AlijohnX Posted August 11, 2009 Author Share Posted August 11, 2009 I:\WINDOWS\System32\smss.exeI:\WINDOWS\system32\winlogon.exe I:\WINDOWS\system32\services.exe I:\WINDOWS\system32\lsass.exe I:\WINDOWS\system32\winsersec.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\System32\svchost.exe I:\WINDOWS\system32\Ati2evxx.exe I:\WINDOWS\system32\spoolsv.exe I:\WINDOWS\Explorer.EXE I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe I:\WINDOWS\system32\inetsrv\inetinfo.exe I:\WINDOWS\system32\svchost.exe I:\WINDOWS\RTHDCPL.EXE I:\WINDOWS\system32\mmm.exe I:\Program Files\Drive Space Indicator\DrvSpace.exe I:\WINDOWS\sdaemon.exe I:\WINDOWS\winwd.exe I:\WINDOWS\FixCamera.exe I:\WINDOWS\tsnp325.exe I:\Program Files\DigitalPeers\CamTrack\dptracker.exe I:\WINDOWS\vsnp325.exe I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe I:\WINDOWS\system32\ctfmon.exe I:\Program Files\Internet Explorer\IEXPLORE.EXE I:\Program Files\Internet Explorer\IEXPLORE.EXE I:\Program Files\Mozilla Firefox\firefox.exe I:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: 212.175.252.253 www.divxm.com O1 - Hosts: 89.149.239.114 www.divxplanet.net O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70 www.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 74.125.13.80 v1.lscache1.c.youtube.com O1 - Hosts: 74.125.13.83 v2.lscache1.c.youtube.com O1 - Hosts: 74.125.13.86 v3.lscache1.c.youtube.com O1 - Hosts: 74.125.13.89 v4.lscache1.c.youtube.com O1 - Hosts: 74.125.13.92 v5.lscache1.c.youtube.com O1 - Hosts: 74.125.13.95 v6.lscache1.c.youtube.com O1 - Hosts: 74.125.13.98 v7.lscache1.c.youtube.com O1 - Hosts: 74.125.13.101 v8.lscache1.c.youtube.com O1 - Hosts: 74.125.97.17 v9.lscache1.c.youtube.com O1 - Hosts: 74.125.97.84 v10.lscache1.c.youtube.com O1 - Hosts: 74.125.13.87 v11.lscache1.c.youtube.com O1 - Hosts: 74.125.13.90 v12.lscache1.c.youtube.com O1 - Hosts: 74.125.13.93 v13.lscache1.c.youtube.com O1 - Hosts: 74.125.13.96 v14.lscache1.c.youtube.com O1 - Hosts: 74.125.13.99 v15.lscache1.c.youtube.com O1 - Hosts: 74.125.97.38 v16.lscache1.c.youtube.com O1 - Hosts: 74.125.13.82 v17.lscache1.c.youtube.com O1 - Hosts: 74.125.13.85 v18.lscache1.c.youtube.com O1 - Hosts: 74.125.13.88 v19.lscache1.c.youtube.com O1 - Hosts: 74.125.13.91 v20.lscache1.c.youtube.com O1 - Hosts: 74.125.13.94 v21.lscache1.c.youtube.com O1 - Hosts: 74.125.13.97 v22.lscache1.c.youtube.com O1 - Hosts: 74.125.13.100 v23.lscache1.c.youtube.com O1 - Hosts: 74.125.13.103 v24.lscache1.c.youtube.com O1 - Hosts: 74.125.13.80 v1.lscache2.c.youtube.com O1 - Hosts: 74.125.13.83 v2.lscache2.c.youtube.com O1 - Hosts: 74.125.13.86 v3.lscache2.c.youtube.com O1 - Hosts: 74.125.13.89 v4.lscache2.c.youtube.com O1 - Hosts: 74.125.13.92 v5.lscache2.c.youtube.com O1 - Hosts: 74.125.13.95 v6.lscache2.c.youtube.com O1 - Hosts: 74.125.13.98 v7.lscache2.c.youtube.com O1 - Hosts: 74.125.13.101 v8.lscache2.c.youtube.com O1 - Hosts: 74.125.13.81 v9.lscache2.c.youtube.com O1 - Hosts: 74.125.13.84 v10.lscache2.c.youtube.com O1 - Hosts: 74.125.13.87 v11.lscache2.c.youtube.com O1 - Hosts: 74.125.13.90 v12.lscache2.c.youtube.com O1 - Hosts: 74.125.13.93 v13.lscache2.c.youtube.com O1 - Hosts: 74.125.13.96 v14.lscache2.c.youtube.com O1 - Hosts: 74.125.13.99 v15.lscache2.c.youtube.com O1 - Hosts: 74.125.13.102 v16.lscache2.c.youtube.com O1 - Hosts: 74.125.13.82 v17.lscache2.c.youtube.com O1 - Hosts: 74.125.13.85 v18.lscache2.c.youtube.com O1 - Hosts: 74.125.13.88 v19.lscache2.c.youtube.com O1 - Hosts: 74.125.13.91 v20.lscache2.c.youtube.com O1 - Hosts: 74.125.13.94 v21.lscache2.c.youtube.com O1 - Hosts: 74.125.13.97 v22.lscache2.c.youtube.com O1 - Hosts: 74.125.13.100 v23.lscache2.c.youtube.com O1 - Hosts: 74.125.13.103 v24.lscache2.c.youtube.com O1 - Hosts: 74.125.99.80 v1.lscache3.c.youtube.com O1 - Hosts: 74.125.99.83 v2.lscache3.c.youtube.com O1 - Hosts: 74.125.99.86 v3.lscache3.c.youtube.com O1 - Hosts: 74.125.99.89 v4.lscache3.c.youtube.com O1 - Hosts: 74.125.99.92 v5.lscache3.c.youtube.com O1 - Hosts: 74.125.99.95 v6.lscache3.c.youtube.com O1 - Hosts: 74.125.99.98 v7.lscache3.c.youtube.com O1 - Hosts: 74.125.99.101 v8.lscache3.c.youtube.com O1 - Hosts: 74.125.99.81 v9.lscache3.c.youtube.com O1 - Hosts: 74.125.99.84 v10.lscache3.c.youtube.com O1 - Hosts: 74.125.99.87 v11.lscache3.c.youtube.com O1 - Hosts: 74.125.99.90 v12.lscache3.c.youtube.com O1 - Hosts: 74.125.99.93 v13.lscache3.c.youtube.com O1 - Hosts: 74.125.97.32 v14.lscache3.c.youtube.com O1 - Hosts: 74.125.99.99 v15.lscache3.c.youtube.com O1 - Hosts: 74.125.99.102 v16.lscache3.c.youtube.com O1 - Hosts: 74.125.99.82 v17.lscache3.c.youtube.com O1 - Hosts: 74.125.99.85 v18.lscache3.c.youtube.com O1 - Hosts: 74.125.99.88 v19.lscache3.c.youtube.com O1 - Hosts: 74.125.99.91 v20.lscache3.c.youtube.com O1 - Hosts: 74.125.99.94 v21.lscache3.c.youtube.com O1 - Hosts: 74.125.99.97 v22.lscache3.c.youtube.com O1 - Hosts: 74.125.99.100 v23.lscache3.c.youtube.com O1 - Hosts: 74.125.99.103 v24.lscache3.c.youtube.com O1 - Hosts: 74.125.99.80 v1.lscache4.c.youtube.com O1 - Hosts: 74.125.99.83 v2.lscache4.c.youtube.com O1 - Hosts: 74.125.99.86 v3.lscache4.c.youtube.com O1 - Hosts: 74.125.99.89 v4.lscache4.c.youtube.com O1 - Hosts: 74.125.99.92 v5.lscache4.c.youtube.com O1 - Hosts: 74.125.99.95 v6.lscache4.c.youtube.com O1 - Hosts: 74.125.99.98 v7.lscache4.c.youtube.com O1 - Hosts: 74.125.99.101 v8.lscache4.c.youtube.com O1 - Hosts: 74.125.99.81 v9.lscache4.c.youtube.com O1 - Hosts: 74.125.99.84 v10.lscache4.c.youtube.com O1 - Hosts: 74.125.99.87 v11.lscache4.c.youtube.com O1 - Hosts: 74.125.99.90 v12.lscache4.c.youtube.com O1 - Hosts: 74.125.99.93 v13.lscache4.c.youtube.com O1 - Hosts: 74.125.99.96 v14.lscache4.c.youtube.com O1 - Hosts: 74.125.99.99 v15.lscache4.c.youtube.com O1 - Hosts: 74.125.99.102 v16.lscache4.c.youtube.com O1 - Hosts: 74.125.99.82 v17.lscache4.c.youtube.com O1 - Hosts: 74.125.99.85 v18.lscache4.c.youtube.com O1 - Hosts: 74.125.99.88 v19.lscache4.c.youtube.com O1 - Hosts: 74.125.99.91 v20.lscache4.c.youtube.com O1 - Hosts: 74.125.99.94 v21.lscache4.c.youtube.com O1 - Hosts: 74.125.99.97 v22.lscache4.c.youtube.com O1 - Hosts: 74.125.99.100 v23.lscache4.c.youtube.com O1 - Hosts: 74.125.99.103 v24.lscache4.c.youtube.com O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - I:\Program Files\AskBarDis\bar\bin\askBar.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - I:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - I:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - I:\Program Files\AskBarDis\bar\bin\askBar.