417001333-1003Core.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 17:53]

    2009-10-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1677128483-1417001333-1003UA.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-05-19 17:53]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com.tr/
    LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\sxtg6kk2.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.tr/
    FF - plugin: c:\docume~1\User\APPLIC~1\Flatcast\NpFv522.dll
    FF - plugin: c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\sxtg6kk2.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
    FF - plugin: c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.2.145.5\npGoogleOneClick8.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\np_gp.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npdeploytk.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\NpFv522.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\npnul32.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nppl3260.dll
    FF - plugin: c:\progra~1\Mozilla Firefox\plugins\nprpjplug.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\NpFv522.dll
    FF - plugin: c:\program files\Opera\program\plugins\np_gp.dll
    FF - plugin: c:\program files\Opera\program\plugins\NpFv522.dll
    FF - plugin: c:\program files\Opera\program\plugins\nporbit.dll
    FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
    FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll

    ---- FIREFOX POLICIES ----
    FF - user.js: browser.cache.memory.capacity - 65536
    FF - user.js: browser.chrome.favicons - fales
    FF - user.js: browser.display.show_image_placeholders - true
    FF - user.js: browser.turbo.enabled - true
    FF - user.js: browser.urlbar.autocomplete.enabled - true
    FF - user.js: browser.urlbar.autofill - true
    FF - user.js: browser.xul.error_pages.enabled - true
    FF - user.js: content.interrupt.parsing - true
    FF - user.js: content.max.tokenizing.time - 3000000
    FF - user.js: content.maxtextrun - 8191
    FF - user.js: content.notify.backoffcount - 5
    FF - user.js: content.notify.interval - 750000
    FF - user.js: content.notify.ontimer - true
    FF - user.js: content.switch.threshold - 750000
    FF - user.js: network.http.max-connections - 32
    FF - user.js: network.http.max-connections-per-server - 8
    FF - user.js: network.http.max-persistent-connections-per-proxy - 8
    FF - user.js: network.http.max-persistent-connections-per-server - 4
    FF - user.js: network.http.pipelining - true
    FF - user.js: network.http.pipelining.maxrequests - 8
    FF - user.js: network.http.proxy.pipelining - true
    FF - user.js: network.http.request.max-start-delay - 0
    FF - user.js: nglayout.initialpaint.delay - 0
    FF - user.js: plugin.expose_full_path - true
    FF - user.js: ui.submenuDelay - 0
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2009-10-29 19:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll iaStor.sys
    kernel: MBR read successfully
    user & kernel MBR OK
    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer,http://www.gmer.net

    disk.sys @ 0xBA118000 0x8E00 bytes

    \Driver\disk [ IRP_MJ_POWER ] 0xCB369C82 != 0xA949C4EF aksfridge.sys
    \Driver\disk IRP hooks detected !

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):e1,ed,6d,ff,7a,07,e8,45,67,7e,02,2d,37,b9,12,9b,ce,f0,4f,7c,90,
    b3,64,11,9e,90,ff,3c,d2,c9,2b,23,92,99,e2,40,8f,fa,c2,0e,00,00,00,00,00,00,\

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8ba3ff54-4fbf-4ae9-b383-7fd825a51c63}]
    @Denied: (Full) (Everyone)
    "Model"=dword:0000003a
    "Therad"=dword:00000023
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,85,b1,12,f9,90,dd,23,a1,72,4f,d2,3f,a4,fa,b5,6c,4b,16,71,25,2f,8e,\

