Spy Dan Kurtarın

mbayrak · December 31, 2007

Arkadaşlar içerisinde script yada form içeren sayfalara girdiğim zaman sayfanın üst kısmında iframe olarak gözken bişeyler çıkıyor ve bazı dosyalar haliyle bilgisayar iniyoır bunlara trojan uyarısı veriyor antivirüs Ama b. çözüm bulamıyor. buyüzden e-okul sistemini veya ssk bağkur hizme dökümü gibi hizmetleri kullanamıyorum. bir çözüm bulamadım yardım ederseniz sevinirim. şimdiden teşekkürlker

***sk8er_boi*** · December 31, 2007

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe[/CODE]

HijackThis ile rapor oluşturup buraya yazarsan inceleyebiliriz.

Safkan · December 31, 2007

mbayrak · December 31, 2007

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe[/CODE]
HijackThis ile rapor oluşturup buraya yazarsan inceleyebiliriz.

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:10:21, on 31/12/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\ESET\ESET Smart Security\egui.exe

C:\Program Files\QuickTime\qttask.exe

C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\MSN Messenger\MsnMsgr.Exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

C:\Program Files\Orbitdownloader\orbitdm.exe

C:\Program Files\ESET\ESET Smart Security\ekrn.exe

C:\OOS\Firebird\bin\fbguard.exe

C:\Program Files\Orbitdownloader\orbitnet.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\dns\bin\named.exe

C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

C:\OOS\Firebird\bin\fbserver.exe

C:\Program Files\CA\CA Internet Security Suite\casecuritycenter.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Program Files\Opera\Opera.exe

E:\My Downloads\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"

O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe"

O4 - HKLM\..\RunServices: [Microsoft] avgemcu.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)

O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\Program Files\Eltima Software\Flash Decompiler\iebt.dll (HKCU)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
Please register to see this content.

O17 - HKLM\System\CCS\Services\Tcpip\..\{C51080E3-7F1D-4BE0-AD26-ABD370552397}: NameServer = 127.0.0.1,10.0.0.2

O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe

O23 - Service: CAISafe - Computer Associates International, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe

O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe

O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - The Firebird Project - C:\OOS\Firebird\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - The Firebird Project - C:\OOS\Firebird\bin\fbserver.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: twdns - Unknown owner - C:\WINDOWS\system32\dns\bin\named.exe

O23 - Service: VET Message Service (VETMSGNT) - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe

--

End of file - 6927 bytes

***sk8er_boi*** · December 31, 2007

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)[/CODE]

Bu satırı silmeyi deneyin. Olmadı "dial a fix" programını indirin ve tüm ayarları seçerek çalıştırın. Sonra IE'yi kaldırıp yeniden yükleyin.

lontokyo · February 1, 2009

Hocam sıze zahmet bugunlerde benım basımda bole bı bela var sunu bı kontrol etseniz

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:22:02, on 01.02.2009

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.5730.0013)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\taskswitch.exe

C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe

C:\WINDOWS\system32\VTTimer.exe

C:\WINDOWS\system32\VTtrayp.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Program Files\MSN Messenger\usnsvc.exe

C:\Program Files\AIMP2\AIMP2.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

C:\Program Files\MSN Messenger\msnmsgr.exe

C:\Documents and Settings\hÜsEyİn\Desktop\FixWelch.exe

C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe

C:\Documents and Settings\hÜsEyİn\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
Please register to see this content.

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar

O1 - Hosts: Youtube Dünya Capinda IP leri toplam 2859 adet ....

