Şimdi Ara

HijackThis. Performans + Güvenlik! (Virüslerden kurtulun). 500.000+ (277. sayfa)

Bu Konudaki Kullanıcılar:
2 Misafir - 2 Masaüstü
5 sn
9.878
Cevap
17
Favori
1.234.271
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
0 oy
Öne Çıkar
Sayfa: önceki 275276277278279
Sayfaya Git
Git
sonraki
Giriş
Mesaj
  • quote:

    Orjinalden alıntı: sezgin57
    Merak etmeyin Msnede iletime yaziyorum :) uzun bir sürede orda kalır.. ;) o yardımıda yapalım yapmazsak olmaz zaten..

    O zaman tesekkurler


    quote:

    Orjinalden alıntı: sezgin57
    ahh unutmusum bu arada birde benim bilgisyarda wowexec.exe diye birşey calısıyor bunun ne oldugunu cözemedim ? bir fikrin varmı?

    wowexec.exe Windows'un bir bleseni normal sartlarda. Ama hic karsilasmamis olmama ragmen trojan oldugunu da duymustum. Wowexec.exe dosyasiniwww.virustotal.com sitesinde taratabilirsin.
  • Anladım ama bu dosya şeklinde değil nerde oldugunu bilmiyorum ctrl alt del yaptigimda işlemler kısmında cıkıyor sadece Wowexec.exe yaziyor karşisinda ne kullanici adi nede başka birşey yaziyor.. kaç kb ile calıştığı bile yazmiyor..
  • s.a. dostum.. aşağıda göndermiş olduum log dosyası internetcafemdeki bi bilgisayara ait.. inceleme ve yorumlarını bekliyorum.. şimdiden teşekkü ederim..


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:08:09, on 23.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Vtune\TBPanel.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\VM303_STI.EXE
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AKINSOFT\Cplus7\Client7\ClientKontrol.Exe
    C:\WINDOWS\system32\csrsm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\System.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\ghsfilt.exe
    C:\Documents and Settings\pc-01\Desktop\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =www.google.com.tr
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts: 127.1 localhost
    O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
    O1 - Hosts: 127.1 61.134.37.12
    O1 - Hosts: 127.1 ko.ssa387.cn
    O1 - Hosts: 127.1www.ndxrr.cn
    O1 - Hosts: 127.1 12345.ssa387.cn
    O1 - Hosts: 127.1 lihai88.com
    O1 - Hosts: 127.1 wwwwhf.cn
    O1 - Hosts: 127.1 a89369093.sq.u9idc.com
    O1 - Hosts: 127.1www.mmd178.cn
    O1 - Hosts: 127.1www.178mmd.cn
    O1 - Hosts: 127.1www.wenzhuoyyy.cn
    O1 - Hosts: 127.1 tw.lovechina.tw.cn
    O1 - Hosts: 127.1 222.189.238.151
    O1 - Hosts: 127.1 222.179.185.78
    O1 - Hosts: 127.1www.wq9q.cn
    O1 - Hosts: 127.1 593ffcey.cn
    O1 - Hosts: 127.1 set.yay520.cn
    O1 - Hosts: 127.1 tenmoc999.cn
    O1 - Hosts: 127.1 lihai88.com
    O1 - Hosts: 127.1 121.kcuf-01.com
    O1 - Hosts: 127.1www.ew1q.cn
    O1 - Hosts: 127.1www.b3sk.cn
    O1 - Hosts: 127.1 up.bizmd.cn
    O1 - Hosts: 127.1www.ms2a.cn
    O1 - Hosts: 127.1www.wo9188.cn
    O1 - Hosts: 127.1www.fgetchr.cn
    O1 - Hosts: 127.1www.e6zx.cn
    O1 - Hosts: 127.1 hai067.com
    O1 - Hosts: 127.1 hai088.com
    O1 - Hosts: 127.1 778899.jd8j.cn
    O1 - Hosts: 127.1 sql.78-11.net
    O1 - Hosts: 127.1www.bbbirdy.com
    O1 - Hosts: 127.1www.s1na1.com.cn
    O1 - Hosts: 127.1www.dianyinjzd.cn
    O1 - Hosts: 127.1www.dj5201314dj.com
    O1 - Hosts: 127.1 max-2.cn
    O1 - Hosts: 127.1 a.asp-o.cn
    O1 - Hosts: 127.1 b.asp-o.cn
    O1 - Hosts: 127.1 c.asp-o.cn
    O1 - Hosts: 127.1 x.kprobb.cn
    O1 - Hosts: 127.1 js.php-k.cn
    O1 - Hosts: 127.1 max-1.cn
    O1 - Hosts: 127.1 max-3.cn
    O1 - Hosts: 127.1 max-4.cn
    O1 - Hosts: 127.1 max-5.cn
    O1 - Hosts: 127.1 max-6.cn
    O1 - Hosts: 127.1 max-7.cn
    O1 - Hosts: 127.1 max-8.cn
    O1 - Hosts: 127.1 max-9.cn
    O1 - Hosts: 127.1 max-10.cn
    O1 - Hosts: 127.1 max-11.cn
    O1 - Hosts: 127.1 max-12.cn
    O1 - Hosts: 127.1 twocannon250.com.cn
    O1 - Hosts: 127.1www.133mm.cn
    O1 - Hosts: 127.1www.51vmm.cn
    O1 - Hosts: 127.1www.7mmoo.cn
    O1 - Hosts: 127.1www.99mmm.org.cn
    O1 - Hosts: 127.1www.hdec.cn
    O1 - Hosts: 127.1www.picc18.com
    O1 - Hosts: 127.1www.kissdh.com
    O1 - Hosts: 127.1www.x7v.cn
    O1 - Hosts: 127.1 biqulu.cn
    O1 - Hosts: 127.1 2008.qq2006.com.cn
    O1 - Hosts: 127.1 giaitrisex.com
    O1 - Hosts: 127.1www.giaitrisex.com
    O1 - Hosts: 127.1www.giaitrituoitre.net
    O1 - Hosts: 127.1 mekiep.com
    O1 - Hosts: 127.1www.1sex1day.com
    O1 - Hosts: 127.1 a.9ymm.com
    O1 - Hosts: 127.1 bobo.7wyt.com
    O1 - Hosts: 127.1www.591caobi.cn
    O1 - Hosts: 127.1www.hrz008.cn
    O1 - Hosts: 127.1 asp-15.cn
    O1 - Hosts: 127.1 asp-12.cn
    O1 - Hosts: 127.1www.jb88.net
    O1 - Hosts: 127.1 6.a88a.com
    O1 - Hosts: 127.1 w.b2c3.cn
    O1 - Hosts: 127.1 m.c5x8.com
    O1 - Hosts: 127.1www.518sfw.cn
    O1 - Hosts: 127.1www.jjyyzmj.cn
    O1 - Hosts: 127.1 u.cnmrx.net
    O1 - Hosts: 127.1 duowan.czm.cn
    O1 - Hosts: 127.1 xccxcxcxcxcx.cn
    O1 - Hosts: 127.1 google-yahoo.org.cn
    O1 - Hosts: 127.1 tudou-net.org.cn
    O1 - Hosts: 127.1 downloads.zango.com
    O1 - Hosts: 127.1 ftp.surfnet.nl
    O1 - Hosts: 127.1 bis.180solutions.com
    O1 - Hosts: 127.1 installs.hotbar.com
    O1 - Hosts: 127.1www.hbdownloads.com
    O1 - Hosts: 127.1 static.zangocash.com
    O1 - Hosts: 127.1www.qq-songli.cn
    O1 - Hosts: 127.1 aa.9234.net
    O1 - Hosts: 127.1www.97love.info
    O1 - Hosts: 127.1 97love.info
    O1 - Hosts: 127.1www.zyzhuiku.cn
    O1 - Hosts: 127.1 zyzhuiku.cn
    O1 - Hosts: 127.1www.lang18.com
    O1 - Hosts: 127.1 lang18.com
    O1 - Hosts: 127.1 sao6666.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
    O4 - HKLM\..\Run: [HBService32] System.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs:HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,
    HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,
    HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,
    HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
    HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,
    HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
    O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll
    O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O23 - Service: CafePlusServiceMain - Unknown owner - C:\Program Files\AKINSOFT\Cplus7\Client7\cplusinject.exe
    O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 9537 bytes