    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG11.00.00.01WORKSTATION"="9EA3E9F934D70E0A6BEFB446B75796D959E0CB0621FC7BAA407BEE12255FD33B71AFAF1A86C1BD7C31E05205766468FB040000DBCCECFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6171C11EC38DE3D9DB7CE019D40AA5C08FC760A822E15EE89F1BA2022E9421AEE2174F8EAE45A1C5C960D33E271BBDB89F72E88C97A03E348EC0567517B344B5C99E921937746A5249C40A3E68BF70311AF3FC1030AEF87EF45F40FE92E328983C4A5C92E54E9C6EA4DFDD681CDF7255A1104C995BCD70622367083C90258A80A51BFD6B0BE9B1DFBE827485CDD6E46748E4B550138EBEC5184D25265BFF1DE69F2BCCFA1BDE4A875B1109933234451C31A56BE57E5112E48F2ECAEC3EF82C9EF601BE01F9C84CE4A70820F57499492802FDB04BF72E0A1A34C00EF00603EE5BD53495A586AECD54070BB92AF412E3B36C8844673CEA480D35E44914A248E974B0AAC2F13FA456CF201ECB134BE9461C4E66FCB41B05FE91EFAE231E4911228DFC91B7825E4E721D1F5B91B723A80FDDE8FAD008B11C45F1AF67C92274299409AD563F0FB0362E91FA73DA50CEEDC6E0E4BC66E48ACBE48B5ACA49BFC942AF16BFB437998F3791D71710348365EC974AC2633498185E6ED317960D8E5A9FEAE9B8870168E9C217933320CA23A4C9935EA31E2E8565F1101A13F2CF6736904CDC14E126D07A3051EA3CDCE73F340543A4C80B4C378C43F11EF6377CA4F7C5B0CCC2543CCBCF3840FD62DB29FD70735F1A9AD02F92E03AB95D7CFA34BB252D908FEE796A2803B30B5B03A1531E730ACABAD5414CDD02AC1E9EB728812ED9C8AC56DF38D84B66FD05E6E66C7D43F90DD9ED816A624519022CA0F3C715E6451A9AB82ACA1A9D8C5DE391EA20F5B893F9F627E186E852FCDA25C7B231E930CAAA985FAF7BEECF0398A5A22E924398A1A7EF5C601102303404A233DA0BF38F226AF0369C143CF210B353A3136B3879540B9B9ADFDA64CF408558B34337E77350794B6B37786751DBB75B5D606DF031495C37481C03F78C48B36E118DA742008D26699138C4DA52D93170E71DFBC0D84C2464E68FDDB4043F30FDA6E1F32A432D3E68616F755CCAC9E97E434C8532A77331A55D76E7262D82DBB8B9587B99C0F188BBB1D33CDF90EABA9C4244EA1849298D1791C4C6E40FDE9C46EBE2402C30DF17DDD5F3E5CE153CC339A1EFD97E68DE42E12D6DBACDFC11D6DE1EC85F676B0F71B73E61A965C16D8CFB450ED9BC33752A858F95F7F6BC682A9A87B41F63A1183F4E80F4F0A6482EC4E493DB3042F705B6B684D20ACB04215226815F054B3D8B3D08C8CE6B71C5767AEEE3CEBA0E22FC1D7C56DEA6EA2FE17B1ACBAB1D73048692913647091C4EBEAAAA47636"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(1120)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(28284)
    c:\program files\Tall Emu\Online Armor\OAwatch.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\program files\Microsoft Office\OFFICE11\msohev.dll
    .
    Completion time: 2009-10-29 19:11
    ComboFix-quarantined-files.txt 2009-10-29 17:11

    Pre-Run: 36,860,170,240 bayt boş
    Post-Run: 36,830,109,696 bayt boş

    - - End Of File - - 7B777753B07B07BF148D51AFAA37CC7B
  • quote:

    Orijinalden alıntı: serji


    quote:

    Orijinalden alıntı: Tasher

    Selam kardeş,gerçekten büyük bi hizmet veriyosun ve bu kadar kişinin hayır duasını alıyosun.
    Hp notebook kullanıyorum 32bit service pack 2 ve güncel vista sistemimde;
    -Avast antivirüs
    -PC Tools Spyware doctor
    -Advanced System Care Pro programları var.(hepsi günceldir)

    Benim problemlerime gelecek olursak;
    -PC kapanırken conime.exe(windows system dosyası)ile ilgili bi problem çıkarıyo,conime.exe düzgün olarak açılamadı
    yada kapanamadı gibisinden ve bu sorun herzaman karşıma çıkmıyo ama çıktığı zamanda
    kıllanıyorum.
    -Son zamanlarda pc açarken karşıma "kişisel ayarlar(yanıt vermiyor)" diye bi pencere çıkıyo
    karşıma ve vista başlamıyor öylece siyah ekranda kalıyo,fakat ctrl-alt-del yapıp pc'yi yeniden başlatınca gayet normal
    bi şekilde vista başlıyo,pc açılıyo.

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb 
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.mynet.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=tr_tr&c=83&bd=Pavilion&pf=cnnb
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: AOL Toolbar BHO - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Araç Çubugu 5.0\aoltb.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Araç Çubugu 5.0\aoltb.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
    O8 - Extra context menu item: &AOL Araç Çubuğu Araması - C:\ProgramData\AOL\ieToolbar\resources\tr-TR\local\search.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
    O9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - (no file)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL


    ComboFix adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.

