AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\ESET\ESET Smart Security\ekrn.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\VistaDrive\VistaDrive.exe E:\Program Files\USB ADSL\CnxDslTb.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\RTHDCPL.EXE E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre6\bin\jusched.exe E:\WINDOWS\system32\RunDLL32.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\ESET\ESET Smart Security\egui.exe E:\WINDOWS\system32\wscntfy.exe E:\WINDOWS\System32\alg.exe E:\WINDOWS\system32\wbem\wmiapsrv.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Java\jre6\bin\java.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe E:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [VistaDrive] E:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [CnxDslTaskBar] E:\Program Files\USB ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [GEST] m|\ü O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Evidence Eliminator] E:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Formları Doldur - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Formları Kaydet - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Menüyü Özelleştir - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: RoboForm Toolbar - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formları Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{BF97F8C8-E92C-4E5D-880B-678F21E8DC6E}: NameServer = 195.175.39.40 195.175.39.39 O20 - Winlogon Notify: Antiwpa - E:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe ---------------------****************-------------------- Kırmızı ile işaretlediklerimi Fix checked butonu ile fixleyin. Mavi ile işaretlediklerimi inceleyin. Ona göre karar verin... Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 şimdiden teşekkürler Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:54:10, on 25.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\ksk\AppData\Local\Chromium\Application\chrome.exe C:\Users\ksk\AppData\Local\Chromium\Application\chrome.exe C:\Users\ksk\AppData\Local\Chromium\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\MajorShare\msrsd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSRSD] C:\Program Files\MajorShare\msrsd.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O13 - Gopher Prefix: O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{D88D9578-B5C3-417D-B1FC-BA7C4A403247}: NameServer = 208.67.222.222,208.67.220.220 O20 - AppInit_DLLs: ?©?? O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe O23 - Service: AntiVirus Güvenliği (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- End of file - 7067 bytes *******************************-***************************** Kırmızı ile işaretlediklerimi Fix'leyin. Mavi ile işaretlediklerimi inceleiyn ona göre karar verin... Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 03:59:18, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\Program Files\USB Safely Remove\USBSRService.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\VistaDrive\VistaDrive.exe C:\windows\SOUNDMAN.EXE C:\Program Files\Naevius USB Antivirus\usbantivirus.exe D:\System\500Tek_Men_deM.H.Orhan\M.H.Orhan Menü\M.H.Orhan.exe C:\Program Files\FlashGet\flashget.exe C:\windows\system32\ctfmon.exe C:\Program Files\USB Safely Remove\USBSafelyRemove.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe C:\Program Files\Shield\shdserv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Shield\shieldclnt.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 94.75.239.201 www.sharebus.com O1 - Hosts: 94.75.239.201 sharebus.com O1 - Hosts: 74.50.28.205 divx-world.com O1 - Hosts: 74.50.28.205 www.divx-world.com O1 - Hosts: 94.102.51.10 12chan.org O1 - Hosts: 94.102.51.10 www.12chan.org O1 - Hosts: 94.102.51.10 img.12chan.org O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 75.126.2.88 www.forumtr.com O1 - Hosts: 195.110.8.7 images.freeviewmovies.com O1 - Hosts: 195.110.8.6 content.freeviewmovies.com O1 - Hosts: 89.238.128.18 content1.freeviewmovies.com O1 - Hosts: 195.110.8.8 content2.freeviewmovies.com O1 - Hosts: 66.218.77.68 geocities.com O1 - Hosts: 66.218.77.68 www.geocities.com O1 - Hosts: 77.247.179.157 imagefap.com O1 - Hosts: 77.247.179.165 www.imagefap.com O1 - Hosts: 77.247.179.169 images.imagefap.com O1 - Hosts: 77.247.179.169 cache.imagefap.com O1 - Hosts: 87.242.73.60 imgsrc.ru O1 - Hosts: 87.242.72.143 s0.imgsrc.ru O1 - Hosts: 87.242.72.143 s1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0.imgsrc.ru O1 - Hosts: 87.242.72.143 b1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0p.imgsrc.ru O1 - Hosts: 87.242.72.143 b1p.imgsrc.ru O1 - Hosts: 85.17.90.3 wwwstatic.megaupload.com O1 - Hosts: 69.5.88.70 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 67.228.223.62 mp3hanesi.com O1 - Hosts: 67.228.223.62 mp3hanesi.net O1 - Hosts: 67.228.223.62 mp3hanesi.org O1 - Hosts: 67.228.223.62 www.mp3hanesi.com O1 - Hosts: 67.228.223.62 www.mp3hanesi.net O1 - Hosts: 67.228.223.62 www.mp3hanesi.org O1 - Hosts: 216.155.128.58 redtube.com O1 - Hosts: 66.55.141.21 www.redtube.com O1 - Hosts: 216.155.128.24 thumbs.redtube.com O1 - Hosts: 66.55.141.51 ads.redtube.com O1 - Hosts: 216.155.128.22 dl.redtube.com O1 - Hosts: 66.55.141.251 dlembed.redtube.com O1 - Hosts: 66.55.141.20 embed.redtube.com O1 - Hosts: 74.208.27.228 redtube.com.br O1 - Hosts: 74.208.27.228 www.redtube.com.br O1 - Hosts: 195.149.139.33 casinoeuro.net O1 - Hosts: 195.149.139.33 www.casinoeuro.net O1 - Hosts: 172.16.249.19 starhacks.org O1 - Hosts: 172.16.249.19 www.starhacks.org O1 - Hosts: 209.200.162.65 superbahis199.com O1 - Hosts: 209.200.162.65 www.superbahis199.com O1 - Hosts: 83.140.65.11 thepiratebay.org O1 - Hosts: 83.140.176.160 www.thepiratebay.org O1 - Hosts: 91.191.138.3 tracker.thepiratebay.org O1 - Hosts: 83.140.65.31 torrents.thepiratebay.org O1 - Hosts: 83.140.65.41 static.thepiratebay.org O1 - Hosts: 91.191.138.2 vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.9 wip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 open.tracker.thepiratebay.org O1 - Hosts: 91.191.138.7 upen.