    < Bu mesaj bu kişi tarafından değiştirildi vampoo -- 24 Ekim 2008; 1:48:02 >
  • @Serji, yardımlarınız için tşk ederim.Bunların hepsini teker teker araştırıp öğrenebilecek vaktim yokdu ama sizin bu konudaki deneyimleriniz bana çok yardımcı oldu.Dediğiniz işlemleri yaptım tekrardan log dosyalarını gonderin demişsiniz gonderiyorum.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 00:34:43, on 23.10.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Downloads\HiJackThis.exe

    O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
    O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
    O4 - HKLM\..\Run: [P17Helper] Rundll32 SPIRun.dll,RunDLLEntry
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1221532028828
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1221542903031
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) -http://sdlc-esd.sun.com/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab?AuthParam=1221538457_413fe1d07b6530f82336c27127ff3f79&GroupName=JSC&BHost=javadl.sun.com&FilePath=/ESD44/JSCDL/jdk/6u7/jinstall-6u7-windows-i586-jc.cab&File=jinstall-6u7-windows-i586-jc.cab
    O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files\Creative\Shared Files\CTAudSvc.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 4070 bytes
  • merhaba hocam kolay gelsin.benim log file budur :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 09:44:30, on 23.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\S24EvMon.exe
    C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    C:\WINDOWS\system32\ZCfgSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\1XConfig.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    C:\WINDOWS\system32\inetsrv\inetinfo.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\msftesql.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.3\OLAP\bin\msmdsrv.exe
    C:\oracle\ora92\bin\omtsreco.exe
    C:\WINDOWS\system32\PGPsdkServ.exe
    C:\WINDOWS\system32\RegSrvc.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\WINDOWS\FixCamera.exe
    C:\WINDOWS\vsnp2std.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ServGate\ServGate VPN Client\SafeCfg.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\SQLAGENT90.EXE
    C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\FlashGet\flashget.exe
    C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.13.1.24:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;10.13*;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O2 - BHO: Flashget Catch Url Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: gFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: ServGate VPN Client.lnk = C:\Program Files\ServGate\ServGate VPN Client\SafeCfg.exe
    O4 - Global Startup: VPN Client.lnk = ?
    O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {0A5CAD58-328A-4E60-94F1-A510F266128A} (qdmsDokuman Control) -http://qdms.bcnet.com/qdms/CABFiles/qdmsDokumanApplication.cab
    O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} (WildTangent Active Launcher) -http://install.wildtangent.com/ActiveLauncher/ActiveLauncher.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
    O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) -http://kocaelikentrehberi.kocaeli.bel.tr/mgaxctrl.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195488360244
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {AF52CAD9-8797-4374-93DE-E24FD10EB11A} (Dokuman_Yazdir Control) - file:///C:/Inetpub/wwwroot/Kalite/qdms/CABFiles/QDMS_DY.cab
    O16 - DPF: {B4CB50E4-0309-4906-86EA-10B6641C8392} (SlimClient Class) -https://ast.yasar.com.tr/CSHELL/extender.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) -http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
    O16 - DPF: {C2CF0AAB-787A-474E-87F9-DB0A5750234E} (QDMSDocGoster Control) - file:///C:/Inetpub/wwwroot/Kalite/qdms/CABFiles/QDMSDocGosterici.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -http://www.shockwave.com/content/zuma/sis/popcaploader_v10.cab
    O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetupControlXP Class) -https://vpndanisman.hayat.com.tr/dana-cached/setup/JuniperSetupSP1.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcnet.com
    O17 - HKLM\Software\..\Telephony: DomainName = bcnet.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcnet.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcnet.com
    O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_1x8.dll
    O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
    O23 - Service: Ares Chatroom server (AresChatServer) - Unknown owner - C:\Program Files\Ares\chatServer.exe (file missing)
    O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files\CheckPoint\SSL Network Extender\slimsvc.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
    O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
    O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\ServGate\ServGate VPN Client\IPSecMon.exe
    O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\ServGate\ServGate VPN Client\IreIKE.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
    O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
    O23 - Service: PGPsdkService (PGPsdkServ) - PGP Corporation - C:\WINDOWS\system32\PGPsdkServ.exe
    O23 - Service: QDMS Mesaj Sistemi (qdmsDN) - Bimser Çözüm - C:\Inetpub\wwwroot\Kalite\Services\qdmsMail.exe
    O23 - Service: QDMS Yöneticisi (QDMSManager) - Bimser Çözüm - C:\Inetpub\wwwroot\Kalite\Services\qdmsMan.exe
    O23 - Service: RegSrvc - Intel Corporation - C:\WINDOWS\system32\RegSrvc.exe
    O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
    O23 - Service: Check Point SecuRemote Service (SR_Service) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_Service.exe
    O23 - Service: Check Point SecuRemote WatchDog (SR_WatchDog) - Check Point Software Technologies - C:\Program Files\CheckPoint\SecuRemote\bin\SR_WatchDog.exe

    --
    End of file - 12035 bytes
  • serji abi benim liste 92. sayafada kaldı lütfen yardımcı ol :) benden sonra gelenlere yardım etmişsin. sanırım gözünden kaçtım abi ya lütfen......
  • Merhaba, öncelikle tekrar bizlere yardımcı olmaya çalıştığın için teşekkür ederim. Yaklaşık on dakika önce Avast "amvo.exe" diye bir truva atı buldu. Daha sonra mevcut dosyayı, dikkatlice dos ortamında kaldırdım, gerekli regedit temizliğini de yaptım. Ancak format atmamın 2.gününde böyle bir şey yaşadığım için ve PC güvenliğimin önemli olması nedeniyle sizden bir Hijack loglarımı kontrol etmenizi rica edeceğim. Tekrar teşekkür ederim.