    Tamamdır üstad en kısa zamanda combofix ile bakıp yollayacaım bu arada yazdığın listedekileri fixleyimi??
  • avenger rapor


    Logfile of The Avenger Version 2.0, (c) by Swandog46
    http://swandog46.geekstogo.com

    Platform: Windows XP

    *******************

    Script file opened successfully.
    Script file read successfully.

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    Rootkit scan active.
    No rootkits found!

    Driver "abp470n5" disabled successfully.

    Error: could not open driver "MBR"
    Disablement of driver "MBR" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: could not open driver "mbr"
    Disablement of driver "mbr" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist

    Driver "abp470n5" deleted successfully.

    Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\MBR" not found!
    Deletion of driver "MBR" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Error: registry key "\Registry\Machine\System\CurrentControlSet\Services\mbr" not found!
    Deletion of driver "mbr" failed!
    Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
    --> the object does not exist


    Completed script processing.

    *******************

    Finished! Terminate.
  • Merhabalar, bu yararlı çalışmanız için teşekkürler. Sistemimde son zamanlarda bir yavaşlama var anlayamadığım bir şekilde. Hijackthis'in logunu aşağıda veriyorum şimdiden teşekkürler.

    quote:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:01:21, on 29.10.2009
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16791)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\AhnRpta.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\Elantech\ETDCtrl.exe
    C:\Program Files\EeePC\ACPI\AsTray.exe
    C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\WINDOWS\system32\igfxext.exe
    C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
    C:\Program Files\Opera\opera.exe
    C:\Documents and Settings\Ali Burak\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe
    O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe
    O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe
    O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
    O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O4 - Global Startup: SuperHybridEngine.lnk = ?
    O8 - Extra context menu item: &Bluetooth Aygıtına Gönder... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O8 - Extra context menu item: Bluetooth'a Gönder - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe

    --
    End of file - 6024 bytes
  • Öncelikle selam
    sizden bi kaç konuda yardım isticekdim.pc de zone alarm yüklü ve o yüklü iken kis yüklüyemiyorum panda yükledigimdede acaip kasmalar oluyor
    birde IObit gvenlkik yüklü bu program ile kis veya norton aynı işlevdemi çalışıyor ?
    bi diyer konu pc açıldıgında msn falan açılıyor hemen onu nasıl kapatırım veya bu tür programları.
    internet hızımda yavaş
    güvenlik açıklarımı kapatmak istiyorum bu konuda yardımlarınızı bekliyorum.


    quote:

    ComboFix 09-10-28.08 - yakamoz 29.10.2009 22:53.3.2 - NTFSx86 
    Microsoft Windows XP Professional 5.1.2600.2.1254.90.1055.18.1022.562 [GMT 2:00]
    Running from: c:\documents and settings\yakamoz\Belgelerim\İndirilenler\software\ComboFix.exe
    FW: ZoneAlarm Pro Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
    .

    ((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-29 )))))))))))))))))))))))))))))))
    .