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 vtv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 a.tracker.thepiratebay.org O1 - Hosts: 213.73.89.193 stalker.h3q.com O1 - Hosts: 91.191.138.2 denis.stalker.h3q.com O1 - Hosts: 91.191.138.7 vtv.tv.tracker.prq.to O1 - Hosts: 91.191.138.8 tracker.prq.to O1 - Hosts: 91.191.138.9 tv.tracker.prq.to O1 - Hosts: 91.191.138.2 eztv.tv.tracker.prq.to O1 - Hosts: 208.73.210.32 torrentturk.com O1 - Hosts: 64.111.206.186 xnxx.com O1 - Hosts: 64.111.206.194 www.xnxx.com O1 - Hosts: 76.9.6.234 video.xnxx.com O1 - Hosts: 66.230.171.106 gfx.xnxx.com O1 - Hosts: 66.230.171.162 stories.xnxx.com O1 - Hosts: 94.75.218.37 xv122.xvideos.com O1 - Hosts: 94.75.218.38 xv123.xvideos.com O1 - Hosts: 94.75.218.39 xv124.xvideos.com O1 - Hosts: 76.9.6.230 xvideos.com O1 - Hosts: 76.9.6.238 www.xvideos.com O1 - Hosts: 94.75.218.53 img.xvideos.com O1 - Hosts: 94.75.218.1 xv100.xvideos.com O1 - Hosts: 94.75.218.2 xv101.xvideos.com O1 - Hosts: 94.75.218.3 xv102.xvideos.com O1 - Hosts: 94.75.218.4 xv103.xvideos.com O1 - Hosts: 94.75.218.5 xv104.xvideos.com O1 - Hosts: 94.75.218.6 xv105.xvideos.com O1 - Hosts: 94.75.218.7 xv106.xvideos.com O1 - Hosts: 94.75.218.8 xv107.xvideos.com O1 - Hosts: 94.75.218.9 xv108.xvideos.com O1 - Hosts: 94.75.218.10 xv109.xvideos.com O1 - Hosts: 94.75.218.11 xv110.xvideos.com O1 - Hosts: 94.75.218.12 xv111.xvideos.com O1 - Hosts: 94.75.218.13 xv112.xvideos.com O1 - Hosts: 94.75.218.14 xv113.xvideos.com O1 - Hosts: 94.75.218.15 xv114.xvideos.com O1 - Hosts: 94.75.218.16 xv115.xvideos.com O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nusbantivirus] "C:\Program Files\Naevius USB Antivirus\usbantivirus.exe" -hide O4 - HKLM\..\Run: [shield] C:\Program Files\Shield\shieldtray.exe O4 - HKLM\..\Run: [M.H.Orhan Menü] D:\System\500Tek_Men_deM.H.Orhan\M.H.Orhan Menü\M.H.Orhan.exe O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [CrystalDiskInfo] "G:\Downloads\CrystalDiskInfo30B1\DiskInfo.exe" /Startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [set Visual Effects] SetVisualEffects.exe /silent (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{F22BD58E-2761-4987-B572-3B80CB721232}: NameServer = 4.2.2.1,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Rx2Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe O23 - Service: Rx2Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SHDSERV - Unknown owner - C:\Program Files\Shield\shdserv.exe O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files\Shield\shieldclnt.exe O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe -- End of file - 14770 bytes Bendeki log dosyası -*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*- Kırmızı ile renklendirdiklerimi fixleyin. Mavili olanları ise inceleyin ona göre karar verin... Link to comment Share on other sites More sharing options...
catlak_mami Posted August 26, 2009 Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 16:03:27, on 26.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [regKey] C:\WINDOWS\system32\regkey.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{1DCB5623-86EA-47A1-9B6C-972771F3928E}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6488 bytes Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Running processes:C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Shenturk\Ey DSL! 3\EyDSL.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = /sphome.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java? Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ey DSL! 3.lnk = C:\Program Files\Shenturk\Ey DSL! 3\EyDSL.exe O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - Please register to see this content. O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe Kırmızı ile işaretlediklerimi fixleyin. Mavi ile renklendirdilkerimi inceleyin. Ona göre bir karara varın... Link to comment Share on other sites More sharing options...
catlak_mami Posted August 26, 2009 Share Posted August 26, 2009 Üstteki benim dosyam değil dimi. Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:03:27, on 26.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [regKey] C:\WINDOWS\system32\regkey.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{1DCB5623-86EA-47A1-9B6C-972771F3928E}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6488 bytes @catlakmami kırmızı ile işaretlediklerimi fixleyin. Mavi ile işaretlediklerimi inceleyin. Onlarında bir işe yaramadığını düşünüyorsanız fixleyin... Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 16:03:27, on 26.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\ATKKBService.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\ASUS\GamerOSD\GamerOSD.exe C:\WINDOWS\vsnpstd3.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Winamp\winamp.