O1 - Hosts: 208.65.153.251 uk.youtube.com

O1 - Hosts: 208.65.153.253 de.youtube.com

O1 - Hosts: 208.117.236.70 youtube.com

O1 - Hosts: 208.117.236.70 www.youtube.com

O1 - Hosts: 74.125.65.118 img.youtube.com

O1 - Hosts: 64.15.124.143 sjc-v1.sjc.youtube.com

O1 - Hosts: 64.15.124.144 sjc-v2.sjc.youtube.com

O1 - Hosts: 64.15.124.145 sjc-v3.sjc.youtube.com

O1 - Hosts: 64.15.124.146 sjc-v4.sjc.youtube.com

O1 - Hosts: 64.15.124.147 sjc-v5.sjc.youtube.com

O1 - Hosts: 64.15.124.148 sjc-v6.sjc.youtube.com

O1 - Hosts: 64.15.124.149 sjc-v7.sjc.youtube.com

O1 - Hosts: 64.15.124.150 sjc-v8.sjc.youtube.com

O1 - Hosts: 64.15.124.151 sjc-v9.sjc.youtube.com

O1 - Hosts: 64.15.124.152 sjc-v10.sjc.youtube.com

O1 - Hosts: 64.15.124.153 sjc-v11.sjc.youtube.com

O1 - Hosts: 64.15.124.154 sjc-v12.sjc.youtube.com

O1 - Hosts: 64.15.124.155 sjc-v13.sjc.youtube.com

O1 - Hosts: 64.15.124.156 sjc-v14.sjc.youtube.com

O1 - Hosts: 64.15.124.157 sjc-v15.sjc.youtube.com

O1 - Hosts: 64.15.124.158 sjc-v16.sjc.youtube.com

O1 - Hosts: 64.15.124.159 sjc-v17.sjc.youtube.com

O1 - Hosts: 64.15.124.160 sjc-v18.sjc.youtube.com

O1 - Hosts: 64.15.124.161 sjc-v19.sjc.youtube.com

O1 - Hosts: 64.15.124.162 sjc-v20.sjc.youtube.com

O1 - Hosts: 64.15.124.163 sjc-v21.sjc.youtube.com

O1 - Hosts: 64.15.124.164 sjc-v22.sjc.youtube.com

O1 - Hosts: 64.15.124.165 sjc-v23.sjc.youtube.com

O1 - Hosts: 64.15.124.166 sjc-v24.sjc.youtube.com

O1 - Hosts: 64.15.124.167 sjc-v25.sjc.youtube.com

O1 - Hosts: 64.15.124.168 sjc-v26.sjc.youtube.com

O1 - Hosts: 64.15.124.169 sjc-v27.sjc.youtube.com

O1 - Hosts: 64.15.124.170 sjc-v28.sjc.youtube.com

O1 - Hosts: 64.15.124.171 sjc-v29.sjc.youtube.com

O1 - Hosts: 64.15.124.172 sjc-v30.sjc.youtube.com

O1 - Hosts: 64.15.124.173 sjc-v31.sjc.youtube.com

O1 - Hosts: 64.15.124.174 sjc-v32.sjc.youtube.com

O1 - Hosts: 64.15.124.175 sjc-v33.sjc.youtube.com

O1 - Hosts: 64.15.124.176 sjc-v34.sjc.youtube.com

O1 - Hosts: 64.15.124.177 sjc-v35.sjc.youtube.com

O1 - Hosts: 64.15.124.178 sjc-v36.sjc.youtube.com

O1 - Hosts: 64.15.124.179 sjc-v37.sjc.youtube.com

O1 - Hosts: 64.15.124.180 sjc-v38.sjc.youtube.com

O1 - Hosts: 64.15.124.207 sjc-v39.sjc.youtube.com

O1 - Hosts: 64.15.124.208 sjc-v40.sjc.youtube.com

O1 - Hosts: 64.15.124.209 sjc-v41.sjc.youtube.com

O1 - Hosts: 64.15.124.210 sjc-v42.sjc.youtube.com

O1 - Hosts: 64.15.124.211 sjc-v43.sjc.youtube.com

O1 - Hosts: 64.15.124.212 sjc-v44.sjc.youtube.com

O1 - Hosts: 64.15.124.213 sjc-v45.sjc.youtube.com

O1 - Hosts: 64.15.124.214 sjc-v46.sjc.youtube.com

O1 - Hosts: 64.15.124.215 sjc-v47.sjc.youtube.com

O1 - Hosts: 64.15.124.216 sjc-v48.sjc.youtube.com

O1 - Hosts: 64.15.124.217 sjc-v49.sjc.youtube.com

O1 - Hosts: 64.15.124.218 sjc-v50.sjc.youtube.com

O1 - Hosts: 64.15.124.219 sjc-v51.sjc.youtube.com

O1 - Hosts: 64.15.124.220 sjc-v52.sjc.youtube.com

O1 - Hosts: 64.15.124.221 sjc-v53.sjc.youtube.com

O1 - Hosts: 64.15.124.222 sjc-v54.sjc.youtube.com

O1 - Hosts: 64.15.124.223 sjc-v55.sjc.youtube.com

O1 - Hosts: 64.15.124.224 sjc-v56.sjc.youtube.com

O1 - Hosts: 64.15.124.225 sjc-v57.sjc.youtube.com

O1 - Hosts: 64.15.124.226 sjc-v58.sjc.youtube.com

O1 - Hosts: 64.15.124.227 sjc-v59.sjc.youtube.com

O1 - Hosts: 64.15.124.228 sjc-v60.sjc.youtube.com

O1 - Hosts: 64.15.124.229 sjc-v61.sjc.youtube.com

O1 - Hosts: 64.15.124.230 sjc-v62.sjc.youtube.com

O1 - Hosts: 64.15.124.231 sjc-v63.sjc.youtube.com

O1 - Hosts: 64.15.124.232 sjc-v64.sjc.youtube.com