    2009-10-29 19:54 . 2009-10-29 19:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
    2009-10-29 18:05 . 2009-10-29 18:05 2932736 ----a-w- c:\documents and settings\yakamoz\BvtLiveTv.exe
    2009-10-29 13:09 . 2009-10-29 18:24 -------- d-----w- c:\program files\BvT Grup
    2009-10-28 21:16 . 2009-10-28 21:16 -------- d-----w- c:\documents and settings\yakamoz\Application Data\CheckPoint
    2009-10-28 21:15 . 2009-10-28 21:15 -------- d-----w- c:\program files\CheckPoint
    2009-10-28 21:15 . 2009-10-29 20:30 4212 ---ha-w- c:\windows\system32\zllictbl.dat
    2009-10-28 21:15 . 2009-09-22 00:01 69000 ----a-w- c:\windows\system32\zlcomm.dll
    2009-10-28 21:15 . 2009-09-22 00:01 103816 ----a-w- c:\windows\system32\zlcommdb.dll
    2009-10-28 21:15 . 2009-10-28 21:15 -------- d-----w- c:\windows\system32\ZoneLabs
    2009-10-28 21:15 . 2009-09-22 00:01 1238408 ----a-w- c:\windows\system32\zpeng25.dll
    2009-10-28 21:11 . 2009-10-28 21:11 -------- d-----w- c:\program files\Zone Labs
    2009-10-28 21:09 . 2009-10-29 20:41 -------- d-----w- c:\windows\Internet Logs
    2009-10-28 19:53 . 2009-10-28 19:53 12912 ----a-w- c:\documents and settings\yakamoz\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2009-10-28 19:45 . 2009-10-28 19:45 27612 ----a-w- c:\windows\syscall.dat
    2009-10-28 19:45 . 2009-10-28 19:45 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{E8DD7A4A-3EE8-4019-898E-952A32C3B613}
    2009-10-28 19:45 . 2009-10-28 19:45 -------- d-----w- c:\program files\AntiLogger
    2009-10-28 17:24 . 2009-10-28 17:24 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\Mozilla
    2009-10-28 17:19 . 2009-10-28 17:19 -------- d-----w- c:\documents and settings\yakamoz\Local Settings\Application Data\AirTies
    2009-10-25 13:40 . 2009-10-29 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2009-10-25 13:40 . 2009-10-25 13:40 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2009-10-23 18:40 . 2009-10-23 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Software
    2009-10-23 13:23 . 2009-10-23 13:23 -------- d-----w- c:\documents and settings\yakamoz\Application Data\Apple Computer
    2009-10-23 01:47 . 2009-10-23 01:47 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
    2009-10-23 01:20 . 2009-10-23 01:20 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
    2009-10-23 01:20 . 2009-10-28 17:15 -------- d-----w- c:\program files\IObit
    2009-10-23 01:05 . 2009-10-23 01:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Backup
    2009-10-23 01:05 . 2009-10-29 20:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Panda Security
    2009-10-21 14:49 . 2009-10-21 14:49 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2009-10-20 11:04 . 2005-01-02 21:43 4682 ----a-w- c:\windows\system32\npptNT2.sys
    2009-10-20 11:02 . 2009-10-20 11:02 -------- d-----w- c:\program files\Common Files\INCA Shared
    2009-10-19 10:33 . 2009-10-26 21:41 -------- d-----w- c:\documents and settings\yakamoz\Application Data\Winamp
    2009-10-18 16:00 . 2009-10-18 16:00 -------- d-----w- c:\program files\Apple Software Update
    2009-10-18 15:59 . 2009-10-27 15:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2009-10-18 15:56 . 2009-10-27 15:20 -------- d-----w- c:\program files\Webteh
    2009-10-18 15:47 . 2009-10-25 17:02 -------- d-----w- c:\program files\Common Files\Real
    2009-10-18 15:39 . 2008-02-21 02:05 120056 ------w- c:\windows\system32\pxcpyi64.exe
    2009-10-18 15:39 . 2008-02-21 02:05 118520 ------w- c:\windows\system32\pxinsi64.exe
    2009-10-17 15:25 . 2009-10-25 14:10 7630 ----a-w- c:\windows\system32\secushr.dat
    2009-10-13 11:12 . 2009-10-13 11:12 -------- d-----w- c:\program files\DVDVideoSoft
    2009-10-07 16:25 . 2001-08-18 02:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2009-10-07 16:25 . 2001-08-18 02:36 8704 ----a-w- c:\windows\system32\kbdjpn.dll
    2009-10-07 16:25 . 2001-08-18 02:36 8192 -c--a-w- c:\windows\system32\dllcache\kbdkor.dll
    2009-10-07 16:25 . 2001-08-18 02:36 8192 ----a-w- c:\windows\system32\kbdkor.dll
    2009-10-07 16:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2009-10-07 16:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2009-10-07 16:25 . 2001-08-17 18:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2009-10-07 16:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd106.dll
    2009-10-07 16:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101c.dll
    2009-10-07 16:25 . 2001-08-17 18:55 6144 ----a-w- c:\windows\system32\kbd101b.dll
    2009-10-07 16:25 . 2001-08-17 18:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2009-10-07 16:25 . 2001-08-17 18:55 5632 ----a-w- c:\windows\system32\kbd103.dll
    2009-10-06 23:11 . 2009-10-08 10:37 -------- d-----w- c:\documents and settings\yakamoz\Application Data\MessengerDiscovery 2
    2009-10-06 23:11 . 2009-10-13 07:29 -------- d-----w- c:\program files\MessengerDiscovery 2
    2009-10-06 18:25 . 2009-10-13 07:28 -------- d-----w- c:\program files\Windows Media Connect 2
    2009-10-06 18:24 . 2009-10-06 18:24 -------- d-----w- c:\windows\system32\drivers\UMDF
    2009-10-06 18:24 . 2009-10-06 18:24 -------- d-----w- c:\windows\system32\LogFiles
    2009-10-06 11:11 . 2009-10-06 11:11 -------- d--h--w- c:\windows\system32\GroupPolicy
    2009-10-02 09:14 . 2009-10-02 09:14 -------- d-----w- c:\program files\Common Files\Nero
    2009-10-02 09:13 . 2001-03-08 16:30 24064 ------w- c:\windows\system32\msxml3a.dll
    2009-10-02 09:12 . 2009-10-02 09:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
    2009-10-02 09:11 . 2009-10-28 17:12 -------- d-----w- c:\program files\Ahead
    2009-10-01 13:21 . 2009-10-01 13:30 -------- d-----w- c:\documents and settings\yakamoz\Application Data\FastStone