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [RightClick Menu] I:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [DriveSpace] "I:\Program Files\Drive Space Indicator\DrvSpace.exe" /STARTUP O4 - HKLM\..\Run: [sDaemon] I:\WINDOWS\sdaemon.exe O4 - HKLM\..\Run: [sWd] I:\WINDOWS\winwd.exe O4 - HKLM\..\Run: [FixCamera] I:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [tsnp325] I:\WINDOWS\tsnp325.exe O4 - HKLM\..\Run: [dptracker] I:\Program Files\DigitalPeers\CamTrack\dptracker.exe O4 - HKLM\..\Run: [snp325] I:\WINDOWS\vsnp325.exe O4 - HKLM\..\Run: [style cool 2 city] I:\Documents and Settings\All Users\Application Data\byte loud style cool\Slow Blah.exe O4 - HKLM\..\Run: [egui] "I:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [Teamsoap] I:\DOCUME~1\gencgazi\APPLIC~1\DEAFVC~1\OwnsJoyMapi.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [superCopier2.exe] I:\Program Files\SuperCopier2\SuperCopier2.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] I:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://I:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - I:\WINDOWS\Network Diagnostic\xpnetdiag.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - I:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - I:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Güncelleme Hizmeti (gupdate1ca195a316ac5b4) (gupdate1ca195a316ac5b4) - Google Inc. - I:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - I:\WINDOWS\System32\TuneUpDefragService.exe O23 - Service: winser - Unknown owner - I:\WINDOWS\system32\winsersec.exe Sisteminiz biraz kurcalanmış.Eğer bu Kırmızı ile işaretlediklerimi Fix checked butonuna basarak fixlerseniz büyük bir sorundan kurtulmuş olursunuz. Mavi ile işaretlediklerim genellikle nod 32 | youtube hostları | ve mmm adlı sağ tık düzenleme programı ... Bu işaretlediklerime bakıpta ne çalıştırdığını anlayarak ayırt eder eğer başlangıçta ve daha sonra çalışmamasını istiyorsanız fixlersiniz... Fakat çalışsın istiyorsanız silebilirsiniz... Bu arada Youtube hostlarını Silip eğer mozilla kullanıyorsanız vekil sunucu ayarlarını otomatik olarak ayarla demenizi tercih ederim. Çünkü bu hostlar virüslüdür. Link to comment Share on other sites More sharing options...
AlijohnX Posted August 11, 2009 Author Share Posted August 11, 2009 C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VM303_STI.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\VistaDrive\VistaDrive.exe C:\WINDOWS\system32\UnlockerAssistant.exe C:\WINDOWS\system32\mmm.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\713xRMTMon.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\WINDOWS\VMSnap3.EXE C:\WINDOWS\Domino.EXE C:\Program Files\Drive Space Indicator\DrvSpace.exe C:\Program Files\DAEMON Tools Lite\daemon.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\honestech\honestech TVR\scheduleTV.exe C:\WINDOWS\713xRMT.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: 208.117.236.71 ru.youtube.com O1 - Hosts: 208.117.236.71 fr.youtube.com O1 - Hosts: 208.117.236.71 youtube.com O1 - Hosts: 208.117.236.71 www.youtube.com O1 - Hosts: 208.117.236.71 au.youtube.com O1 - Hosts: 208.117.236.71 ca.youtube.com O1 - Hosts: 208.117.236.71 m.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 209.85.165.102 gdata.youtube.com O1 - Hosts: 208.117.236.71 ru.youtube.com O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70 www.youtube.com O1 - Hosts: 74.125.65.118 img.youtube.com O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com O1 - Hosts: 72.14.205.104 help.youtube.com O1 - Hosts: 72.14.205.147 help.youtube.com O1 - Hosts: 72.14.205.99 help.youtube.com O1 - Hosts: 58.27.3.132 www.sopcast.com O1 - Hosts: 58.27.3.132 sopcast.com O1 - Hosts: 119.110.96.136 www.sopcast.org O1 - Hosts: 119.110.96.136 sopcast.org O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [bigDog303] C:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [unlockerAssistant] "C:\WINDOWS\system32\UnlockerAssistant.exe" O4 - HKLM\..\Run: [RightClick Menu] C:\WINDOWS\system32\mmm.exe O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" O4 - HKLM\..\Run: [Flashget] "C:\Program Files\FlashGet\FlashGet.exe" /min O4 - HKLM\..\Run: [TV Card Remote Control Device Monitor] C:\WINDOWS\713xRMTMon.exe O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [VMSnap3] C:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] C:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [DriveSpace] "C:\Program Files\Drive Space Indicator\DrvSpace.exe" /STARTUP O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [fxanti] C:\Program Files\Faxx Systems\fxanti\fx.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [showDeskFix] regsvr32 /s /n /i:u shell32 (User 'Default user') O4 - Startup: OneNote 2007 Ekran Kırpıcı ve Başlatıcı.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE O4 - Global Startup: Scheduler for OEM.lnk = C:\Program Files\honestech\honestech TVR\scheduleTV.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 4.00\AMVConverter\grab.html O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 4.00\MediaManager\grab.html O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing) O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe (file missing) O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{07F72CC2-6EE4-4638-8BC3-09D26698DC41}: NameServer = 195.175.39.39,195.175.39.40 O17 - HKLM\System\CCS\Services\Tcpip\..\{D735414A-2169-4B0E-BF3D-2E9B6ED4B4C1}: NameServer = 208.67.220.220,208.67.222.222 O17 - HKLM\System\CS1\Services\Tcpip\..\{07F72CC2-6EE4-4638-8BC3-09D26698DC41}: NameServer = 195.175.39.39,195.175.39.40 O17 - HKLM\System\CS2\Services\Tcpip\..\{07F72CC2-6EE4-4638-8BC3-09D26698DC41}: NameServer = 195.175.39.39,195.175.39.40 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Güncelleme Hizmeti (gupdate1ca019c12eef3ba) (gupdate1ca019c12eef3ba) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe Kırmızı ile işaretlediklerimi Fix checked butonu ile fixlerseniz kasmalar hafifleyecektir. Mavi ile işaretlediklerimi inceler ne çalıştırdığını anlarsanız başlangıçta çalışmasını istiyorsanız fixlemezsiniz fakat çalışmamasını istiyorsanız kırmızı ile işaretlediklerimin arasına koyduğumu farzedersiniz... Size önerim: Youtube hostlarınıda fixleyin. Mozilla firefox ile vekil sunucu ayarlarını otomatik ayarlattırın. Bu şekilde tüm sitelere hostsuz girin. [Tüm tarayıcılarda hemde] Link to comment Share on other sites More sharing options...