    Log;

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 16:08:09, on 23.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Intel\AMT\LMS.exe
    C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wbem\wmiapsrv.exe
    C:\Program Files\Winamp\winamp.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Xfire\xfire.exe
    F:\Adobe Photoshop CS3 Extended Portable\Photoshop.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Documents and Settings\Q\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1224544110671
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1224547566890
    O21 - SSODL: Java - True - (no file)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Intel(R) Active Management Technology LMS Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
    O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

    --
    End of file - 5182 bytes




    Ve bu mesajı yazarken, tekrardan bir uyarı aldım AMVO1.DLL olarak :)



    < Bu mesaj bu kişi tarafından değiştirildi Kerros -- 23 Ekim 2008; 16:07:16 >
  • serji kolay gelsin sayende bilgisayar nefes aldı. acaba önerdigin antivirüs programı var mı?
  • Bilgisayar son 1 haftadır acayip yavaşladı dosyada youtube ile ilgili şeyler göreceksiniz onlar uzun zamandır var daha önce böyle yavas degildi o youtube için dns çözücü ama eger zararlı diyorsanız kaldırayım

    Logfile of Trend Micro HijackThis v2.0.2 
    Scan saved at 16:34:03, on 23.10.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20861)
    Boot mode: Normal

    Running processes:
    C:\windows\System32\smss.exe
    C:\windows\system32\winlogon.exe
    C:\windows\system32\services.exe
    C:\windows\system32\lsass.exe
    C:\windows\system32\Ati2evxx.exe
    C:\windows\system32\svchost.exe
    C:\windows\System32\svchost.exe
    C:\windows\system32\Ati2evxx.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\windows\system32\cisvc.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\windows\system32\PnkBstrA.exe
    C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    C:\windows\system32\svchost.exe
    C:\windows\Explorer.EXE
    C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    C:\windows\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
    O1 - Hosts: 208.65.153.251 uk.youtube.com
    O1 - Hosts: 208.65.153.253 de.youtube.com
    O1 - Hosts: 208.117.236.70 youtube.com
    O1 - Hosts: 208.117.236.70 www.youtube.com
    O1 - Hosts: 74.125.65.118 img.youtube.com
    O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com
    O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com
    O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com
    O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com
    O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com
    O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com
    O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com
    O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com
    O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com
    O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com
    O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com
    O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com
    O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com
    O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com
    O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com
    O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com
    O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com
    O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com
    O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com
    O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com
    O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com
    O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com
    O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com
    O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com
    O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com
    O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com
    O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com
    O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com
    O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com
    O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com
    O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com
    O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com
    O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com
    O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com
    O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com
    O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com
    O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com
    O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com
    O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com
    O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com
    O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com
    O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com
    O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com
    O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com
    O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com
    O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com
    O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com
    O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com
    O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com
    O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com
    O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com
    O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com
    O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com
    O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com
    O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com
    O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com
    O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com
    O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com
    O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com
    O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com
    O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com
    O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com
    O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com
    O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com
    O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com
    O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com
    O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com
    O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com
    O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com
    O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com
    O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com
    O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com
    O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com
    O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com
    O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com
    O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com
    O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com
    O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com
    O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com
    O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com
    O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com
    O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com
    O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com
    O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com
    O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com
    O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com
    O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com
    O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com
    O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com
    O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com
    O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com
    O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com
    O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com
    O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com
    O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\windows\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [ShowDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user')
    O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: Block frame with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_frame
    O8 - Extra context menu item: Block image with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_image
    O8 - Extra context menu item: Block link with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_link
    O8 - Extra context menu item: Don't filter page with Ad Muncher -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_exclude
    O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Report page to the Ad Muncher developers -http://www.admuncher.com/request_will_be_intercepted_by/Ad_Muncher/browserextensions.pl?exbrowser=ie&exversion=0.4&pass=K5PN70AI&id=menu_ie_report
    O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll
    O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) -http://www.srtest.com/srl_bin/sysreqlab3.cab
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -http://messenger.zone.msn.com/TR-TR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O16 - DPF: {D0BB3ACE-4ED3-4D65-BB86-1A0C6CAF351F} -http://212.175.239.246:81/avaLaunch94.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
    O17 - HKLM\System\CCS\Services\Tcpip\..\{B1AADCC1-DD46-4DF8-ABAB-DC7534CBB564}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
    O17 - HKLM\System\CS1\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
    O17 - HKLM\System\CS3\Services\Tcpip\..\{377C334B-EB5E-42E6-9E02-F0E1A6B3F88B}: NameServer = 212.57.1.17,212.57.1.18,212.175.13.114
    O20 - AppInit_DLLs: C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd.dll,C:\PROGRA~1\Kaspersky Lab\Kaspersky Anti-Virus 2009\mzvkbd3.dll
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\windows\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE (file missing)
    O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - KALiNKOsoft - C:\Program Files\KALiNKOsoft\Pinnacle Game Profiler\pinnacle_updater.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
    O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
    O23 - Service: Yazdırma Biriktiricisi (Spooler) - Unknown owner - C:\windows\system32\spoolsv.exe (file missing)

    --
    End of file - 12860 bytes
  • @serji merhaba,

    söylediğin şekilde programı çalıştırdım ve çıkan sonuç aşağıda

    yardımcı olabilirsen sevinirim, kolay gelsin...