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-10-29 20:50 . 2001-11-22 12:00 67968 ----a-w- c:\windows\system32\perfc01F.dat
    2009-10-29 20:50 . 2001-11-22 12:00 381334 ----a-w- c:\windows\system32\perfh01F.dat
    2009-10-29 20:46 . 2009-09-15 20:25 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-10-28 17:14 . 2009-09-15 20:25 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-10-25 13:26 . 2009-09-15 20:34 -------- d-----w- c:\program files\Common Files\Adobe
    2009-10-19 10:35 . 2009-09-15 20:28 -------- d-----w- c:\program files\Winamp
    2009-10-16 11:59 . 2009-09-26 04:37 -------- d-----w- c:\program files\Common Files\Akamai
    2009-10-13 11:12 . 2009-09-15 20:31 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
    2009-09-23 23:36 . 2009-09-23 23:36 -------- d-----w- c:\program files\Common Files\snp2std
    2009-09-16 14:36 . 2009-09-16 14:30 -------- d-----w- c:\program files\Windows Live
    2009-09-16 14:33 . 2009-09-16 14:33 -------- d-----w- c:\program files\Microsoft Sync Framework
    2009-09-16 14:32 . 2009-09-16 14:32 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
    2009-09-16 14:31 . 2009-09-16 14:31 -------- d-----w- c:\program files\Microsoft
    2009-09-16 14:30 . 2009-09-16 14:30 -------- d-----w- c:\program files\Windows Live SkyDrive
    2009-09-16 14:00 . 2009-09-16 14:00 -------- d-----w- c:\program files\Common Files\Windows Live
    2009-09-16 13:23 . 2009-09-16 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
    2009-09-16 01:35 . 2009-09-15 21:41 -------- d-----w- c:\program files\AirTies
    2009-09-15 21:02 . 2009-09-15 21:02 0 ----a-w- c:\windows\nsreg.dat
    2009-09-15 20:35 . 2009-09-15 20:34 -------- d-----w- c:\program files\Java
    2009-09-15 20:34 . 2009-09-15 20:34 -------- d-----w- c:\program files\Common Files\Java
    2009-09-15 20:31 . 2009-09-15 20:31 -------- d-----w- c:\program files\CCleaner
    2009-09-15 20:26 . 2009-09-15 20:26 -------- d-----w- c:\documents and settings\yakamoz\Application Data\InstallShield
    2009-09-15 20:25 . 2009-09-15 20:25 -------- d-----w- c:\program files\Realtek
    2009-09-15 20:25 . 2009-09-15 20:25 315392 ----a-w- c:\windows\HideWin.exe
    2009-09-15 20:23 . 2009-09-15 20:23 -------- d-----w- c:\program files\Intel
    2009-09-15 20:22 . 2009-09-15 20:22 16608 ----a-w- c:\windows\gdrv.sys
    2009-09-15 20:22 . 2009-09-15 20:18 -------- d-----w- c:\program files\Vtune
    2009-09-15 20:13 . 2009-09-15 20:13 -------- d-----w- c:\program files\microsoft frontpage
    2009-09-15 20:11 . 2009-09-15 20:11 21736 ----a-w- c:\windows\system32\emptyregdb.dat
    2009-08-05 19:48 . 2009-09-16 14:36 54752 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
    .