devrimyalcin33 Posted August 11, 2009 Share Posted August 11, 2009 Şimdiden değerlendirmen için teşekkürler C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\OO Software\CleverCache\ooccctrl.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\cFosSpeed\cfosspeed.exe C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe C:\Program Files\FastStone Capture\FSCapture.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 93.184.70.41 hornywhores.net O1 - Hosts: 93.184.70.41 www.hornywhores.net O1 - Hosts: 77.247.179.176 www.tnaflix.com O1 - Hosts: 77.247.179.176 tnaflix.com O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70 www.youtube.com O1 - Hosts: 85.17.90.3 wwwstatic.megaupload.com O1 - Hosts: 69.5.88.70 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 69.5.88.225 www.megaupload.com O1 - Hosts: 69.5.88.225 megaupload.com O1 - Hosts: 72.52.250.220 www.divxforever.net O1 - Hosts: 72.52.250.220 www.divxforever.us O1 - Hosts: 72.52.250.220 divxforever.net O1 - Hosts: 72.52.250.220 divxforever.us O1 - Hosts: 72.52.250.220 www.foreverdivx.com O1 - Hosts: 72.52.250.220 foreverdivx.com O1 - Hosts: 72.52.250.220 divxforever.com O1 - Hosts: 72.52.250.220 www.divxforever.com O1 - Hosts: 72.52.250.220 www.divxforever.us O1 - Hosts: 72.52.250.220 divxforever.us O1 - Hosts: 74.55.100.8 www.divxpoint.com O1 - Hosts: 74.55.100.8 divxpoint.com O1 - Hosts: 208.88.224.91 www.tube8.com O1 - Hosts: 208.88.224.91 tube8.com O1 - Hosts: 212.187.169.238 www.justin.tv O1 - Hosts: 212.187.169.246 justin.tv O1 - Hosts: 213.202.225.36 ligtvli.li.funpic.org O1 - Hosts: 199.9.251.3 live.justin.tv O1 - Hosts: 204.0.5.26 static-cdn.justin.tv O1 - Hosts: 199.9.249.7 ad.justin.tv O1 - Hosts: 78.159.121.35 www.turkboardmusic.net O1 - Hosts: 78.159.121.35 turkboardmusic.net O1 - Hosts: 69.55.48.194 www.xvideos.com O1 - Hosts: 69.55.48.194 xvideos.com O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [VistaBatterySaver] C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe O4 - HKCU\..\Run: [uSB Threat Defender] "C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" /b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCC00D0-3B79-4A87-968A-67C1B42562C9}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe Link to comment Share on other sites More sharing options...
AlijohnX Posted August 11, 2009 Author Share Posted August 11, 2009 Şimdiden değerlendirmen için teşekkürlerC:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\OO Software\CleverCache\ooccctrl.exe C:\Program Files\Everything\Everything.exe C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\cFosSpeed\cfosspeed.exe C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe C:\Program Files\FastStone Capture\FSCapture.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O1 - Hosts: 93.184.70.41 hornywhores.net O1 - Hosts: 93.184.70.41 www.hornywhores.net O1 - Hosts: 77.247.179.176 www.tnaflix.com O1 - Hosts: 77.247.179.176 tnaflix.com O1 - Hosts: 208.117.236.70 youtube.com O1 - Hosts: 208.117.236.70 www.youtube.com O1 - Hosts: 85.17.90.3 wwwstatic.megaupload.com O1 - Hosts: 69.5.88.70 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 69.5.88.225 www.megaupload.com O1 - Hosts: 69.5.88.225 megaupload.com O1 - Hosts: 72.52.250.220 www.divxforever.net O1 - Hosts: 72.52.250.220 www.divxforever.us O1 - Hosts: 72.52.250.220 divxforever.net O1 - Hosts: 72.52.250.220 divxforever.us O1 - Hosts: 72.52.250.220 www.foreverdivx.com O1 - Hosts: 72.52.250.220 foreverdivx.com O1 - Hosts: 72.52.250.220 divxforever.com O1 - Hosts: 72.52.250.220 www.divxforever.com O1 - Hosts: 72.52.250.220 www.divxforever.us O1 - Hosts: 72.52.250.220 divxforever.us O1 - Hosts: 74.55.100.8 www.divxpoint.com O1 - Hosts: 74.55.100.8 divxpoint.com O1 - Hosts: 208.88.224.91 www.tube8.com O1 - Hosts: 208.88.224.91 tube8.com O1 - Hosts: 212.187.169.238 www.justin.tv O1 - Hosts: 212.187.169.246 justin.tv O1 - Hosts: 213.202.225.36 ligtvli.li.funpic.org O1 - Hosts: 199.9.251.3 live.justin.tv O1 - Hosts: 204.0.5.26 static-cdn.justin.tv O1 - Hosts: 199.9.249.7 ad.justin.tv O1 - Hosts: 78.159.121.35 www.turkboardmusic.net O1 - Hosts: 78.159.121.35 turkboardmusic.net O1 - Hosts: 69.55.48.194 www.xvideos.com O1 - Hosts: 69.55.48.194 xvideos.com O2 - BHO: IDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [ooccctrl.exe] C:\Program Files\OO Software\CleverCache\ooccctrl.exe /tasktray O4 - HKLM\..\Run: [Everything] "C:\Program Files\Everything\Everything.exe" -startup O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" O4 - HKLM\..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray.exe O4 - HKLM\..\Run: [TSMAgent] "C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" O4 - HKLM\..\Run: [smartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe O4 - HKCU\..\Run: [smartRAM] "C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKCU\..\Run: [VistaBatterySaver] C:\Program Files\SharpSoft\Vista Battery Saver\VistaBatterySaver.exe O4 - HKCU\..\Run: [uSB Threat Defender] "C:\Program Files\ArzooSoft Solutions\USB Threat Defender\utdefender.exe" /b O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Startup: FastStone Capture.lnk = C:\Program Files\FastStone Capture\FSCapture.exe O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O13 - Gopher Prefix: O17 - HKLM\System\CCS\Services\Tcpip\..\{9BCC00D0-3B79-4A87-968A-67C1B42562C9}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\aestsrv.exe O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - C:\Windows\system32\ASTSRV.EXE O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe O23 - Service: HP Service (hpsrv) - Hewlett-Packard Corporation - C:\Windows\system32\Hpservice.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe O23 - Service: O&O CleverCache Agent (OOCleverCacheAgent) - O&O Software GmbH - C:\Program Files\OO Software\CleverCache\ooccag.exe O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDAgent.exe O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk10\PDEngine.exe O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_52c73ccb\STacSV.exe O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\Windows\System32\TUProgSt.exe Kırmızı ile işaretlediklerimi Fixleyin. Kasmalar hafifleyecektir... Youtube hostlarını da fixlemenizi tercih ederim. Bu hostlar virüslüdür. Mozilla firefox ile vekil sunucu ayarlarını otomatik olarak ayarlarsanız tüm tarayıcılarda tüm sitelere girebilirsiniz... Bu şekilde virüssüz bir bilgisayar kullanmış olursunuz... Link to comment Share on other sites More sharing options...
devrimyalcin33 Posted August 11, 2009 Share Posted August 11, 2009 değerli yorumun ve önerilerin için tekrar teşekkürler. bir şey daha rica edeceğim. bu fixleme işlemini yaptım, ama yapmadan önce seçili öğeler tamamen silinecek yada onarılacak dedi. bunların herhangi bir ters etkisi olurmu. ? Link to comment Share on other sites More sharing options...