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\MSN Messenger\usnsvc.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sdra64.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [skyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [ASUSGamerOSD] C:\Program Files\ASUS\GamerOSD\GamerOSD.exe O4 - HKLM\..\Run: [snpstd3] C:\WINDOWS\vsnpstd3.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [regKey] C:\WINDOWS\system32\regkey.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - O16 - DPF: {A672558F-A878-4D5A-A921-627C091CEB66} (Flatcast Producer 5.0) - O16 - DPF: {E55FD215-A32E-43FE-A777-A7E8F165F557} (Flatcast Viewer 5.0) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{1DCB5623-86EA-47A1-9B6C-972771F3928E}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6488 bytes Kırmızı ile işaretlediklerimi fixleyin. Mavi ile işartledikliermi inceleyin. Siz karar verin... Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:51:27, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{C320BA0C-7F5F-49C5-9EC7-ECD148E78B28}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 5273 bytes Link to comment Share on other sites More sharing options...
alionur54 Posted August 26, 2009 Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:02:08, on 26.08.2009Platform: Unknown Windows (WinNT 6.01.3004)MSIE: Internet Explorer v8.00 (8.00.7100.0000)Boot mode: NormalRunning processes:C:\Windows\system32\taskeng.exeC:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\ASUS\SmartLogon\sensorsrv.exeC:\Windows\System32\rundll32.exeC:\Program Files\ESET\ESET Smart Security\egui.exeC:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exeC:\Program Files\Unlocker\UnlockerAssistant.exeC:\Program Files\Java\jre6\bin\jusched.exeC:\Program Files\ASUS\ATK Media\DMedia.exeC:\Program Files\ASUS\ATKOSD2\ATKOSD2.exeC:\Program Files\ATK Hotkey\HControlUser.exeC:\Windows\RtHDVCpl.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\Windows Sidebar\sidebar.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Users\ALI ONUR\AppData\Local\Google\Update\1.2.183.7\GoogleCrashHandler.exeC:\Program Files\Internet Download Manager\IEMonitor.exeC:\Windows\system32\wuauclt.exeC:\Program Files\Windows Live\Messenger\msnmsgr.exeC:\Program Files\Windows Live\Contacts\wlcomm.exeC:\Program Files\Java\jre6\bin\javaw.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: s127.0.0.1 localhostO1 - Hosts: Youtube Jacker 4 :)O1 - Hosts: 209.85.229.100 www.youtube.comO1 - Hosts: 209.85.229.100 youtube.comO1 - Hosts: 209.85.229.100 tr.youtube.comO1 - Hosts: 209.85.229.100 fr.youtube.comO1 - Hosts: 209.85.229.100 au.youtube.comO1 - Hosts: 209.85.229.100 ca.youtube.comO1 - Hosts: 208.117.236.71 m.youtube.comO1 - Hosts: 74.125.65.118 img.youtube.comO1 - Hosts: 209.85.165.102 gdata.youtube.comO1 - Hosts: 208.117.236.71 ru.youtube.comO1 - Hosts: 208.117.236.70 youtube.comO1 - Hosts: 74.125.65.118 img.youtube.comO1 - Hosts: 88.255.41.21 fr.youtube.comO1 - Hosts: 88.255.41.21 www.fr.youtube.comO1 - Hosts: 74.125.95.138 de.youtube.comO1 - Hosts: 209.85.129.104 help.youtube.comO1 - Hosts: 209.85.129.104 www.help.youtube.comO1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.comO1 - Hosts: 74.125.0.147 v2.lscache1.c.youtube.comO1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.comO1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.comO1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.comO1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.comO1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.comO1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.comO1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.comO1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.comO1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.comO1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.comO1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.comO1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.comO1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.comO1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.comO1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.comO1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.comO1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.comO1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.comO1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.comO1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.comO1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.comO1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.comO1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.comO1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.comO1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.comO1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.comO1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.comO1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.comO1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.comO1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.comO1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.comO1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.comO1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.comO1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.comO1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.comO1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.comO1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.comO1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.