    ------- Sigcheck -------

    [-] 2006-10-18 18:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
    [-] 2006-10-18 18:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
    [7] 2004-08-03 21:45 . F94DE505F15DB220B139A1E60BE113C7 . 52224 . . [9.0.1.56] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "TBPanel"="c:\program files\Vtune\TBPanel.exe" [2008-07-10 2154496]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-10-06 3883856]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-08-03 1667584]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_08\bin\jusched.exe" [2005-03-04 32881]
    "tsnp2std"="c:\windows\tsnp2std.exe" [2006-11-29 258048]
    "IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-28 1241872]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]
    "AntiLogger"="c:\program files\AntiLogger\AntiLogger.exe" [2009-10-23 2478448]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-25 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-25 13529088]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-09-22 1011080]
    "RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2008-02-13 16857600]
    "nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2008-06-25 1630208]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

    c:\documents and settings\All Users\Start Menu\Programlar\BaŸlang�‡\
    AirTies ADSL Hizmet Program�.lnk - c:\program files\AirTies\ADSL Hizmet Program�\AirTies_util3.exe [2009-9-16 2853376]

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\AirTies\\ADSL Hizmet Programı\\AirTies_util3.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "$INSTDIR\\FlvDetector.exe"= c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlvDetector.exe

    R1 AntiLog32;AntiLog32;c:\program files\AntiLogger\AntiLog32.sys [23.10.2009 11:47 116080]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [16.09.2009 16:36 54752]
    R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [23.10.2009 03:20 309008]
    R3 TUSB1150;Airties WUS-300 USB Wireless Adapter (TNETW1450);c:\windows\system32\drivers\TUSB1150.sys [16.09.2009 03:34 450944]
    S3 fsssvc;Windows Live Aile Koruması Hizmeti;c:\program files\Windows Live\Family Safety\fsssvc.exe [05.08.2009 21:48 704864]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 SOACS;SOACS Driver;\??\c:\windows\system32\drivers\soacs.sys --> c:\windows\system32\drivers\soacs.sys [?]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *Deregistered* - ISWKL
    *Deregistered* - krnl_akl
    *Deregistered* - mbr
    .
    Contents of the 'Scheduled Tasks' folder

    2009-10-28 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 11:21]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://google.com/
    uInternet Connection Wizard,ShellNext = iexplore
    uSearchURL,(Default) = hxxp://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
    IE: Download All by FlashGet3 - c:\documents and settings\yakamoz\Application Data\FlashGetBHO\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\documents and settings\yakamoz\Application Data\FlashGetBHO\GetUrl.htm
    FF - ProfilePath - c:\documents and settings\yakamoz\Application Data\Mozilla\Firefox\Profiles\67tv36yc.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query=
    FF - prefs.js: browser.search.selectedEngine - Winamp Search
    FF - prefs.js: browser.startup.homepage - hxxp://tr.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:tr:official
    FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampab&query=
    FF - component: c:\documents and settings\yakamoz\Application Data\Mozilla\Firefox\Profiles\67tv36yc.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava11.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava12.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava13.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava14.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJava32.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPJPI142_08.dll
    FF - plugin: c:\program files\Java\j2re1.4.2_08\bin\NPOJI610.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-AirTiesWUS-300 - c:\program files\AirTies\AirTiesWUS-300\WUS300.exe
    HKLM-Run-BvtUtility - c:\program files\BvT Grup\BvT Live Tv\BvtUtility.exe
    AddRemove-ZoneAlarm Toolbar - c:\program files\CheckPoint\ZAForceField\Uninstall.exe



    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(3824)
    c:\windows\system32\msi.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    c:\windows\system32\browselc.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    c:\progra~1\SPYBOT~1\SDHelper.dll
    c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
    c:\program files\Vtune\TBPanelExt.dll
    c:\windows\system32\nvcpl.dll
    c:\windows\system32\NVRSTR.DLL
    c:\windows\system32\nvapi.dll
    c:\windows\system32\nvshell.dll
    .
    Completion time: 2009-10-29 23:00
    ComboFix-quarantined-files.txt 2009-10-29 20:59

    Pre-Run: 40.809.951.232 bayt boş
    Post-Run: 40.926.552.064 bayt boş

    - - End Of File - - 073F2E5D493CFCC81B7C7D723E0C277B




    quote:

    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 23:18:53, on 29.10.2009
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\SYSTEM32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Vtune\TBPanel.exe
    C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\IObit\IObit Security 360\is360.exe
    C:\Program Files\IObit\IObit Security 360\IS360tray.exe
    C:\Documents and Settings\yakamoz\Belgelerim\İndirilenler\software\HiJackThis.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://google.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://toolbar.ask.com/toolbarv/askRedirect?o=13165&gct=&gc=1&q=%s
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGetBHO - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Documents and Settings\yakamoz\Application Data\FlashGetBHO\FlashGetBHO3.dll (file missing)
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: (no name) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - (no file)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_08\bin\jusched.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [IObit Security 360] C:\Program Files\IObit\IObit Security 360\IS360tray.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [AntiLogger] "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKCU\..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe /A
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
    O8 - Extra context menu item: Download All by FlashGet3 - C:\Documents and Settings\yakamoz\Application Data\FlashGetBHO\GetAllUrl.htm
    O8 - Extra context menu item: Download by FlashGet3 - C:\Documents and Settings\yakamoz\Application Data\FlashGetBHO\GetUrl.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_08\bin\npjpi142_08.dll
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O23 - Service: IS360service - IObit - C:\Program Files\IObit\IObit Security 360\IS360srv.exe
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    --
    End of file - 6720 bytes



    < Bu mesaj bu kişi tarafından değiştirildi MMO-RPG -- 29 Ekim 2009; 23:23:43 >
  • quote:

    Orijinalden alıntı: grsu

    usta bnm internet explorer çift tıkladıgmda acılıyor ama ana sayfa cok gec acılıyor ve menu cubuguda gorunmuyor inş senın sayende cozcez problemı x)

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://www.inndir.com/program.php?id=39066
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts: ::1 localhost
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
  • quote:

    Orijinalden alıntı: atakans

    Rica etsem mesaji silebilir misin sayfanin yapisini bozuyor da.

    Agir olmasinin sebebi bir cok koruma programi var. Comodo, Avira, Avast daha bir cok tane yazilim. Bunlardan yalnizca 1 tanesi kalsin bilgisayarda digerlerini silmelisin. Daha sonra da:

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
  • quote:

    Orijinalden alıntı: Tasher
    Tamamdır üstad en kısa zamanda combofix ile bakıp yollayacaım bu arada yazdığın listedekileri fixleyimi??

    Evet onlari da fixlemelisin.


    quote:

    Orijinalden alıntı: satore

    avenger rapor

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
  • quote:

    Orijinalden alıntı: djinn_inc

    Merhabalar, bu yararlı çalışmanız için teşekkürler. Sistemimde son zamanlarda bir yavaşlama var anlayamadığım bir şekilde. Hijackthis'in logunu aşağıda veriyorum şimdiden teşekkürler.

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin.


    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://go.microsoft.com/fwlink/?LinkId=74005
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
    O4 - HKCU\..\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
    O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MI1933~1\Office12\EXCEL.EXE/3000
    O9 - Extra button: Bunu Bloga Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. (Yalnızca kullanıcı adınızın karşısındaki işlemleri sonlandırın. Local Service, network, system olanlara dokunmayın). HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

    ComboFix adlı programı masaüstünüze indirin.

    http://www.buraksonmez.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra Evet butonuna tıklayın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecek ve masaüstünüz kaybolacaktır. Bunlar normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 50 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.


    quote:

    Orijinalden alıntı: MMO-RPG

    Öncelikle selam
    sizden bi kaç konuda yardım isticekdim.pc de zone alarm yüklü ve o yüklü iken kis yüklüyemiyorum panda yükledigimdede acaip kasmalar oluyor
    birde IObit gvenlkik yüklü bu program ile kis veya norton aynı işlevdemi çalışıyor ?
    bi diyer konu pc açıldıgında msn falan açılıyor hemen onu nasıl kapatırım veya bu tür programları.
    internet hızımda yavaş
    güvenlik açıklarımı kapatmak istiyorum bu konuda yardımlarınızı bekliyorum.

    Baslangictan kaldirmak istediginiz programlari, O4 - HKLM\..\Run: satırların fixleyerek kaldirabilirsiniz. Yalnizca KIS butun islerinizi gorur.

    Malwarebytes Antimalware adlı programı indirin.

    http://www.buraksonmez.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.

    NOT: Eğer temizleme işlemi sırasında program bilgisayarı yeniden başlatmanızı isterse Tamam tıklayarak bilgisayarızı yeniden başlatın.
  • 
Sayfa: önceki 441442443444445
Sayfaya Git
Git
sonraki
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.