AlijohnX Posted August 11, 2009 Author Share Posted August 11, 2009 Bizim amacımızda silmek veya onarmak... İyi günler... Link to comment Share on other sites More sharing options...
yuuksel Posted August 11, 2009 Share Posted August 11, 2009 bunu da incelermisin. şimdiden teşekkür ederim. ( bunları fixleyince programı silmiş mi oluyoruz? yoksa sadece başlangıçta çalışmasını mı engelliyo? ) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:54:31, on 11.08.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hotkey_Driver\HotkeyDriver.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe -chkautorun O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Formları Doldur - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Formları Kaydet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Menüyü Özelleştir - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formları Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing) -- End of file - 6426 bytes Link to comment Share on other sites More sharing options...
AlijohnX Posted August 11, 2009 Author Share Posted August 11, 2009 C:\Windows\system32\taskhost.exeC:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Hotkey_Driver\HotkeyDriver.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\Stardock\ObjectDock\ObjectDock.exe C:\Program Files\RocketDock\RocketDock.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe -chkautorun O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Formları Doldur - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Formları Kaydet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Menüyü Özelleştir - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formları Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O13 - Gopher Prefix: O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @%SystemRoot%\servicing\TrustedInstaller.exe,-100 (TrustedInstaller) - Unknown owner - C:\Windows\servicing\TrustedInstaller.exe (file missing) -- End of file - 6426 bytes Başlangıçta açılmasını engelliyor... Kırmızı ile işaretlediklerimi fix checked ile fixleyin. Mavi ile işaretlediklerime b ir göz atın fixlenmesini istiyorsanız kırmızı renk olarak görün... iyi günler... Link to comment Share on other sites More sharing options...
droy Posted August 22, 2009 Share Posted August 22, 2009 dostum şununla da bi ilgilenir misin [center]Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:07:56, on 22.08.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Hotkey_Driver\HotkeyDriver.exe C:\Windows\System32\s3trayp.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\mHotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [S3Trayp] S3trayp.exe -chkautorun O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [showwnd] showwnd.exe O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Felah] C:/Program Files/Beyaz Software/Felah/Felah.exe O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Formları Doldur - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Formları Kaydet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Menüyü Özelleştir - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formları Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe -- [b]End of file - 7159 bytes[/b] [/center] Link to comment Share on other sites More sharing options...
AlijohnX Posted August 22, 2009 Author Share Posted August 22, 2009 C:\Windows\system32\Dwm.exeC:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Program Files\Hotkey_Driver\HotkeyDriver.exe C:\Windows\System32\s3trayp.exe C:\Program Files\Synaptics\SynTP\SynTPStart.exe C:\Windows\mHotkey.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\RocketDock\RocketDock.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [avp] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [s3Trayp] S3trayp.exe -chkautorun O4 - HKLM\..\Run: [synTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe O4 - HKLM\..\Run: [CHotkey] mHotkey.exe O4 - HKLM\..\Run: [showwnd] showwnd.exe O4 - HKLM\..\Run: [sMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" O4 - HKCU\..\Run: [Felah] C:/Program Files/Beyaz Software/Felah/Felah.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Formları Doldur - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Formları Kaydet - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Menüyü Özelleştir - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formları Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O13 - Gopher Prefix: O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program Files\Sandboxie\SbieSvc.exe Kırmızı ile işaretlediklerimi Fix checked ile fixleyin. Mavi ile işaretlediklerimi inceleyin Ona göre karar verin... Link to comment Share on other sites More sharing options...
vistaarda Posted August 22, 2009 Share Posted August 22, 2009 hosts resmen zararlı kaynıyormuş... Link to comment Share on other sites More sharing options...
Getz Posted August 22, 2009 Share Posted August 22, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 18:50:43, on 22.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar O1 - Hosts: 76.74.254.126 wordpress.com O1 - Hosts: 74.200.243.254 www.wordpress.com O1 - Hosts: 95.211.10.150 www.sharebus.com O1 - Hosts: 95.211.10.150 sharebus.com O1 - Hosts: 74.50.28.205 divx-world.com O1 - Hosts: 74.50.28.205 www.divx-world.com O1 - Hosts: 94.102.51.10 12chan.org O1 - Hosts: 94.102.51.10 www.12chan.org O1 - Hosts: 94.102.51.10 img.12chan.org O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.72.135.28 www.bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 195.110.8.7 images.freeviewmovies.com O1 - Hosts: 195.110.8.6 content.freeviewmovies.com O1 - Hosts: 89.238.128.18 content1.freeviewmovies.com O1 - Hosts: 195.110.8.8 content2.freeviewmovies.com O1 - Hosts: 98.137.46.72 geocities.com O1 - Hosts: 98.137.46.72 www.geocities.com O1 - Hosts: 77.247.179.157 imagefap.com O1 - Hosts: 77.247.179.165 www.imagefap.com O1 - Hosts: 77.247.179.166 images.imagefap.com O1 - Hosts: 77.247.179.169 cache.imagefap.com O1 - Hosts: 87.242.73.60 imgsrc.ru O1 - Hosts: 87.242.72.143 s0.imgsrc.ru O1 - Hosts: 87.242.72.143 s1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0.imgsrc.ru O1 - Hosts: 87.242.72.143 b1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0p.imgsrc.ru O1 - Hosts: 87.242.72.143 b1p.imgsrc.ru O1 - Hosts: 69.5.88.73 wwwstatic.megaupload.com O1 - Hosts: 174.140.128.5 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 174.36.21.82 mp3hanesi.com O1 - Hosts: 174.36.21.82 www.mp3hanesi.com O1 - Hosts: 174.36.21.82 mp3hanesi.net O1 - Hosts: 174.36.21.82 www.mp3hanesi.net O1 - Hosts: 174.36.21.82 mp3hanesi.org O1 - Hosts: 174.36.21.82 www.mp3hanesi.org O1 - Hosts: 66.55.141.250 thumbs.redtube.com O1 - Hosts: 216.155.128.62 ads.redtube.com O1 - Hosts: 66.55.141.35 dl.redtube.com O1 - Hosts: 216.155.147.23 dlembed.redtube.com O1 - Hosts: 66.55.141.20 embed.redtube.com O1 - Hosts: 74.208.27.228 redtube.com.br O1 - Hosts: 74.208.27.228 www.redtube.com.br O1 - Hosts: 195.149.139.33 casinoeuro.net O1 - Hosts: 195.149.139.33 www.casinoeuro.net O1 - Hosts: 174.36.133.117 starhacks.org O1 - Hosts: 174.36.133.117 www.starhacks.org O1 - Hosts: 209.200.162.65 superbahis199.com O1 - Hosts: 209.200.162.65 www.superbahis199.com O1 - Hosts: 91.191.138.15 thepiratebay.org O1 - Hosts: 91.191.138.15 www.thepiratebay.org O1 - Hosts: 91.191.138.4 tracker.thepiratebay.org O1 - Hosts: 91.191.138.19 torrents.thepiratebay.org O1 - Hosts: 91.191.138.18 static.thepiratebay.org O1 - Hosts: 91.191.138.2 vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.9 wip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 open.tracker.thepiratebay.org O1 - Hosts: 91.191.138.7 upen.