comO1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.comO1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.comO1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.comO1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.comO1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.comO1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.comO1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.comO1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.comO1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.comO1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.comO1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.comO1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.comO1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.comO1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.comO1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.comO1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.comO1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.comO1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.comO1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.comO1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.comO1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.comO1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.comO1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.comO1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.comO1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.comO1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.comO1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.comO1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.comO1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.comO1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.comO1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.comO1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.comO1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.comO1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.comO1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.comO1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.comO1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.comO1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.comO1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.comO1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.comO1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.comO1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.comO2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dllO2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dllO2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dllO2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dllO2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dllO2 - BHO: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - @ProgFiles\kikin\ie_kikin.dll (file missing)O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dllO4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorunO4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitserviceO4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"O4 - HKLM\..\Run: [RemoteControl8] "C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe"O4 - HKLM\..\Run: [PDVD8LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe"O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files\ASUS\ATK Media\DMedia.exeO4 - HKLM\..\Run: [ATKOSD2] C:\Program Files\ASUS\ATKOSD2\ATKOSD2.exeO4 - HKLM\..\Run: [HControlUser] "C:\Program Files\ATK Hotkey\HcontrolUser.exe"O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exeO4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRunO4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onbootO4 - HKCU\..\Run: [Google Update] "C:\Users\ALI ONUR\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htmO8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htmO8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htmO8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000O9 - Extra button: (no name) - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - @ProgFiles\kikin\ie_kikin.dll (file missing)O9 - Extra 'Tools' menuitem: My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - @ProgFiles\kikin\ie_kikin.dll (file missing)O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLLO13 - Gopher Prefix: O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlcdnet.asus.com/pub/ASUS/misc/dlm-activex-2.2.5.0.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exeO23 - Service: ASLDR Service (ASLDRService) - Unknown owner - C:\Program Files\ATK Hotkey\ASLDRSrv.exeO23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exeO23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exeO23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - Unknown owner - C:\Windows\system32\TuneUpDefragService.exe (file missing)O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - Unknown owner - C:\Windows\system32\TUProgSt.exe (file missing)--End of file - 13024 bytes[/CODE] Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 07:19:36, on 25.08.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\Vm_sti.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{9097A1AE-378D-42C0-B4B8-9E1CDA08BF74}: NameServer = 4.2.2.3,4.2.2.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{9097A1AE-378D-42C0-B4B8-9E1CDA08BF74}: NameServer = 4.2.2.3,4.2.2.