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:52:16, on 23.10.2008
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16735)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
    C:\WINDOWS\FixCamera.exe
    C:\WINDOWS\vsnp2std.exe
    C:\Program Files\Winamp\winampa.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
    C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe
    C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
    C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
    C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Network Associates\VirusScan\VsStat.exe
    C:\Program Files\Network Associates\VirusScan\Vshwin32.exe
    C:\Program Files\Network Associates\VirusScan\Webscanx.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe
    C:\WINDOWS\system32\WgaTray.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrator\Desktop\HiJackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
    O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\S-1-5-18\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - HKUS\.DEFAULT\..\RunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll" (User 'Default user')
    O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: Windows Live Writer içinde &Bunu Web Günlüğüne Al - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0FC8B38E-9293-424C-9D0E-CE60775679CF} (SubClassEditCtrlContainer Class) -https://sube.garanti.com.tr/lib/JaguarEditControl.CAB
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Magic%20Match%202/Images/stg_drm.ocx
    O16 - DPF: {34635AA6-B593-4F06-9EDD-5FF60FC13310} (Speaky Chat) -http://download.speakyweb.com/speakyldr.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://gfx1.hotmail.com/mail/w3/pr01/resources/MSNPUpld.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Magic%20Match%202/Images/armhelper.ocx
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) -http://m.boonty.com/webgames/_popcap/popcaploader_v10.cab
    O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{97923B87-DA5A-427C-91BD-45D7E82418A0}: NameServer = 4.2.2.1,4.2.2.2
    O23 - Service: AVSync Manager (AvSynMgr) - Unknown owner - C:\Program Files\Network Associates\VirusScan\Avsynmgr.exe
    O23 - Service: Boonty Games - BOONTY - C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: McShield - Unknown owner - C:\Program Files\Common Files\Network Associates\McShield\Mcshield.exe

    --
    End of file - 8675 bytes
  • quote:

    Orjinalden alıntı: vampoo
    s.a. dostum.. aşağıda göndermiş olduum log dosyası internetcafemdeki bi bilgisayara ait.. inceleme ve yorumlarını bekliyorum.. şimdiden teşekkü ederim..

    Sisteme cok ciddi virus bulasmis. Temizledikten sonra tekrar bulasmamasi icin bir kac onlem alacagiz. Bu arada mesaji duzenleyip O20'li satiri siler misin? Sayfayi uzatiyor da

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin.

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com.tr 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts: 127.1 localhost
    O1 - Hosts: 127.1 fffff8888fsgfbghj88.cn
    O1 - Hosts: 127.1 61.134.37.12
    O1 - Hosts: 127.1 ko.ssa387.cn
    O1 - Hosts: 127.1 www.ndxrr.cn
    O1 - Hosts: 127.1 12345.ssa387.cn
    O1 - Hosts: 127.1 lihai88.com
    O1 - Hosts: 127.1 wwwwhf.cn
    O1 - Hosts: 127.1 a89369093.sq.u9idc.com
    O1 - Hosts: 127.1 www.mmd178.cn
    O1 - Hosts: 127.1 www.178mmd.cn
    O1 - Hosts: 127.1 www.wenzhuoyyy.cn
    O1 - Hosts: 127.1 tw.lovechina.tw.cn
    O1 - Hosts: 127.1 222.189.238.151
    O1 - Hosts: 127.1 222.179.185.78
    O1 - Hosts: 127.1 www.wq9q.cn
    O1 - Hosts: 127.1 593ffcey.cn
    O1 - Hosts: 127.1 set.yay520.cn
    O1 - Hosts: 127.1 tenmoc999.cn
    O1 - Hosts: 127.1 lihai88.com
    O1 - Hosts: 127.1 121.kcuf-01.com
    O1 - Hosts: 127.1 www.ew1q.cn
    O1 - Hosts: 127.1 www.b3sk.cn
    O1 - Hosts: 127.1 up.bizmd.cn
    O1 - Hosts: 127.1 www.ms2a.cn
    O1 - Hosts: 127.1 www.wo9188.cn
    O1 - Hosts: 127.1 www.fgetchr.cn
    O1 - Hosts: 127.1 www.e6zx.cn
    O1 - Hosts: 127.1 hai067.com
    O1 - Hosts: 127.1 hai088.com
    O1 - Hosts: 127.1 778899.jd8j.cn
    O1 - Hosts: 127.1 sql.78-11.net
    O1 - Hosts: 127.1 www.bbbirdy.com
    O1 - Hosts: 127.1 www.s1na1.com.cn
    O1 - Hosts: 127.1 www.dianyinjzd.cn
    O1 - Hosts: 127.1 www.dj5201314dj.com
    O1 - Hosts: 127.1 max-2.cn
    O1 - Hosts: 127.1 a.asp-o.cn
    O1 - Hosts: 127.1 b.asp-o.cn
    O1 - Hosts: 127.1 c.asp-o.cn
    O1 - Hosts: 127.1 x.kprobb.cn
    O1 - Hosts: 127.1 js.php-k.cn
    O1 - Hosts: 127.1 max-1.cn
    O1 - Hosts: 127.1 max-3.cn
    O1 - Hosts: 127.1 max-4.cn
    O1 - Hosts: 127.1 max-5.cn
    O1 - Hosts: 127.1 max-6.cn
    O1 - Hosts: 127.1 max-7.cn
    O1 - Hosts: 127.1 max-8.cn
    O1 - Hosts: 127.1 max-9.cn
    O1 - Hosts: 127.1 max-10.cn
    O1 - Hosts: 127.1 max-11.cn
    O1 - Hosts: 127.1 max-12.cn
    O1 - Hosts: 127.1 twocannon250.com.cn
    O1 - Hosts: 127.1 www.133mm.cn
    O1 - Hosts: 127.1 www.51vmm.cn
    O1 - Hosts: 127.1 www.7mmoo.cn
    O1 - Hosts: 127.1 www.99mmm.org.cn
    O1 - Hosts: 127.1 www.hdec.cn
    O1 - Hosts: 127.1 www.picc18.com
    O1 - Hosts: 127.1 www.kissdh.com
    O1 - Hosts: 127.1 www.x7v.cn
    O1 - Hosts: 127.1 biqulu.cn
    O1 - Hosts: 127.1 2008.qq2006.com.cn
    O1 - Hosts: 127.1 giaitrisex.com
    O1 - Hosts: 127.1 www.giaitrisex.com
    O1 - Hosts: 127.1 www.giaitrituoitre.net
    O1 - Hosts: 127.1 mekiep.com
    O1 - Hosts: 127.1 www.1sex1day.com
    O1 - Hosts: 127.1 a.9ymm.com
    O1 - Hosts: 127.1 bobo.7wyt.com
    O1 - Hosts: 127.1 www.591caobi.cn
    O1 - Hosts: 127.1 www.hrz008.cn
    O1 - Hosts: 127.1 asp-15.cn
    O1 - Hosts: 127.1 asp-12.cn
    O1 - Hosts: 127.1 www.jb88.net
    O1 - Hosts: 127.1 6.a88a.com
    O1 - Hosts: 127.1 w.b2c3.cn
    O1 - Hosts: 127.1 m.c5x8.com
    O1 - Hosts: 127.1 www.518sfw.cn
    O1 - Hosts: 127.1 www.jjyyzmj.cn
    O1 - Hosts: 127.1 u.cnmrx.net
    O1 - Hosts: 127.1 duowan.czm.cn
    O1 - Hosts: 127.1 xccxcxcxcxcx.cn
    O1 - Hosts: 127.1 google-yahoo.org.cn
    O1 - Hosts: 127.1 tudou-net.org.cn
    O1 - Hosts: 127.1 downloads.zango.com
    O1 - Hosts: 127.1 ftp.surfnet.nl
    O1 - Hosts: 127.1 bis.180solutions.com
    O1 - Hosts: 127.1 installs.hotbar.com
    O1 - Hosts: 127.1 www.hbdownloads.com
    O1 - Hosts: 127.1 static.zangocash.com
    O1 - Hosts: 127.1 www.qq-songli.cn
    O1 - Hosts: 127.1 aa.9234.net
    O1 - Hosts: 127.1 www.97love.info
    O1 - Hosts: 127.1 97love.info
    O1 - Hosts: 127.1 www.zyzhuiku.cn
    O1 - Hosts: 127.1 zyzhuiku.cn
    O1 - Hosts: 127.1 www.lang18.com
    O1 - Hosts: 127.1 lang18.com
    O1 - Hosts: 127.1 sao6666.com
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - C:\WINDOWS\Downloaded Program Files\ThunderAdvise.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [BigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [3PMmUpdate] rundll32 "C:\WINDOWS\Update.dll",Main
    O4 - HKLM\..\Run: [HBService32] System.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O20 - AppInit_DLLs: HBmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
    O21 - SSODL: Upnp - {DE01DA19-A6A8-EB80-4D47-248DEB2A9399} - C:\WINDOWS\system32\upnpsrv.dll