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 vtv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 a.tracker.thepiratebay.org O1 - Hosts: 213.73.89.193 stalker.h3q.com O1 - Hosts: 91.191.138.2 denis.stalker.h3q.com O1 - Hosts: 91.191.138.4 vtv.tv.tracker.prq.to O1 - Hosts: 91.191.138.8 tracker.prq.to O1 - Hosts: 91.191.138.6 tv.tracker.prq.to O1 - Hosts: 91.191.138.2 eztv.tv.tracker.prq.to O1 - Hosts: 208.73.210.121 www.torrentturk.com O1 - Hosts: 208.73.210.121 torrentturk.com O1 - Hosts: 64.111.206.186 xnxx.com O1 - Hosts: 76.9.6.234 video.xnxx.com O1 - Hosts: 66.230.171.106 gfx.xnxx.com O1 - Hosts: 66.230.171.162 stories.xnxx.com O1 - Hosts: 94.75.218.37 xv122.xvideos.com O1 - Hosts: 94.75.218.38 xv123.xvideos.com O1 - Hosts: 94.75.218.39 xv124.xvideos.com O1 - Hosts: 76.9.6.230 xvideos.com O1 - Hosts: 76.9.6.238 www.xvideos.com O1 - Hosts: 94.75.218.53 img.xvideos.com O1 - Hosts: 94.75.218.1 xv100.xvideos.com O1 - Hosts: 94.75.218.2 xv101.xvideos.com O1 - Hosts: 94.75.218.3 xv102.xvideos.com O1 - Hosts: 94.75.218.4 xv103.xvideos.com O1 - Hosts: 94.75.218.5 xv104.xvideos.com O1 - Hosts: 94.75.218.6 xv105.xvideos.com O1 - Hosts: 94.75.218.7 xv106.xvideos.com O1 - Hosts: 94.75.218.8 xv107.xvideos.com O1 - Hosts: 94.75.218.9 xv108.xvideos.com O1 - Hosts: 94.75.218.10 xv109.xvideos.com O1 - Hosts: 94.75.218.11 xv110.xvideos.com O1 - Hosts: 94.75.218.12 xv111.xvideos.com O1 - Hosts: 94.75.218.13 xv112.xvideos.com O1 - Hosts: 94.75.218.14 xv113.xvideos.com O1 - Hosts: 94.75.218.15 xv114.xvideos.com O1 - Hosts: 94.75.218.16 xv115.xvideos.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: santa.bat O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ? O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{491579E8-3BC8-4C00-BAF5-2EAAB391CC66}: NameServer = 4.2.2.3,4.2.2.4 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe -- End of file - 10171 bytes Birde Fix lemek nasıl oluyor onuda solersenız Link to comment Share on other sites More sharing options...
AlijohnX Posted August 24, 2009 Author Share Posted August 24, 2009 Konunun ilk mesajını okursanız anlarsınız... C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ESET\ESET Smart Security\ekrn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\dmadmin.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\Program Files\AirTies\ADSL Hizmet Programı\AirTies_util3.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Sık Kullanılanlar O1 - Hosts: 76.74.254.126 wordpress.com O1 - Hosts: 74.200.243.254 www.wordpress.com O1 - Hosts: 95.211.10.150 www.sharebus.com O1 - Hosts: 95.211.10.150 sharebus.com O1 - Hosts: 74.50.28.205 divx-world.com O1 - Hosts: 74.50.28.205 www.divx-world.com O1 - Hosts: 94.102.51.10 12chan.org O1 - Hosts: 94.102.51.10 www.12chan.org O1 - Hosts: 94.102.51.10 img.12chan.org O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.72.135.28 www.bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 195.110.8.7 images.freeviewmovies.com O1 - Hosts: 195.110.8.6 content.freeviewmovies.com O1 - Hosts: 89.238.128.18 content1.freeviewmovies.com O1 - Hosts: 195.110.8.8 content2.freeviewmovies.com O1 - Hosts: 98.137.46.72 geocities.com O1 - Hosts: 98.137.46.72 www.geocities.com O1 - Hosts: 77.247.179.157 imagefap.com O1 - Hosts: 77.247.179.165 www.imagefap.com O1 - Hosts: 77.247.179.166 images.imagefap.com O1 - Hosts: 77.247.179.169 cache.imagefap.com O1 - Hosts: 87.242.73.60 imgsrc.ru O1 - Hosts: 87.242.72.143 s0.imgsrc.ru O1 - Hosts: 87.242.72.143 s1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0.imgsrc.ru O1 - Hosts: 87.242.72.143 b1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0p.imgsrc.ru O1 - Hosts: 87.242.72.143 b1p.imgsrc.ru O1 - Hosts: 69.5.88.73 wwwstatic.megaupload.com O1 - Hosts: 174.140.128.5 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 174.36.21.82 mp3hanesi.com O1 - Hosts: 174.36.21.82 www.mp3hanesi.com O1 - Hosts: 174.36.21.82 mp3hanesi.net O1 - Hosts: 174.36.21.82 www.mp3hanesi.net O1 - Hosts: 174.36.21.82 mp3hanesi.org O1 - Hosts: 174.36.21.82 www.mp3hanesi.org O1 - Hosts: 66.55.141.250 thumbs.redtube.com O1 - Hosts: 216.155.128.62 ads.redtube.com O1 - Hosts: 66.55.141.35 dl.redtube.com O1 - Hosts: 216.155.147.23 dlembed.redtube.com O1 - Hosts: 66.55.141.20 embed.redtube.com O1 - Hosts: 74.208.27.228 redtube.com.br O1 - Hosts: 74.208.27.228 www.redtube.com.br O1 - Hosts: 195.149.139.33 casinoeuro.net O1 - Hosts: 195.149.139.33 www.casinoeuro.net O1 - Hosts: 174.36.133.117 starhacks.org O1 - Hosts: 174.36.133.117 www.starhacks.org O1 - Hosts: 209.200.162.65 superbahis199.com O1 - Hosts: 209.200.162.65 www.superbahis199.com O1 - Hosts: 91.191.138.15 thepiratebay.org O1 - Hosts: 91.191.138.15 www.thepiratebay.org O1 - Hosts: 91.191.138.4 tracker.thepiratebay.org O1 - Hosts: 91.191.138.19 torrents.thepiratebay.org O1 - Hosts: 91.191.138.18 static.thepiratebay.org O1 - Hosts: 91.191.138.2 vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.9 wip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 open.tracker.thepiratebay.org O1 - Hosts: 91.191.138.7 upen.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 vtv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 a.tracker.thepiratebay.org O1 - Hosts: 213.73.89.193 stalker.h3q.com O1 - Hosts: 91.191.138.2 denis.stalker.h3q.com O1 - Hosts: 91.191.138.4 vtv.tv.tracker.prq.to O1 - Hosts: 91.191.138.8 tracker.prq.to O1 - Hosts: 91.191.138.6 tv.tracker.prq.to O1 - Hosts: 91.191.138.2 eztv.tv.tracker.prq.to O1 - Hosts: 208.73.210.121 www.torrentturk.com O1 - Hosts: 208.73.210.121 torrentturk.com O1 - Hosts: 64.111.206.186 xnxx.com O1 - Hosts: 76.9.6.234 video.xnxx.com O1 - Hosts: 66.230.171.106 gfx.xnxx.com O1 - Hosts: 66.230.171.162 stories.xnxx.com O1 - Hosts: 94.75.218.37 xv122.xvideos.com O1 - Hosts: 94.75.218.38 xv123.xvideos.com O1 - Hosts: 94.75.218.39 xv124.xvideos.com O1 - Hosts: 76.9.6.230 xvideos.com O1 - Hosts: 76.9.6.238 www.xvideos.com O1 - Hosts: 94.75.218.53 img.xvideos.com O1 - Hosts: 94.75.218.1 xv100.xvideos.com O1 - Hosts: 94.75.218.2 xv101.xvideos.com O1 - Hosts: 94.75.218.3 xv102.xvideos.com O1 - Hosts: 94.75.218.4 xv103.xvideos.com O1 - Hosts: 94.75.218.5 xv104.xvideos.com O1 - Hosts: 94.75.218.6 xv105.xvideos.com O1 - Hosts: 94.75.218.7 xv106.xvideos.com O1 - Hosts: 94.75.218.8 xv107.xvideos.com O1 - Hosts: 94.75.218.9 xv108.xvideos.com O1 - Hosts: 94.75.218.10 xv109.xvideos.com O1 - Hosts: 94.75.218.11 xv110.xvideos.com O1 - Hosts: 94.75.218.12 xv111.xvideos.com O1 - Hosts: 94.75.218.13 xv112.xvideos.com O1 - Hosts: 94.75.218.14 xv113.xvideos.com O1 - Hosts: 94.75.218.15 xv114.xvideos.com O1 - Hosts: 94.75.218.16 xv115.xvideos.com O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [_nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O4 - Startup: santa.bat O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ? O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{491579E8-3BC8-4C00-BAF5-2EAAB391CC66}: NameServer = 4.2.2.3,4.2.2.4 O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe Mavi ile renklendirdiklerimi inceleyin. Neyi çalıştırıyor öğrenin. Çalışmasını istemiyorsanız Fix checked botonu ile kökünü kazıyın. Kırmızılı olanları ise incelemeden Fixleyin... Bu arada Mavi ile işaretli hosts dosyaları virüslüdür. Onları fixleyin. Mozilla firefoxta vekil sunucu ayarlarını otomatik ayarlayın. Her tarayıcıdan istediğiniz siteye girebilirsiniz... Hadi geçmiş olsun... Link to comment Share on other sites More sharing options...