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{9097A1AE-378D-42C0-B4B8-9E1CDA08BF74}: NameServer = 4.2.2.3,4.2.2.4 O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- End of file - 3702 bytes şimdiden tşkler Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:20:56, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe [color="#ff0000"]C:\WINDOWS\system32\lsass.exe[/color] C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE [color="#ff0000"]C:\WINDOWS\VistaDrive\VistaDrive.exe[/color] C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe [color="#0000ff"]C:\WINDOWS\FixCamera.exe[/color] [color="#0000ff"]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[/color] C:\WINDOWS\system32\ctfmon.exe [color="#ff0000"]C:\Program Files\ManyCam 2.2\ManyCam.exe[/color] [color="#0000ff"]C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[/color] C:\Program Files\Java\jre6\bin\jqs.exe [color="#ff0000"]C:\WINDOWS\system32\nvsvc32.exe[/color] [color="#ff0000"]C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE[/color] C:\WINDOWS\services.exe [color="#ff0000"]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnctr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll[/color] [color="#0000ff"]O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll[/color] [color="#ff0000"]O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit[/color] O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE [color="#ff0000"]O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE[/color] O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" [color="#0000ff"]O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe[/color] [color="#ff0000"]O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k[/color] [color="#0000ff"]O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"[/color] O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svchost] "C:\WINDOWS\services.exe" [color="#ff0000"]O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe"[/color] O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') [color="#ff0000"]O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')[/color] O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') [color="#ff0000"]O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')[/color] O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') [color="#ff0000"]O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000[/color] [color="#0000ff"]O9 - Extra button: Web Koruması İstatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll[/color] [color="#ff0000"]O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/tr/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{33899C5F-5164-4BBE-B756-8019BC16E794}: NameServer = 4.2.2.4,4.2.2.2[/color] [color="#0000ff"]O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe[/color] [color="#ff0000"]O23 - Service: Google Güncelleme Hizmeti (gupdate1ca083db17eca8) (gupdate1ca083db17eca8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe[/color] O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe [color="#ff0000"]O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe[/color] -- End of file - 5946 bytes Link to comment Share on other sites More sharing options...
alioren Posted August 26, 2009 Share Posted August 26, 2009 teşekkürler Logfile of Trend Micro HijackThis v2.0.2Scan saved at 18:39:41, on 26.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: 94.75.239.201 www.sharebus.com O1 - Hosts: 94.75.239.201 sharebus.com O1 - Hosts: 74.50.28.205 divx-world.com O1 - Hosts: 74.50.28.205 www.divx-world.com O1 - Hosts: 94.102.51.10 12chan.org O1 - Hosts: 94.102.51.10 www.12chan.org O1 - Hosts: 94.102.51.10 img.12chan.org O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 75.126.2.88 www.forumtr.com O1 - Hosts: 195.110.8.7 images.freeviewmovies.com O1 - Hosts: 195.110.8.6 content.freeviewmovies.com O1 - Hosts: 89.238.128.18 content1.freeviewmovies.com O1 - Hosts: 195.110.8.8 content2.freeviewmovies.com O1 - Hosts: 66.218.77.68 geocities.com O1 - Hosts: 66.218.77.68 www.geocities.com O1 - Hosts: 77.247.179.157 imagefap.com O1 - Hosts: 77.247.179.165 www.imagefap.com O1 - Hosts: 77.247.179.169 images.imagefap.com O1 - Hosts: 77.247.179.169 cache.imagefap.com O1 - Hosts: 87.242.73.60 imgsrc.ru O1 - Hosts: 87.242.72.143 s0.imgsrc.ru O1 - Hosts: 87.242.72.143 s1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0.imgsrc.ru O1 - Hosts: 87.242.72.143 b1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0p.imgsrc.ru O1 - Hosts: 87.242.72.143 b1p.imgsrc.ru O1 - Hosts: 85.17.90.3 wwwstatic.megaupload.com O1 - Hosts: 69.5.88.70 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 67.228.223.62 mp3hanesi.com O1 - Hosts: 67.228.223.62 mp3hanesi.net O1 - Hosts: 67.228.223.62 mp3hanesi.org O1 - Hosts: 67.228.223.62 www.mp3hanesi.com O1 - Hosts: 67.228.223.62 www.mp3hanesi.net O1 - Hosts: 67.228.223.62 www.mp3hanesi.org O1 - Hosts: 216.155.128.58 redtube.com O1 - Hosts: 66.55.141.21 www.redtube.com O1 - Hosts: 216.155.128.24 thumbs.redtube.com O1 - Hosts: 66.55.141.51 ads.redtube.com O1 - Hosts: 216.155.128.22 dl.redtube.com O1 - Hosts: 66.55.141.251 dlembed.redtube.com O1 - Hosts: 66.55.141.20 embed.redtube.com O1 - Hosts: 74.208.27.228 redtube.com.br O1 - Hosts: 74.208.27.228 www.redtube.com.br O1 - Hosts: 195.149.139.33 casinoeuro.net O1 - Hosts: 195.149.139.33 www.casinoeuro.net O1 - Hosts: 172.16.249.19 starhacks.org O1 - Hosts: 172.16.249.19 www.starhacks.org O1 - Hosts: 209.200.162.65 superbahis199.com O1 - Hosts: 209.200.162.65 www.superbahis199.com O1 - Hosts: 83.140.65.11 thepiratebay.org O1 - Hosts: 83.140.176.160 www.thepiratebay.org O1 - Hosts: 91.191.138.3 tracker.thepiratebay.org O1 - Hosts: 83.140.65.31 torrents.thepiratebay.org O1 - Hosts: 83.140.65.41 static.thepiratebay.org O1 - Hosts: 91.191.138.2 vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.9 wip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 open.tracker.thepiratebay.org O1 - Hosts: 91.191.138.7 upen.