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.
  • quote:

    Orjinalden alıntı: Tekos

    @Serji, yardımlarınız için tşk ederim.Bunların hepsini teker teker araştırıp öğrenebilecek vaktim yokdu ama sizin bu konudaki deneyimleriniz bana çok yardımcı oldu.Dediğiniz işlemleri yaptım tekrardan log dosyalarını gonderin demişsiniz gonderiyorum.

    Sorunlar cozulmuse benziyor. Simdi virusleri devre disi biraktik. Sira temizlemeye geldi.

    Combofix adli programi indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
  • quote:

    Orjinalden alıntı: onurg82

    merhaba hocam kolay gelsin.benim log file budur :

    * HijackThis adlı programı açın.
    * Do a system scan only seçeneğine tıklayın.
    * Aşağıdaki satırları işaretleyin.

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.13.1.24:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local;10.13*;<local>
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: Winamp Toolbar BHO - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll
    2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
    O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Winamp Toolbar Search - C:\Documents and Settings\All Users\Application Data\Winamp Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = bcnet.com
    O17 - HKLM\Software\..\Telephony: DomainName = bcnet.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = bcnet.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = bcnet.com
    O20 - AppInit_DLLs: C:\WINDOWS\system32\tmp_1x8.dll


    * CTRL+ALT+DEL basıp işlemler sekmesine gelin. Kullanıcı Adınızın karşısındaki HijackThis.exe ve explorer.exe hariç tüm işlemleri sonlandırın. HijackThis hariç tüm programları, pencereleri kapatın ve Fix Checked butonuna tıklayın. Ardından bilgisayarınızı hemen yeniden başlatın.

    NOT: Fixten sonra bir HJT logu daha gonderir misin. Sistemde virus var emin olmak istiyorum temizlendiginden.
  • quote:

    Orjinalden alıntı: ibokozan

    serji abi benim liste 92. sayafada kaldı lütfen yardımcı ol :) benden sonra gelenlere yardım etmişsin. sanırım gözünden kaçtım abi ya lütfen......

    sayfanin en basina bak. Bu sayfaya goreceksin. Gozumden kacmadi cevapladim


    quote:

    Orjinalden alıntı: cordor

    Merhaba, öncelikle tekrar bizlere yardımcı olmaya çalıştığın için teşekkür ederim. Yaklaşık on dakika önce Avast "amvo.exe" diye bir truva atı buldu. Daha sonra mevcut dosyayı, dikkatlice dos ortamında kaldırdım, gerekli regedit temizliğini de yaptım. Ancak format atmamın 2.gününde böyle bir şey yaşadığım için ve PC güvenliğimin önemli olması nedeniyle sizden bir Hijack loglarımı kontrol etmenizi rica edeceğim. Tekrar teşekkür ederim.

    Ve bu mesajı yazarken, tekrardan bir uyarı aldım AMVO1.DLL olarak :)


    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    Amvo virusunden dolayidir. Daha sonra asagidaki islemleri yapip virusu temizleyelim. Temizledikten sonra koruma islemlerini de yapariz.


    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.
  • quote:

    Orjinalden alıntı: linkin_park20

    serji kolay gelsin sayende bilgisayar nefes aldı. acaba önerdigin antivirüs programı var mı?

    Tesekkurler Linkinpark. Ben bitdefender kullaniyorum ve tavsiye ederim. Total Security 2009 versiyonunu kurarsan herhangi bir ekstra guvenlik duvari vs kurmana gerek kalmaz. Koruma icin gerekli tum bilesenleri iceriyor. Onun disinda Avira da kullanabilirsin.


    quote:

    Orjinalden alıntı: Engin.K

    Bilgisayar son 1 haftadır acayip yavaşladı dosyada youtube ile ilgili şeyler göreceksiniz onlar uzun zamandır var daha önce böyle yavas degildi o youtube için dns çözücü ama eger zararlı diyorsanız kaldırayım

    Buyuk bir sorun gozukmuyor fakat internet yavasligi proxy'den dolayi olabilir. Sorun fixtensonra da cozulmezse diger adimlari uygulayin.

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.217.73.52:8080 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll


    Malwarebytes Antimalware adlı programı indirin.

    http://www.guvenlikuzmanim.com/dosyalar/mbam-setup.exe

    * Programı kurmak için mbam-setup.exe üzerine çift tıklayın ve programı kurun.
    * Malwarebytes Antimalware Güncelle ve Malwarebytes Programını Çalıştır seçeneklerini işaretleyip Finish tıklayın.
    * Eğer bir güncelleştirme bulunursa, program otomatik olarak indirip güncelleştirecektir.
    * Program yüklendiğinde Tam Tarama seçip Taramaya Başla butonuna tıklayın.
    * Tarama işlemi biraz zaman alabilir, o yüzden lütfen biraz sabırlı olun.
    * Tarama işlemi bittiğinde, Tamam tıklayın ve Sonuçları Göster tıklayın.
    * Herşeyin işaretli olduğundan emin olun ve Seçilileri Temizle tıklayın.
    * Temizleme işlemi bittiğinde bir notdefteri penceresi açılacaktır. (Bilgisayarınızı yeniden başlatmanız gerekebilir.)
    * Notdefteri dosyasını kaydedip mesajınıza ekleyerek bize gönderin.
  • quote:

    Orjinalden alıntı: avcihuan

    @serji merhaba,

    söylediğin şekilde programı çalıştırdım ve çıkan sonuç aşağıda

    yardımcı olabilirsen sevinirim, kolay gelsin...