MostWanted Posted August 24, 2009 Share Posted August 24, 2009 Şimdi bnm anlamadığım host dosyaları neden virüslü?Tmm host dosyasındanki o yerler kötü sitelere girmeye yardımcı oluyor fakat siz girmedikten sonra size bir zararı olmaz.O yüzden virüslü diyerek milleti korkutmak ne kadar doğru Fırat'cım?Ayrıca fixlerken mesela üstte bi yerde servisleri de fixlettiriyosun.Belki adam o servisleri kullanacak?Tmm sana göre gereksiz bana göre de gereksiz ama yine de daha dikkatli fixlettirmen lazım.Bnm bir arkadaşım böyle bilmeden aldı Hijackthis eline geçen hepsini bi fixledi ondan sonra her ayarı bozuldu Yani dikkatli ol;) Sonra senin başın ağrımasın.. Link to comment Share on other sites More sharing options...
AlijohnX Posted August 24, 2009 Author Share Posted August 24, 2009 Önerin için teşekkür ederim adamım. Ben işimi bilirim... Link to comment Share on other sites More sharing options...
irresali Posted August 25, 2009 Share Posted August 25, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 02:49:26, on 25.08.2009 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: E:\WINDOWS\System32\smss.exe E:\WINDOWS\system32\csrss.exe E:\WINDOWS\system32\winlogon.exe E:\WINDOWS\system32\services.exe E:\WINDOWS\system32\lsass.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\System32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\svchost.exe E:\WINDOWS\system32\spoolsv.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\ESET\ESET Smart Security\ekrn.exe E:\Program Files\Java\jre6\bin\jqs.exe E:\WINDOWS\Explorer.EXE E:\WINDOWS\system32\nvsvc32.exe E:\WINDOWS\VistaDrive\VistaDrive.exe E:\Program Files\USB ADSL\CnxDslTb.exe E:\WINDOWS\system32\RUNDLL32.EXE E:\WINDOWS\RTHDCPL.EXE E:\WINDOWS\SOUNDMAN.EXE E:\Program Files\Java\jre6\bin\jusched.exe E:\WINDOWS\system32\RunDLL32.exe E:\WINDOWS\system32\rundll32.exe E:\Program Files\ESET\ESET Smart Security\egui.exe E:\WINDOWS\system32\wscntfy.exe E:\WINDOWS\System32\alg.exe E:\WINDOWS\system32\wbem\wmiapsrv.exe E:\WINDOWS\system32\svchost.exe E:\Program Files\Mozilla Firefox\firefox.exe E:\Program Files\Java\jre6\bin\java.exe E:\Program Files\Trend Micro\HijackThis\HijackThis.exe E:\WINDOWS\system32\wbem\wmiprvse.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - E:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [VistaDrive] E:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [CnxDslTaskBar] E:\Program Files\USB ADSL\CnxDslTb.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE O4 - HKLM\..\Run: [GEST] m|\ü O4 - HKLM\..\Run: [JMB36X IDE Setup] E:\WINDOWS\RaidTool\xInsIDE.exe O4 - HKLM\..\Run: [36X Raid Configurer] E:\WINDOWS\system32\xRaidSetup.exe boot O4 - HKLM\..\Run: [sunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [VF0060 STISvc] RunDLL32.exe V0060Pin.dll,RunDLL32EP 513 O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [Evidence Eliminator] E:\Program Files\Evidence Eliminator\ee.exe /m O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: Formları Doldur - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: Formları Kaydet - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O8 - Extra context menu item: Menüyü Özelleştir - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://E:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: RoboForm Toolbar - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Formları Doldur - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Formları Kaydet - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://E:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - O16 - DPF: {6F0892F7-0D44-41C3-BF07-7599873FAA04} (Crystal ActiveX Report Viewer Control 11.5) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{BF97F8C8-E92C-4E5D-880B-678F21E8DC6E}: NameServer = 195.175.39.40 195.175.39.39 O20 - Winlogon Notify: Antiwpa - E:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - E:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe -- End of file - 7588 bytes Link to comment Share on other sites More sharing options...
kskmehmet Posted August 25, 2009 Share Posted August 25, 2009 şimdiden teşekkürler Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:54:10, on 25.08.2009 Platform: Windows Vista SP1 (WinNT 6.00.1905) MSIE: Internet Explorer v8.00 (8.00.6001.18813) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe C:\Program Files\RALINK\Common\RaUI.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Users\ksk\AppData\Local\Chromium\Application\chrome.exe C:\Users\ksk\AppData\Local\Chromium\Application\chrome.exe C:\Users\ksk\AppData\Local\Chromium\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\Program Files\MajorShare\msrsd.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: G Data WebFilter Class - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O3 - Toolbar: G Data WebFilter - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files\G Data\TotalCare\Webfilter\AvkWebIE.dll O4 - HKLM\..\Run: [synTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [MSRSD] C:\Program Files\MajorShare\msrsd.exe O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\TotalCare\Firewall\GDFirewallTray.exe O4 - HKLM\..\Run: [G DATA AntiVirus Trayapplication] C:\Program Files\G Data\TotalCare\AVKTray\AVKTray.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [startCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE') O4 - Global Startup: Ralink Wireless Utility.lnk = C:\Program Files\RALINK\Common\RaUI.exe O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O9 - Extra 'Tools' menuitem: Translate this web page with Babylon - {F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll O13 - Gopher Prefix: O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{D88D9578-B5C3-417D-B1FC-BA7C4A403247}: NameServer = 208.67.222.222,208.67.220.220 O20 - AppInit_DLLs: ?©?? O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G DATA\AVKProxy\AVKProxy.exe O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKService.exe O23 - Service: AntiVirus Güvenliği (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\TotalCare\AVK\AVKWCtl.exe O23 - Service: G Data Backup Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKBackup\AVKBackupService.exe O23 - Service: G Data Tuner Service - G Data Software AG - C:\Program Files\G Data\TotalCare\AVKTuner\AVKTunerService.exe O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\TotalCare\Firewall\GDFwSvc.exe O23 - Service: G Data Scanner (GDScan) - G DATA Software AG - C:\Program Files\Common Files\G DATA\GDScan\GDScan.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\RALINK\Common\RalinkRegistryWriter.exe -- End of file - 7067 bytes Link to comment Share on other sites More sharing options...