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 vtv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 a.tracker.thepiratebay.org O1 - Hosts: 213.73.89.193 stalker.h3q.com O1 - Hosts: 91.191.138.2 denis.stalker.h3q.com O1 - Hosts: 91.191.138.7 vtv.tv.tracker.prq.to O1 - Hosts: 91.191.138.8 tracker.prq.to O1 - Hosts: 91.191.138.9 tv.tracker.prq.to O1 - Hosts: 91.191.138.2 eztv.tv.tracker.prq.to O1 - Hosts: 208.73.210.32 torrentturk.com O1 - Hosts: 64.111.206.186 xnxx.com O1 - Hosts: 64.111.206.194 www.xnxx.com O1 - Hosts: 76.9.6.234 video.xnxx.com O1 - Hosts: 66.230.171.106 gfx.xnxx.com O1 - Hosts: 66.230.171.162 stories.xnxx.com O1 - Hosts: 94.75.218.37 xv122.xvideos.com O1 - Hosts: 94.75.218.38 xv123.xvideos.com O1 - Hosts: 94.75.218.39 xv124.xvideos.com O1 - Hosts: 76.9.6.230 xvideos.com O1 - Hosts: 76.9.6.238 www.xvideos.com O1 - Hosts: 94.75.218.53 img.xvideos.com O1 - Hosts: 94.75.218.1 xv100.xvideos.com O1 - Hosts: 94.75.218.2 xv101.xvideos.com O1 - Hosts: 94.75.218.3 xv102.xvideos.com O1 - Hosts: 94.75.218.4 xv103.xvideos.com O1 - Hosts: 94.75.218.5 xv104.xvideos.com O1 - Hosts: 94.75.218.6 xv105.xvideos.com O1 - Hosts: 94.75.218.7 xv106.xvideos.com O1 - Hosts: 94.75.218.8 xv107.xvideos.com O1 - Hosts: 94.75.218.9 xv108.xvideos.com O1 - Hosts: 94.75.218.10 xv109.xvideos.com O1 - Hosts: 94.75.218.11 xv110.xvideos.com O1 - Hosts: 94.75.218.12 xv111.xvideos.com O1 - Hosts: 94.75.218.13 xv112.xvideos.com O1 - Hosts: 94.75.218.14 xv113.xvideos.com O1 - Hosts: 94.75.218.15 xv114.xvideos.com O1 - Hosts: 94.75.218.16 xv115.xvideos.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Kolay Kurum Programi] C:\Program Files\Pikatel KKP ComboMax2\TestProgrami.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe -- End of file - 8653 bytes Link to comment Share on other sites More sharing options...
lontokyo Posted August 26, 2009 Share Posted August 26, 2009 Kimse uğraşmak istemiyor Galiba .Hazır Logları Analiz Eden Birisi Varken Ben Kendim Analiz Ediyorum.. Bence Sende Bu İşin Tekniğini Öğret Herkes Kendisi Analiz Etsin. Ben Vereyim Sana O Tekniği O zaman Buyrun Açıklamaları İle Bazı Hataların Kaynakları ve Çözüm Yolları... Burdan Programı Download Edebilirsiniz... http://free.antivirus.com/hijackthis/[/CODE] [font=Times New Roman][size=4][color=#FF0000]-----------------------------HİJACKTHİS DETAYLI EĞİTİM ---------------------------[/color][/size][/font] Spyware ve malware gibi zararlı yazılımlardan başı dertte olan kişiler için en etkili ve basit olarak hazırlanmış bu yazılımdır HijacThis.. Sisteminizde aktif halde gorev yapan ve sisteminizin calismasini dogrudan etkileyen tum programlari bularak (sistem dosyasi olsun olmasin) size bildiriyor. Bu programın kullanması kolay kolay olmasına ama birde şu varki, bu programda yapacağınız en ufak bir yanlış sistemde ciddi zararlara neden olacaktır. Porgramın nasıl kullanılacağı konusunda aşağıda gerekli açıklamayı yaptım ama bizim için önemli olan husus tabiî ki programla sistemi tarattıktan sonra elde ettiğimiz log dosyasındaki hangi satırların fixleneceği konusudur. Elde ettiğimiz log dosyasında ilk satır Kullandığımız programın hangi sürüm olduğunu bize verir. [color=#FF0000]Logfile of Trend Micro HijackThis v2.0.0 (BETA) [/color] Sonra gelen 3 satırda sistemimizi tarattığımız saat ve tarih, sistemde kurulu olan işletim sistemi, hangi moda sistem açılıp taratma yapıldığı anlatılır [color=#FF0000]Scan saved at 23:43:24, on 04.06.2007 Platform: Windows XP SP2 (WinNT 5.01.2600 Boot mode: Normal [/color] Daha sonraki satırlar sistemde o an çalışan hizmetlerin ve programların verildiği uzunca bir liste şeklinde olan asıl bizi ilgilendiren satırların bulunduğu kısımlardır. İlk satırlarda system32 klasörü içinde çalışan sistem dosyalarının açıklandığı satırlardır. [color=#FF0000]C:\\WINDOWS\\System32\\smss.exe[/color] Bu dosya smss.exe isimli windows işletim sisteminin "Session Manager Subsystem" olarak adlandırılan bir parçasıdır ve bu parça asla fixlenmemlidir. Eğer sistemde çalışan iki tane smss.exe dosyası bulunuyorsa zararlı yazılım olan smss.exe’si ile kullandığı bellek miktarı ile ayrılabilir. "Session Manager Subsystem" olan smss.exe dosyası genellikle 100-300 KB civarında hafıza kullanırken zararlı yazılım olan smss.exe çalışma zamanına bağlı olarak çok daha fazla miktarda bellek kullanmaktadır. [color=#FF0000]C:\\WINDOWS\\system32\\winlogon.exe [/color] Windows NT Oturum Açma Uygulamasıdır. [color=#FF0000]C:\\WINDOWS\\system32\\services.exe [/color] Hizmetler ve Denetleyici uygulamasıdır. [color=#FF0000]C:\\WINDOWS\\system32\\lsass.exe [/color] Bu dosya Local Security Authority Service anlamına gelirki bu da güvenlik mekanizmalarını kontrol eder. şimdi burdaki başlangıç harfi çok önemli. eğer bu başlangıçtaki harf L ise (yani dosya Lsass.exe ise) o zaman bu dosya büyük ihtimalle bir trojandır. [color=#FF0000]C:\\WINDOWS\\System32\\svchost.exe [/color] Svchost.exe dosyası System32 klasöründe bulunur. Başlangıçta, Svchost.exe yüklemesi gereken hizmetlerin listesini oluşturmak için kayıt defterinin hizmetler bölümünü denetler. Svchost.exe’nin birden çok örneği aynı anda çalışabilir. Her Svchost.exe oturumu bir hizmet grubu içerebilir, böylece Svchost.exe’nin nasıl ve nerede başlatıldığına bağlı olarak farklı hizmetler çalışabilir. Bu durum, daha iyi denetim ve daha kolay hata ayıklama olanağı sağlar. [color=#FF0000]C:\\WINDOWS\\Explorer.EXE[/color] Windows gezgini uygulamasıdır. [color=#FF0000]C:\\WINDOWS\\system32\\spoolsv.exe[/color] Spoolsv.exe normalde Printer kontrolu yapan XP sistem dosyasıdır. internete bağlanıyorsa virüs olma ihtimalide vardır. [color=#FF0000]C:\\Program Files…..