     
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe
    O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe
    O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe


    Kolay eglsin.
  • Tekrar merhaba, dediğiniz işlemleri sırasına uyarak uyguladım. İstediğiniz log aşağıda ;

    ComboFix 08-10-23.03 - Q 2008-10-24  3:17:52.6 - NTFSx86 
    Microsoft Windows XP Professional 5.1.2600.2.1254.1.1055.18.1641 [GMT 3:00]
    Running from: C:\Documents and Settings\Q\Desktop\ComboFix.exe
    * Created a new restore point

    [COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
    .

    ((((((((((((((((((((((((( Files Created from 2008-09-24 to 2008-10-24 )))))))))))))))))))))))))))))))
    .

    2008-10-24 02:54 . 2008-06-14 20:59 272,000 --------- C:\WINDOWS\system32\drivers\bthport.sys
    2008-10-24 02:54 . 2008-06-14 20:59 272,000 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
    2008-10-24 02:52 . 2008-08-14 16:44 2,182,272 -----c--- C:\WINDOWS\system32\dllcache\ntoskrnl.exe
    2008-10-24 02:52 . 2008-08-14 16:44 2,138,112 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlmp.exe
    2008-10-24 02:52 . 2008-08-14 16:44 2,059,648 -----c--- C:\WINDOWS\system32\dllcache\ntkrnlpa.exe
    2008-10-24 02:52 . 2008-08-14 16:44 2,017,792 -----c--- C:\WINDOWS\system32\dllcache\ntkrpamp.exe
    2008-10-24 02:37 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
    2008-10-24 02:37 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
    2008-10-24 02:24 . 2008-10-24 02:24 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Xfire
    2008-10-23 14:45 . 2008-10-23 14:55 <DIR> d-------- C:\Program Files\Dracula Virüs Temizleyici
    2008-10-23 14:33 . 2008-01-14 20:34 241 --a------ C:\WINDOWS\system32\gizliaktifolsun.bat
    2008-10-23 14:33 . 2008-01-14 20:34 241 --a------ C:\gizliaktifolsun.bat
    2008-10-23 02:02 . 2008-10-23 02:02 103,570 -r-hs---- C:\je26200.com
    2008-10-22 22:59 . 2008-10-22 22:59 <DIR> d-------- C:\Documents and Settings\Q\Application Data\GRETECH
    2008-10-22 22:59 . 2008-10-22 22:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\GRETECH
    2008-10-22 22:58 . 2008-10-22 22:58 <DIR> d-------- C:\Program Files\GRETECH
    2008-10-22 02:55 . 2005-11-30 21:20 2,314,332 --------- C:\WINDOWS\system32\LIBMMD.DLL
    2008-10-22 02:55 . 2000-05-21 22:00 1,066,176 --------- C:\WINDOWS\system32\mscomctl.ocx
    2008-10-22 02:55 . 1998-06-23 22:00 609,584 --------- C:\WINDOWS\system32\comctl32.ocx
    2008-10-22 02:55 . 2001-03-13 11:49 120,320 --------- C:\WINDOWS\system32\comdlg32.ocx
    2008-10-22 02:55 . 2000-05-22 15:58 115,920 --------- C:\WINDOWS\system32\msinet.ocx
    2008-10-22 01:28 . 2008-10-22 12:39 <DIR> d-------- C:\Documents and Settings\Q\Application Data\Lavasoft
    2008-10-22 01:25 . 2008-10-22 01:25 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
    2008-10-22 01:25 . 2008-10-22 01:25 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-10-21 16:41 . 2008-10-23 14:06 53,248 --------- C:\WINDOWS\system32\apache.dll
    2008-10-21 01:57 . 2008-10-22 01:41 <DIR> d-------- C:\Documents and Settings\Q\Contacts
    2008-10-21 01:57 . 2008-10-21 01:57 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Xfire
    2008-10-21 01:36 . 2008-10-21 01:36 <DIR> d---s---- C:\Documents and Settings\Q\UserData