O1 - Hosts: 64.15.124.233 sjc-v65.sjc.youtube.com

O1 - Hosts: 64.15.124.234 sjc-v66.sjc.youtube.com

O1 - Hosts: 64.15.124.235 sjc-v67.sjc.youtube.com

O1 - Hosts: 64.15.124.236 sjc-v68.sjc.youtube.com

O1 - Hosts: 64.15.124.237 sjc-v69.sjc.youtube.com

O1 - Hosts: 64.15.124.238 sjc-v70.sjc.youtube.com

O1 - Hosts: 64.15.124.239 sjc-v71.sjc.youtube.com

O1 - Hosts: 64.15.124.240 sjc-v72.sjc.youtube.com

O1 - Hosts: 64.15.124.241 sjc-v73.sjc.youtube.com

O1 - Hosts: 64.15.124.242 sjc-v74.sjc.youtube.com

O1 - Hosts: 64.15.124.243 sjc-v75.sjc.youtube.com

O1 - Hosts: 64.15.124.244 sjc-v76.sjc.youtube.com

O1 - Hosts: 64.15.125.16 sjc-v77.sjc.youtube.com

O1 - Hosts: 64.15.125.17 sjc-v78.sjc.youtube.com

O1 - Hosts: 64.15.125.18 sjc-v79.sjc.youtube.com

O1 - Hosts: 64.15.125.19 sjc-v80.sjc.youtube.com

O1 - Hosts: 64.15.125.20 sjc-v81.sjc.youtube.com

O1 - Hosts: 64.15.125.21 sjc-v82.sjc.youtube.com

O1 - Hosts: 64.15.125.22 sjc-v83.sjc.youtube.com

O1 - Hosts: 64.15.125.23 sjc-v84.sjc.youtube.com

O1 - Hosts: 64.15.125.24 sjc-v85.sjc.youtube.com

O1 - Hosts: 64.15.125.25 sjc-v86.sjc.youtube.com

O1 - Hosts: 64.15.125.26 sjc-v87.sjc.youtube.com

O1 - Hosts: 64.15.125.27 sjc-v88.sjc.youtube.com

O1 - Hosts: 64.15.125.28 sjc-v89.sjc.youtube.com

O1 - Hosts: 64.15.125.29 sjc-v90.sjc.youtube.com

O1 - Hosts: 64.15.125.30 sjc-v91.sjc.youtube.com

O1 - Hosts: 64.15.125.31 sjc-v92.sjc.youtube.com

O1 - Hosts: 64.15.125.32 sjc-v93.sjc.youtube.com

O1 - Hosts: 64.15.125.33 sjc-v94.sjc.youtube.com

O1 - Hosts: 64.15.125.34 sjc-v95.sjc.youtube.com

O2 - BHO: Adobe PDF Reader Bağı Yardımı - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [skyTel] SkyTel.EXE

O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe

O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe

O4 - HKLM\..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe

O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"

O4 - HKLM\..\Run: [VTTimer] VTTimer.exe

O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\system32\msconfig.exe /auto

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [nltide2] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,L,,4,N (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-19\..\RunOnce: [set Visual Effects] SetVisualEffects.exe /silent (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')

O8 - Extra context menu item: &VİNDİR FOR YOUTUBE 2 >>> - C:\Program Files\Vindir for YouTube 2\context_handle.htm

O8 - Extra context menu item: Add to Anti-Banner - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Reklam Panosu Engelleyiciye ekle - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll

O9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll

O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll

O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe

O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

O23 - Service: Acronis Try And Decide Service (TryAndDecideService) - Unknown owner - C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe

--

End of file - 13766 bytes

Sign In

Spy Dan Kurtarın

Recommended Posts

mbayrak

Link to comment

Share on other sites

sk8er_boi

Link to comment

Share on other sites

Safkan

Link to comment

Share on other sites

mbayrak

Link to comment

Share on other sites

sk8er_boi

Link to comment

Share on other sites

lontokyo

Link to comment

Share on other sites

Archived

Recently Browsing 0 members

Browse

Activity