[/color] olarak geçen satırlarda sistemde çalışan kurulu olan programların dosyalarının satırlarıdır. Tanımadığınız ve çalışmasına gerek görmediğiniz dosyaların çalışmasını görev yöneticisinden sonlandırabilirsiniz. Yanlız dikkat etmeniz gereken güvenlik yazılımları ile ilgili çalışan dosyaları ve uygulamaları kaldırmamanız. [color=#FF0000]R1, R0, R3 İnternet Explorer için başlangıç ve arama sayfalarının gösterildiği satırlardır.[/color] R1 - HKLM\\Software\\Microsoft\\Internet Explorer\\ R0 - HKLM\\Software\\Microsoft\\Internet Explorer\\ Bu satırlardan R1, R0 sizin belirlediğiniz yada ayarlanmasında sorun olmadığı düşündüğünüz bağlantıları içeriyorsa öylece bırakabilirsiniz. Ama R3 satırı varsa logunuzda mutlaka fixleyin. [color=#FF0000]F0, F1, F2, F3 satırları ise sistemdeki ini dosyalarından otomatik olarak sisteme yüklenen programlardır.[/color] F0 - system.ini: Shell=Explorer.exe Openit.exe F1 - win.ini: run=hptasks……….gibi F0 lar zararlı dosyalardır mutlaka satırların fixlenmesi gerekir. F1 satırları genele olarak güvenli dosyalardır, ama bu satırlarda da sorun olabilir tabi mutlaka satırlar araştırılıp ona göre fixlenmelidir. [color=#FF0000]N1, N2, N3, N4 dosyaları[/color] Mozilla Firefox borowseri için ayarlanan arama sayfaları yada ana sayfalardır. Mozilla ve Netscape programlari genelde Hijack edilmesi cok zor programlar oldugundan bunlari gormemeniz olasi. Fakat varsa ve eger aderleri tanimiyorsaniz fix etmelisiniz. [color=#FF0000]O1 - Host Dosyasi Yonlendirmeleri[/color] O1 - Hosts: 127.0.0.1 google.com.tr O1 - Hosts: 127.0.0.1 donanimhaber.com O1 - Hosts: 127.0.0.1 mynet.com Hosts dosyası genelde virüslerin içeriğinde değişiklik yaptığı dosyadır. Bu satırlarla karşılaştığınızda verilen site adresleri ile ip adresleri birbirleri ile uymuyorsa mutlaka fixlemeniz gerekir. [color=#FF0000]O2 - Tarayici Yardim Ogeleridir.[/color] O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\\Program Files\\Orbitdownloader\\orbitcth.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\\Program Files\\Common Files\\Adobe\\Acrobat\\ActiveX\\AcroIEHelper.dll Genelde bu tür öğeler işe yaramazlar rahatlıkla fixleyebilirsiniz. [color=#FF0000]O3 - IE Arac Cubuklari[/color] O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) Bu tür araç çubukları İnternet Explorer in düzenli ve hızlı çalışmasını engelleyen yazılımlardır ve çoğu kez işe yaramazlar fixlenebilir. [color=#FF0000]O4 - Baslangic klasorunden yada Registry’den otomatik yuklenen programlar[/color] O4 - HKLM\\..\\Run: [sunJavaUpdateSched] "C:\\Program Files\\Java\\jre1.6.0_01\\bin\\jusched.exe" O4 - HKLM\\..\\Run: [bigDogPath] C:\\WINDOWS\\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL) O4 - HKLM\\..\\Run: [eTrust PestPatrol Active Protection] "C:\\Program Files\\CA\\eTrust PestPatrol\\PPActiveDetection.exe" Bilmediğiniz ve şüphelendiğiniz program yada dosyalar mevcut ise mutlaka fixleyin. Bazı programlar sistemde hala çalışır durumda olabilirler bu programları fixleseniz bile fixlenmeyecektir. Eğer mutlaka sonlandırmak istiyorsanız görev yöneticisinden sonlandırmanız gerekebilir. [color=#FF0000]O5 - IE nin Denetim Masasinda olmayan ayarları[/color] O5 - control.ini: inetcl.cpl=no Mutlaka fixleyin. [color=#FF0000]O6 - IE Sistem Yoneticisi Tarafindan Devre Disi Birakilmis ayarları[/color] O6 - HKCU\\Software\\Policies\\Microsoft\\Internet Explorer\\Restrictions present Mutlaka fixleyin. O7 - Regeditin Sistem Yoneticisi Tarafindan Devre Disi Birakilmis ayarları O7 - HKCU\\Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System, DisableRegedit=1 Mutlaka fixleyin [color=#FF0000]O8 - IE sag tuş menusunde ekstra secenekleri[/color] O8 - Extra context menu item: &Download by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/201 O8 - Extra context menu item: &Grab video by Orbit - res://C:\\Program Files\\Orbitdownloader\\orbitmxt.dll/204 Genelde çok fazla işe yaramazlar, fixlenmesinde sakınca yoktur. [color=#FF0000]O9 - IE arac cubugundaki ekstra butonlar[/color] İnternet Explorer sayfasında üst kısımda bulunan msn, araştır, yada kurduğunuz program tarafından otomatik olarak eklenen yardım öğeleridir. O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll O9 - Extra ’Tools’ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\\Program Files\\Java\\jre1.6.0_01\\bin\\ssv.dll Bilmediklerinizi fixleyin. [color=#FF0000]O13 - IE DefaultPrefix Hijack[/color] O13 - DefaultPrefix: Mutlaka fixlenmesi gerekir. [color=#FF0000]O14 - ’Web Ayarlarini Sifirla’ Hijack[/color] O14 - IERESET.INF: START_PAGE_URL=http://www.coolwebsearch.com Eger urldeki adres ISP’nizin degilse mutlaka fix edin. [color=#FF0000]O15 - Guvenilir Sitelerde istenmeyen adresler[/color] O15 - Trusted Zone: İstemediğiniz ve tanımadığınız adresler varsa fixleyebilirsiniz. [color=#FF0000]O16- update yapılan uygulamaların bağlandıkları site adreslerini verir.