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-10-23 23:50 22,328 ----a-w C:\WINDOWS\system32\drivers\PnkBstrK.sys
    2008-10-23 23:49 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe
    2008-10-23 23:24 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe
    2008-10-23 23:23 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-10-23 23:18 --------- d-----w C:\Documents and Settings\Q\Application Data\Hamachi
    2008-10-23 22:29 --------- d-----w C:\Program Files\FlashGet
    2008-10-23 14:01 --------- d-----w C:\Documents and Settings\Q\Application Data\Xfire
    2008-10-23 10:18 --------- d-----w C:\Program Files\Xfire
    2008-10-22 09:40 --------- d-----w C:\Program Files\Windows Live
    2008-10-22 09:39 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
    2008-10-21 00:17 --------- d-----w C:\Program Files\Hamachi
    2008-10-21 00:16 17,480 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
    2008-10-20 23:43 22,328 ----a-w C:\Documents and Settings\Q\Application Data\PnkBstrK.sys
    2008-10-20 23:37 --------- d-----w C:\Program Files\Activision
    2008-10-20 23:31 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
    2008-10-20 23:31 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
    2008-10-20 22:46 --------- d-----w C:\Program Files\Realtek
    2008-10-20 22:34 --------- d-----w C:\Program Files\Creative
    2008-10-20 22:29 --------- d-----w C:\Program Files\Common Files\InstallShield
    2008-10-20 22:18 --------- d-----w C:\Program Files\Teamspeak2_RC2
    2008-10-20 22:17 --------- d-----w C:\Program Files\RivaTuner v2.06
    2008-10-20 22:14 --------- d-----w C:\Program Files\DAEMON Tools Lite
    2008-10-20 22:11 717,296 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-10-20 22:11 --------- d-----w C:\Program Files\Winamp
    2008-10-20 22:11 --------- d-----w C:\Documents and Settings\Q\Application Data\DAEMON Tools
    2008-10-20 22:10 --------- d-----w C:\Program Files\MSXML 6.0
    2008-10-20 22:10 --------- d-----w C:\Program Files\Microsoft IntelliPoint
    2008-10-20 22:09 --------- d-----w C:\Program Files\NVIDIA Corporation
    2008-10-20 22:09 --------- d-----w C:\Documents and Settings\Q\Application Data\Ahead
    2008-10-20 22:08 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-10-20 22:08 --------- d-----w C:\Program Files\Common Files\Ahead
    2008-10-20 22:08 --------- d-----w C:\Program Files\Ahead
    2008-10-20 22:06 --------- d-----w C:\Documents and Settings\All Users\Application Data\Office Genuine Advantage
    2008-10-20 21:48 --------- d-----w C:\Program Files\AGEIA Technologies
    2008-10-20 21:46 --------- d-----w C:\Program Files\Intel
    2008-10-20 21:44 315,392 ----a-w C:\WINDOWS\HideWin.exe
    2008-10-20 21:40 --------- d-----w C:\Documents and Settings\Q\Application Data\InstallShield
    2008-10-20 21:39 --------- d-----w C:\Program Files\Gigabyte
    2008-10-20 21:37 --------- d-----w C:\Program Files\Alwil Software
    2008-10-20 21:30 --------- d-----w C:\Program Files\microsoft frontpage
    2008-10-09 00:47 42,320 ------w C:\WINDOWS\system32\xfcodec.dll
    2008-09-15 15:39 1,846,016 ------w C:\WINDOWS\system32\win32k.sys
    2008-08-28 10:04 333,056 ----a-w C:\WINDOWS\system32\drivers\srv.sys
    2008-08-20 05:37 658,944 ----a-w C:\WINDOWS\system32\wininet.dll
    2008-08-14 13:44 2,138,112 ------w C:\WINDOWS\system32\ntoskrnl.exe
    2008-08-14 13:44 2,017,792 ------w C:\WINDOWS\system32\ntkrnlpa.exe
    2008-08-06 04:51 453,152 ------w C:\WINDOWS\system32\NVUNINST.EXE
    2008-08-01 08:05 70,936 ------w C:\WINDOWS\system32\PhysXLoader.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-07-19 78008]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2008-08-15 13570048]
    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2008-08-15 86016]
    "IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
    "RivaTunerStartupDaemon"="C:\Program Files\RivaTuner v2.06\RivaTuner.exe" [2007-10-30 2650112]
    "nwiz"="nwiz.exe" [2008-08-15 C:\WINDOWS\system32\nwiz.exe]
    "RTHDCPL"="RTHDCPL.EXE" [2007-03-21 C:\WINDOWS\RTHDCPL.exe]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-03 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
    "NoDesktopCleanupWizard"= 1 (0x1)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "VIDC.XFR1"= xfcodec.dll
    "msacm.divxa32"= msaud32_divx.acm

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2008-08-08 15:11 490952 C:\Program Files\DAEMON Tools Lite\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Flashget]
    --a------ 2007-09-25 11:10 2007088 C:\Program Files\FlashGet\flashget.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
    --------- 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune]
    --a------ 2007-07-03 12:32 81920 C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
    --a------ 2007-02-13 21:29 35328 C:\Program Files\Winamp\winampa.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "wuauserv"=2 (0x2)
    "wscsvc"=2 (0x2)

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\FlashGet\\flashget.exe"=
    "C:\\Program Files\\Xfire\\xfire.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "D:\\TQ\\2\\Tqit.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=

    R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-07-19 78416]
    R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
    R2 LMS;Intel(R) Active Management Technology LMS Service;C:\Program Files\Intel\AMT\LMS.exe [2006-06-28 98304]
    R3 ZY202_XP;ZyXEL 802.11g XG202 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2006-11-27 437760]
    S3 V0330VID;WebCam Vista;C:\WINDOWS\system32\DRIVERS\V0330Vid.sys [2006-09-12 173632]
    S3 ZDCNDIS5;ZDCNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS [ ]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{7a925689-9efa-11dd-b1dc-0019cb852095}]
    \Shell\AutoRun\command - I:\je26200.com
    \Shell\explore\Command - I:\je26200.com
    \Shell\open\Command - I:\je26200.com

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bb1f691e-a0f5-11dd-b1e2-0019cb852095}]
    \Shell\AutoRun\command - F:\cqdis.cmd
    \Shell\explore\Command - F:\cqdis.cmd
    \Shell\open\Command - F:\cqdis.cmd
    .
    .
    ------- Supplementary Scan -------
    .
    FireFox -: Profile - C:\Documents and Settings\Q\Application Data\Mozilla\Firefox\Profiles\iynd2gr9.default\
    FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.com.tr/
    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,http://www.gmer.net
    Rootkit scan 2008-10-24 03:18:49
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    Completion time: 2008-10-24 3:19:09
    ComboFix-quarantined-files.txt 2008-10-24 00:19:07
    ComboFix2.txt 2008-10-24 00:13:30
    ComboFix3.txt 2008-10-23 11:37:06
    ComboFix4.txt 2008-10-21 22:22:09
    ComboFix5.txt 2008-10-24 00:17:35

    Pre-Run: 88.220.487.680 bayt boş
    Post-Run: 88,208,941,056 bayt boş

    177 --- E O F --- 2008-10-24 00:05:56




    İlginiz ve alakanız için çok teşekkür ederim.
  • quote:

    Orjinalden alıntı: serji

    Sisteme cok ciddi virus bulasmis. Temizledikten sonra tekrar bulasmamasi icin bir kac onlem alacagiz. Bu arada mesaji duzenleyip O20'li satiri siler misin? Sayfayi uzatiyor da





    dostum aynen dediğin gibi yaptım.. fakat o işlemi yaparken bi tane müşteri vardı ve işlemi yaptığım pc de ağa bağlıydı.. ilk gönderdiğim log daki hosts diye başlayan satırlar gitti yerine başkaları geldi.. bende anamakina dahil bütün pc leri ağdan çıkarttım sadece işlem yaptıım makina ağda olduu halde işlemi uyguladım.. daha sonra herşeyi normala çevirip anamakida nete bağlandım.. ve aldığım log aşağıdaki gibi... pek anlamıyorum ama ilk gönderdiğime bakarsak sanırım işe yaradı şimdiden çok çok teşekkür ederim sana... şimdi yatıcam ve emin ol senin için de dua edicm..

    bu arada sana özel msj atmıştım... vaktin olurda okursan çok sevinirim... sağlıcakla kal...