rambili Posted August 25, 2009 Share Posted August 25, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 03:59:18, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\windows\System32\smss.exe C:\windows\system32\winlogon.exe C:\windows\system32\services.exe C:\windows\system32\lsass.exe C:\Program Files\USB Safely Remove\USBSRService.exe C:\windows\system32\svchost.exe C:\windows\System32\svchost.exe C:\windows\system32\svchost.exe C:\windows\system32\spoolsv.exe C:\windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\WINDOWS\VistaDrive\VistaDrive.exe C:\windows\SOUNDMAN.EXE C:\Program Files\Naevius USB Antivirus\usbantivirus.exe D:\System\500Tek_Men_deM.H.Orhan\M.H.Orhan Menü\M.H.Orhan.exe C:\Program Files\FlashGet\flashget.exe C:\windows\system32\ctfmon.exe C:\Program Files\USB Safely Remove\USBSafelyRemove.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files\DU Meter\DUMeterSvc.exe C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe C:\Program Files\Shield\shdserv.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Program Files\Shield\shieldclnt.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Please register to see this content. R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 94.75.239.201 www.sharebus.com O1 - Hosts: 94.75.239.201 sharebus.com O1 - Hosts: 74.50.28.205 divx-world.com O1 - Hosts: 74.50.28.205 www.divx-world.com O1 - Hosts: 94.102.51.10 12chan.org O1 - Hosts: 94.102.51.10 www.12chan.org O1 - Hosts: 94.102.51.10 img.12chan.org O1 - Hosts: 195.72.135.41 bwin.com O1 - Hosts: 195.8.215.136 dailymotion.com O1 - Hosts: 195.8.215.137 www.dailymotion.com O1 - Hosts: 174.36.21.116 divxevi.com O1 - Hosts: 174.36.12.48 forumtr.com O1 - Hosts: 174.36.12.48 www.forumtr.com O1 - Hosts: 75.126.2.88 www.forumtr.com O1 - Hosts: 195.110.8.7 images.freeviewmovies.com O1 - Hosts: 195.110.8.6 content.freeviewmovies.com O1 - Hosts: 89.238.128.18 content1.freeviewmovies.com O1 - Hosts: 195.110.8.8 content2.freeviewmovies.com O1 - Hosts: 66.218.77.68 geocities.com O1 - Hosts: 66.218.77.68 www.geocities.com O1 - Hosts: 77.247.179.157 imagefap.com O1 - Hosts: 77.247.179.165 www.imagefap.com O1 - Hosts: 77.247.179.169 images.imagefap.com O1 - Hosts: 77.247.179.169 cache.imagefap.com O1 - Hosts: 87.242.73.60 imgsrc.ru O1 - Hosts: 87.242.72.143 s0.imgsrc.ru O1 - Hosts: 87.242.72.143 s1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0.imgsrc.ru O1 - Hosts: 87.242.72.143 b1.imgsrc.ru O1 - Hosts: 87.242.72.143 b0p.imgsrc.ru O1 - Hosts: 87.242.72.143 b1p.imgsrc.ru O1 - Hosts: 85.17.90.3 wwwstatic.megaupload.com O1 - Hosts: 69.5.88.70 www01.megaupload.com O1 - Hosts: 69.5.88.75 static.megaupload.com O1 - Hosts: 67.228.223.62 mp3hanesi.com O1 - Hosts: 67.228.223.62 mp3hanesi.net O1 - Hosts: 67.228.223.62 mp3hanesi.org O1 - Hosts: 67.228.223.62 www.mp3hanesi.com O1 - Hosts: 67.228.223.62 www.mp3hanesi.net O1 - Hosts: 67.228.223.62 www.mp3hanesi.org O1 - Hosts: 216.155.128.58 redtube.com O1 - Hosts: 66.55.141.21 www.redtube.com O1 - Hosts: 216.155.128.24 thumbs.redtube.com O1 - Hosts: 66.55.141.51 ads.redtube.com O1 - Hosts: 216.155.128.22 dl.redtube.com O1 - Hosts: 66.55.141.251 dlembed.redtube.com O1 - Hosts: 66.55.141.20 embed.redtube.com O1 - Hosts: 74.208.27.228 redtube.com.br O1 - Hosts: 74.208.27.228 www.redtube.com.br O1 - Hosts: 195.149.139.33 casinoeuro.net O1 - Hosts: 195.149.139.33 www.casinoeuro.net O1 - Hosts: 172.16.249.19 starhacks.org O1 - Hosts: 172.16.249.19 www.starhacks.org O1 - Hosts: 209.200.162.65 superbahis199.com O1 - Hosts: 209.200.162.65 www.superbahis199.com O1 - Hosts: 83.140.65.11 thepiratebay.org O1 - Hosts: 83.140.176.160 www.thepiratebay.org O1 - Hosts: 91.191.138.3 tracker.thepiratebay.org O1 - Hosts: 83.140.65.31 torrents.thepiratebay.org O1 - Hosts: 83.140.65.41 static.thepiratebay.org O1 - Hosts: 91.191.138.2 vip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 tpb.tracker.thepiratebay.org O1 - Hosts: 91.191.138.9 wip.tracker.thepiratebay.org O1 - Hosts: 91.191.138.4 open.tracker.thepiratebay.org O1 - Hosts: 91.191.138.7 upen.tracker.thepiratebay.org O1 - Hosts: 91.191.138.6 vtv.tracker.thepiratebay.org O1 - Hosts: 91.191.138.5 a.tracker.thepiratebay.org O1 - Hosts: 213.73.89.193 stalker.h3q.com O1 - Hosts: 91.191.138.2 denis.stalker.h3q.com O1 - Hosts: 91.191.138.7 vtv.tv.tracker.prq.to O1 - Hosts: 91.191.138.8 tracker.prq.to O1 - Hosts: 91.191.138.9 tv.tracker.prq.to O1 - Hosts: 91.191.138.2 eztv.tv.tracker.prq.to O1 - Hosts: 208.73.210.32 torrentturk.com O1 - Hosts: 64.111.206.186 xnxx.com O1 - Hosts: 64.111.206.194 www.xnxx.com O1 - Hosts: 76.9.6.234 video.xnxx.com O1 - Hosts: 66.230.171.106 gfx.xnxx.com O1 - Hosts: 66.230.171.162 stories.xnxx.com O1 - Hosts: 94.75.218.37 xv122.xvideos.com O1 - Hosts: 94.75.218.38 xv123.xvideos.com O1 - Hosts: 94.75.218.39 xv124.xvideos.com O1 - Hosts: 76.9.6.230 xvideos.com O1 - Hosts: 76.9.6.238 www.xvideos.com O1 - Hosts: 94.75.218.53 img.xvideos.com O1 - Hosts: 94.75.218.1 xv100.xvideos.com O1 - Hosts: 94.75.218.2 xv101.xvideos.com O1 - Hosts: 94.75.218.3 xv102.xvideos.com O1 - Hosts: 94.75.218.4 xv103.xvideos.com O1 - Hosts: 94.75.218.5 xv104.xvideos.com O1 - Hosts: 94.75.218.6 xv105.xvideos.com O1 - Hosts: 94.75.218.7 xv106.xvideos.com O1 - Hosts: 94.75.218.8 xv107.xvideos.com O1 - Hosts: 94.75.218.9 xv108.xvideos.com O1 - Hosts: 94.75.218.10 xv109.xvideos.com O1 - Hosts: 94.75.218.11 xv110.xvideos.com O1 - Hosts: 94.75.218.12 xv111.xvideos.com O1 - Hosts: 94.75.218.13 xv112.xvideos.com O1 - Hosts: 94.75.218.14 xv113.xvideos.com O1 - Hosts: 94.75.218.15 xv114.xvideos.com O1 - Hosts: 94.75.218.16 xv115.xvideos.com O2 - BHO: Octh Class - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [nusbantivirus] "C:\Program Files\Naevius USB Antivirus\usbantivirus.exe" -hide O4 - HKLM\..\Run: [shield] C:\Program Files\Shield\shieldtray.exe O4 - HKLM\..\Run: [M.H.Orhan Menü] D:\System\500Tek_Men_deM.H.Orhan\M.H.Orhan Menü\M.H.Orhan.exe O4 - HKLM\..\Run: [Flashget] C:\Program Files\FlashGet\flashget.exe /min O4 - HKCU\..\Run: [CTFMON.EXE] C:\windows\system32\ctfmon.exe O4 - HKCU\..\Run: [uSB Safely Remove] C:\Program Files\USB Safely Remove\USBSafelyRemove.exe /startup O4 - HKCU\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKCU\..\Run: [CrystalDiskInfo] "G:\Downloads\CrystalDiskInfo30B1\DiskInfo.exe" /Startup O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [set Visual Effects] SetVisualEffects.exe /silent (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_2] regsvr32 /s /n /i:U shell32 (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201 O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204 O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203 O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202 O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\msjava.dll O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\windows\Network Diagnostic\xpnetdiag.exe O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O17 - HKLM\System\CCS\Services\Tcpip\..\{F22BD58E-2761-4987-B572-3B80CB721232}: NameServer = 4.2.2.1,208.67.222.222 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd - C:\Program Files\DU Meter\DUMeterSvc.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: Rx2Agent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Agent.exe O23 - Service: Rx2Engine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectSpeed20\Rx2Engine.exe O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: SHDSERV - Unknown owner - C:\Program Files\Shield\shdserv.exe O23 - Service: Shield Client Service (ShieldClientService) - Unknown owner - C:\Program Files\Shield\shieldclnt.exe O23 - Service: USB Safely Remove Assistant (USBSafelyRemoveService) - Unknown owner - C:\Program Files\USB Safely Remove\USBSRService.exe -- End of file - 14770 bytes Bendeki log dosyası Link to comment Share on other sites More sharing options...