[/color] O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - Please register to see this content. Bilmediğiniz adreslere bağlantılar içeriyorsa bu adresleri fixleyin. [color=#FF0000]O17 - Lop.com Alanadi Hijack[/color] Eğer urldeki adres ISP’niz değilse mutlaka fixleyin. [color=#FF0000]022 - sistemdeki update leri hangi dll dosyası üzerinden yapılacak belirtir.[/color] O22 - SharedTaskScheduler: Browseui önceden yükleyicisi - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\\WINDOWS\\system32\\browseui.dll O22 - SharedTaskScheduler: Bileşen Katergorileri önbellek daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\\WINDOWS\\system32\\browseui.dll browseui.dll dosyası ise fixlenmesine gerek yok. [color=#FF0000]023- Sistemde çalışan uygulamaların listelendiği satırlardır[/color] (no name) (unkown owner) terimlerinin bulunduğu satırlar fixlenmeli. Link to comment Share on other sites More sharing options...
AlijohnX Posted August 27, 2009 Author Share Posted August 27, 2009 teşekkürlerRunning processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: 94.75.239.201 www.sharebus.com O1 - Hosts: 94.75.239.201 sharebus.com O1 - Hosts: 74.50.28.205 divx-world.com O1 - Hosts: 74.50.28.205 www.divx-world.com O1 - Hosts: 94.102.51.10 12chan.org O1 - Hosts: 94.102.51.10 www.12chan.org O1 - Hosts: 94.102.51.10 img.12chan.org O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 75.126.2.88 www.forumtr.com O1 - Hosts: 195.110.8.7 images.freeviewmovies.com O1 - Hosts: 195.110.8.6 content.freeviewmovies.com O1 - Hosts: 89.238.128.18 content1.freeviewmovies.com O1 - Hosts: 195.110.8.8 content2.freeviewmovies.com O1 - Hosts: 66.218.77.68 geocities.com O1 - Hosts: 66.218.77.68 www.geocities.com O1 - Hosts: 77.247.179.157 imagefap.com O1 - Hosts: 77.247.179.165 www.imagefap.com O1 - Hosts: 77.247.179.169 images.imagefap.com O1 - Hosts: 77.247.179.169 cache.imagefap.com O1 - Hosts: 87.242.73.60 imgsrc.ru O1 - Hosts: 87.242.72.143 s0.imgsrc.ru O1 - Hosts: 87.242.72.143 s1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0.imgsrc.ru O1 - Hosts: 87.242.72.143 b1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0p.imgsrc.ru O1 - Hosts: 87.242.72.143 b1p.imgsrc.ru O1 - Hosts: 85.17.90.3 wwwstatic.megaupload.com O1 - Hosts: 69.5.88.70 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 67.228.223.62 mp3hanesi.com O1 - Hosts: 67.228.223.62 mp3hanesi.net O1 - Hosts: 67.228.223.62 mp3hanesi.org O1 - Hosts: 67.228.223.62 www.mp3hanesi.com O1 - Hosts: 67.228.223.62 www.mp3hanesi.net O1 - Hosts: 67.228.223.62 www.mp3hanesi.org O1 - Hosts: 216.155.128.58 redtube.com O1 - Hosts: 66.55.141.21 www.redtube.com O1 - Hosts: 216.155.128.24 thumbs.redtube.com O1 - Hosts: 66.55.141.51 ads.redtube.com O1 - Hosts: 216.155.128.22 dl.redtube.com O1 - Hosts: 66.55.141.251 dlembed.redtube.com O1 - Hosts: 66.55.141.20 embed.redtube.com O1 - Hosts: 74.208.27.228 redtube.com.br O1 - Hosts: 74.208.27.228 www.redtube.com.br O1 - Hosts: 195.149.139.33 casinoeuro.net O1 - Hosts: 195.149.139.33 www.casinoeuro.net O1 - Hosts: 172.16.249.19 starhacks.org O1 - Hosts: 172.16.249.19 www.starhacks.org O1 - Hosts: 209.200.162.65 superbahis199.com O1 - Hosts: 209.200.162.65 www.superbahis199.com O1 - Hosts: 83.140.65.11 thepiratebay.org O1 - Hosts: 83.140.176.160 www.thepiratebay.org O1 - Hosts: 91.191.138.3 tracker.thepiratebay.org O1 - Hosts: 83.140.65.31 torrents.thepiratebay.org O1 - Hosts: 83.140.65.41 static.thepiratebay.org O1 - Hosts: 91.191.138.2 vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.9 wip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 open.tracker.thepiratebay.org O1 - Hosts: 91.191.138.7 upen.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 vtv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 a.tracker.thepiratebay.org O1 - Hosts: 213.73.89.193 stalker.h3q.com O1 - Hosts: 91.191.138.2 denis.stalker.h3q.com O1 - Hosts: 91.191.138.7 vtv.tv.tracker.prq.to O1 - Hosts: 91.191.138.8 tracker.prq.to O1 - Hosts: 91.191.138.9 tv.tracker.prq.to O1 - Hosts: 91.191.138.2 eztv.tv.tracker.prq.to O1 - Hosts: 208.73.210.32 torrentturk.com O1 - Hosts: 64.111.206.186 xnxx.com O1 - Hosts: 64.111.206.194 www.xnxx.com O1 - Hosts: 76.9.6.234 video.xnxx.com O1 - Hosts: 66.230.171.106 gfx.xnxx.com O1 - Hosts: 66.230.171.162 stories.xnxx.com O1 - Hosts: 94.75.218.37 xv122.xvideos.com O1 - Hosts: 94.75.218.38 xv123.xvideos.com O1 - Hosts: 94.75.218.39 xv124.xvideos.com O1 - Hosts: 76.9.6.230 xvideos.com O1 - Hosts: 76.9.6.238 www.xvideos.com O1 - Hosts: 94.75.218.53 img.xvideos.com O1 - Hosts: 94.75.218.1 xv100.xvideos.com O1 - Hosts: 94.75.218.2 xv101.xvideos.com O1 - Hosts: 94.75.218.3 xv102.xvideos.com O1 - Hosts: 94.75.218.4 xv103.xvideos.com O1 - Hosts: 94.75.218.5 xv104.xvideos.com O1 - Hosts: 94.75.218.6 xv105.xvideos.com O1 - Hosts: 94.75.218.7 xv106.xvideos.com O1 - Hosts: 94.75.218.8 xv107.xvideos.com O1 - Hosts: 94.75.218.9 xv108.xvideos.com O1 - Hosts: 94.75.218.10 xv109.xvideos.com O1 - Hosts: 94.75.218.11 xv110.xvideos.com O1 - Hosts: 94.75.218.12 xv111.xvideos.com O1 - Hosts: 94.75.218.13 xv112.xvideos.com O1 - Hosts: 94.75.218.14 xv113.xvideos.com O1 - Hosts: 94.75.218.15 xv114.xvideos.com O1 - Hosts: 94.75.218.16 xv115.xvideos.com O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Kolay Kurum Programi] C:\Program Files\Pikatel KKP ComboMax2\TestProgrami.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.