    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 03:56:00, on 24.10.2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\HyperTechnologies\Deep Freeze\_$Df\FrzState.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Vtune\TBPanel.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\system32\filtre.exe
    C:\Program Files\DAEMON Tools Lite\daemon.exe
    C:\WINDOWS\system32\csrsm.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =www.google.com.tr
    O4 - HKLM\..\Run: [Gainward] C:\Program Files\Vtune\TBPanel.exe /A
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Filtre] C:\WINDOWS\system32\filtre.exe
    O4 - HKLM\..\Run: [CafePlus Client] C:\Program Files\AKINSOFT\Cplus7\Client7\CplusC.exe
    O4 - HKLM\..\Run: [HBService32] SYSTEM.EXE
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe"
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O17 - HKLM\System\CS1\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O17 - HKLM\System\CS2\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O17 - HKLM\System\CS3\Services\Tcpip\..\{3B8634EF-CFAD-4DC3-B30C-56B33F10B8D0}: NameServer = 208.67.222.222,42.2.2.2
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: Bmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll,
    HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,
    HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
    HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,
    HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
    O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll
    O23 - Service: CafePlusServiceMain - Unknown owner - C:\Program Files\AKINSOFT\Cplus7\Client7\cplusinject.exe
    O23 - Service: DFServEx - Hyper Technologies Inc. - C:\Program Files\HyperTechnologies\Deep Freeze\DfServEx.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    --
    End of file - 3535 bytes



    < Bu mesaj bu kişi tarafından değiştirildi vampoo -- 24 Ekim 2008; 3:59:45 >
  • quote:

    Orjinalden alıntı: cordor

    Tekrar merhaba, dediğiniz işlemleri sırasına uyarak uyguladım. İstediğiniz log aşağıda ;
    İlginiz ve alakanız için çok teşekkür ederim.

    Rica ederim.

    Perlovga Removal Tool adlı programı masaüstünüze indirin.

    http://www.guvenlikuzmanim.com/dosyalar/perlovga.exe

    Programı çalıştırıp Start tıklayın. Daha sonra bilgisayarınızı zaman kaybetmeden yeniden başlatın.

    * Bilgisayarınızı taramak için Bitdefender Çevrimiçi Tarama açın.

    http://www.bitdefender.com/scan8/ie.html

    * I agree ve sonra da Scan tıklayın. (Ayarları değiştirmeyin)
    * Tarama bittikten sonra Detected Problems sekmesini tıklayın ve Click here to export the scan report.
    * Raporu HTML olarak kaydettikten sonra mesajınıza ekleyerek bize gönderin.
  • quote:

    Orjinalden alıntı: vampoo
    dostum aynen dediğin gibi yaptım.. fakat o işlemi yaparken bi tane müşteri vardı ve işlemi yaptığım pc de ağa bağlıydı.. ilk gönderdiğim log daki hosts diye başlayan satırlar gitti yerine başkaları geldi.. bende anamakina dahil bütün pc leri ağdan çıkarttım sadece işlem yaptıım makina ağda olduu halde işlemi uyguladım.. daha sonra herşeyi normala çevirip anamakida nete bağlandım.. ve aldığım log aşağıdaki gibi... pek anlamıyorum ama ilk gönderdiğime bakarsak sanırım işe yaradı şimdiden çok çok teşekkür ederim sana... şimdi yatıcam ve emin ol senin için de dua edicm..

    bu arada sana özel msj atmıştım... vaktin olurda okursan çok sevinirim... sağlıcakla kal...

    Bunlari Tekrar fixleyip yeniden baslat.

    O20 - AppInit_DLLs: Bmhly.dll,HB1000Y.dll,HBWOOOL.dll,HBXY2.dll,HBJXSJ.dll,HBSO2.dll,HBFS2.dll,HBXY3.dll,HBSHQ.dll,HBFY.dll,HBWULIN2.dll,HBW2I.dll,HBKDXY.dll, 
    HBWORLD2.dll,HBASKTAO.dll,HBZHUXIAN.dll,HBWOW.dll,HBZERO.dll,HBBO.dll,HBCONQUER.dll,HBSOUL.dll,HBCHIBI.dll,HBDNF.dll,HBWARLORDS.dll,
    HBTL.dll,HBPICKCHINA.dll,HBCT.dll,HBGC.dll,HBHM.dll,HBHX2.dll,HBQQHX.dll,HBTW2.dll,HBQQSG.dll,HBQQFFO.dll,HBZT.dll,HBMIR2.dll,HBRXJH.dll,
    HBYY.dll,HBMXD.dll,HBSQ.dll,HBTJ.dll,HBFHZL.dll,HBWLQX.dll,HBLYFX.dll,HBR2.dll,HBCHD.dll,HBTZ.dll,HBQQXX.dll,HBWD.dll,HBZG.dll,HBPPBL.dll,
    HBXMJ.dll,HBJTLQ.dll,HBQJSJ.dll
    O20 - Winlogon Notify: DfLogon - C:\WINDOWS\SYSTEM32\LogonDll.dll
    O21 - SSODL: ThunderAdvise - {97421D0D-E07F-40DF-8F07-99597B9585AD} - (no file)
    O21 - SSODL: msnmsg - {DA191DE0-AA86-4ED0-4B87-293D48B2AE99} - C:\Program Files\Messenger\msgmr.dll

    Daha sonra:

    Combofix adli programi indirin.

    http://www.guvenlikuzmanim.com/dosyalar/ComboFix.exe

    1. Tüm açık pencerelerinizi ve programlarınızı kapatın.
    2. Antivirüs ve Antispyware programlarınızı geçici olarak kapatın veya devre dışı bırakın.
    3. ComboFix.exe üzerine çift tıklayın ve programı açın. Programı açtıktan sonra kesinlikle hiç bir işlem yapmayın. 1-2 dakikalık bir mola verin.
    4. ComboFix çalışmaya başladıktan sonra sizden 1 ya da 2 tuşuna basmanız istenecektir. Devam etmek için 1 tuşuna basın.
    5. ComboFix olası bir aksilik durumunda sistemizi geri yükleyebilmek amacıyla Kayıt Defterinizin bir yedeğini alacak ve bir sistem geri yükleme noktası oluşturacaktır.
    6. Bu işlemler sırasında internet bağlantınız kesilecektir. Bu normaldir. Ayrıca sistem saatiniz de değişecektir. Fakat tüm bunlar geçicidir. İşlemler bittikten sonra hepsi orjinal haline geri döndürülecektir.
    7. Biraz sabırlı olmanız gerekebilir çünkü tam 41 aşama söz konusudur.
    8. Son olarak ComboFix işlemlerin sonucunu içeren bir rapor hazırlayacaktır. Bu sırada masaüstünüz kaybolabilir. Fakat kısa sürede geri yüklenecektir. İşlemler bittikten sonra ComboFix kapanacak ve size bir rapor açılacaktır. Bu raporu C:\ComboFix.txt bulabilirsiniz.
    9. C:\ComboFix.txt dosyasını mesajınıza ekleyerek bize gönderin.

    NOT: Bu aradaozel mesaji da cevapladim.
  • 
Sayfa: önceki 275276277278279
Sayfaya Git
Git
sonraki
- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.