pcmemo Posted August 25, 2009 Share Posted August 25, 2009 Logfile of Trend Micro HijackThis v2.0.2Scan saved at 04:14:43, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16876) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\system32\wbem\wmiapsrv.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Internet Download Manager\IDMan.exe C:\Program Files\Shenturk\Ey DSL! 3\EyDSL.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = /sphome.aspx R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\ievkbd.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: Ey DSL! 3.lnk = C:\Program Files\Shenturk\Ey DSL! 3\EyDSL.exe O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: &Virtual keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtbbho.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - Please register to see this content. O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd3.dll O20 - Winlogon Notify: Antiwpa - C:\WINDOWS\SYSTEM32\antiwpa.dll O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- End of file - 6559 bytes Link to comment Share on other sites More sharing options...
madrower Posted August 25, 2009 Share Posted August 25, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 04:51:27, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20815) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\oodag.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\uTorrent\uTorrent.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\osk.exe C:\WINDOWS\system32\MSSWCHX.EXE C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - (no file) O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [tsnp2std] C:\WINDOWS\tsnp2std.exe O4 - HKLM\..\Run: [snp2std] C:\WINDOWS\vsnp2std.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions present O8 - Extra context menu item: Bütün linkleri IDM ile indir - C:\Program Files\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: FLV video içeriğini IDM ile indir - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: IDM ile indir - C:\Program Files\Internet Download Manager\IEExt.htm O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - d:\Program Files\WinHTTrack\WinHTTrackIEBar.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{C320BA0C-7F5F-49C5-9EC7-ECD148E78B28}: NameServer = 208.67.222.222,208.67.220.220 O23 - Service: ArcSoft Connect Daemon (ACDaemon) - Unknown owner - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe (file missing) O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (file missing) O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe -- End of file - 5273 bytes Link to comment Share on other sites More sharing options...
TempL. Posted August 25, 2009 Share Posted August 25, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:20:56, on 25.08.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.20772) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\VistaDrive\VistaDrive.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Java\jre6\bin\jusched.exe C:\WINDOWS\FixCamera.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\ManyCam 2.2\ManyCam.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\services.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.tnctr.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O2 - BHO: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O3 - Toolbar: BS Player Toolbar - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files\BS_Player\tbBS_1.dll O4 - HKLM\..\Run: [VistaDrive] C:\WINDOWS\VistaDrive\VistaDrive.exe O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [FixCamera] C:\WINDOWS\FixCamera.exe O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [svchost] "C:\WINDOWS\services.exe" O4 - HKCU\..\Run: [ManyCam] "C:\Program Files\ManyCam 2.2\ManyCam.exe" O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user') O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Web Koruması İstatistikleri - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/tr/uno1/GAME_UNO1.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{33899C5F-5164-4BBE-B756-8019BC16E794}: NameServer = 4.2.2.4,4.2.2.2 O23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe O23 - Service: Google Güncelleme Hizmeti (gupdate1ca083db17eca8) (gupdate1ca083db17eca8) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe -- End of file - 5946 bytes Link to comment Share on other sites More sharing options...
tufan188 Posted August 25, 2009 Share Posted August 25, 2009 Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 07:19:36, on 25.08.2009 Platform: Unknown Windows (WinNT 6.01.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\Vm_sti.exe C:\Program Files\ESET\ESET Smart Security\egui.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\taskhost.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O4 - HKLM\..\Run: [bigDogPath] C:\Windows\VM_STI.EXE A4 Tech USB PC Camera O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O8 - Extra context menu item: &FlashGet ile indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Tümünü FlashGet ile indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O13 - Gopher Prefix: O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - Please register to see this content. O17 - HKLM\System\CCS\Services\Tcpip\..\{9097A1AE-378D-42C0-B4B8-9E1CDA08BF74}: NameServer = 4.2.2.3,4.2.2.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{9097A1AE-378D-42C0-B4B8-9E1CDA08BF74}: NameServer = 4.2.2.3,4.2.2.4 O17 - HKLM\System\CS2\Services\Tcpip\..\{9097A1AE-378D-42C0-B4B8-9E1CDA08BF74}: NameServer = 4.2.2.3,4.2.2.4 O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- End of file - 3702 bytes şimdiden tşkler Link to comment Share on other sites More sharing options...
restof Posted August 25, 2009 Share Posted August 25, 2009 Please register to see this content. adresine oluşturduğunuz log dosyasının içindekileri kopyala yapıştır yaparak sonucu kendinizde görüp yorumluyabilirsiniz. Çok basit arkadaşlar. korkmayın. denemekten zarar gelmez, merak etmeyin. Link to comment Share on other sites More sharing options...
tufan188 Posted August 25, 2009 Share Posted August 25, 2009 oradan yaptımda birde arkadaşın fikrini almak için yazmıştım Link to comment Share on other sites More sharing options...
AlijohnX Posted August 26, 2009 Author Share Posted August 26, 2009 Please register to see this content. adresine oluşturduğunuz log dosyasının içindekileri kopyala yapıştır yaparak sonucu kendinizde görüp yorumluyabilirsiniz. Çok basit arkadaşlar. korkmayın. denemekten zarar gelmez, merak etmeyin. Yav bütün yorumlarını okumadan neden yorum yapıyorsunuz anlamıyorum... Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.