Teknoloji Haberleri
Aşağı Git
Tüm Forumlar
İşletim Sistemleri ve Yazılımlar
Yazılım Genel
Güvenlik Programları
HIJACKThis Ile Guvenliginizi Saglayin
Bu konudaki kullanıcılar: 1 misafir, 1 mobil kullanıcı
254
Cevap 64773
Tıklama 0
Öne Çıkarma
Cevap 64773
Tıklama 0
Öne Çıkarma
-
Cevap: HIJACKThis Ile Guvenliginizi Saglayin (2. sayfa)
| C : programfiles / HJT ye atınca aşagıdakı mesajı aldım.Sorun nedir acaba? daha taratmadım da? |
Bu mesaja 1 cevap geldi.
Hocam herhangi bir sorun yok sadece sana bir ön-uyarı mesajı veriyor."Beni kullanırken tecrübeli kullanıcılara danış" diyor....... |
Bu mesaja 1 cevap geldi.
sistemin temiz merak etme zararlı birşey yok flash get var onunda serialını girdiyse hiçbir sorun olmaz |
Bu mesaja 1 cevap geldi.
|
bir logta benden gecenlerde webte gezenken trojan yuklenmişti sildim ama bakarsanız sevinirim. Teşekkürler. Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\GlobespanVirata\Adsl\dslagent.exe D:\LifeView Studio\HDTV.EXE D:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll (file missing) O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\GlobespanVirata\Adsl\dslagent.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O16 - DPF: TNNPisti -http://oyun.tnn.net/Pisti/tnnPisti.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -https://abonenet.e-kolay.net/fsecure/onlinetarama/fscax.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF9CB1E-3023-435C-9379-2189ABACDF8D}: NameServer = 195.175.37.69 195.175.37.14 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
Bu mesaja 1 cevap geldi.
|
@cicey O2 ve O18 ile başlayan satırlar seçili iken Fix Checked yapın.Daha sonra MSN Messenger'ın son versiyonunu aşağıdaki linkten yükleyin. http://messenger.msn.com/Xp/Default.aspx Not : MSN ile ilgili yüklemeleri kesinlikle kendi sitesinden yapmanızı tavsiye ediyorum. |
Bu mesaja 1 cevap geldi.
buda bnm log kardeş bi bakarmısın. bide ben bu olaya yeni atldgm için yapacgm şeyleri adım adım anlatırsan sevinirim şimdiden saol. Logfile of HijackThis v1.99.1 Scan saved at 20:54:53, on 03.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe C:\WINDOWS\System32\LckFldService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Bluetooth Software\BTTray.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Bluetooth Software\BTStackServer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe F:\Emule\Incoming\The All-Seeing Eye 1.9.7 (Crakeado)\EYE.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.trgamer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - Default URLSearchHook is missing O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {990D211C-FBA4-47FB-A764-A2D7A78A79E4} (SecureLogin) -http://www.gamegarden.net/game/ggsecure.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B06BE17C-BA9E-4F46-8C5F-813377029F72}: NameServer = 10.0.0.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing) O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing) O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
Bu mesaja 1 cevap geldi.
|
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe yukarıdaki dosyanın hangi servis ya da programla ilişkili olduğunu bulamadım.Ayrıca sisteminde çok fazla context menü ve toolbar vs extra link var bence sistemini yoracak linkleri secip fix checked yapmalısın. |
Bu mesaja 1 cevap geldi.
Hocam aslında düzeltilmesi ya da silinmesi gereken daha çok satır var ancak ilk önce sen koyu olanları seç ve fix checked de.. ancak özellikle kırmızı ile belirttiğim adım önemli... |
Bu mesaja 1 cevap geldi.
kırmızı ile belirttiğim yeri seçip fix checked yaparsan (HJT ile scan yaptıktan sonra) en azından varsayılan arama motoru ile ilgili dosyaların düzeltilecek. sisteminde çok fazla modül yüklü... |
|
benimkinede bi bakarmısınız? bilgisayarım hacklenmişti, üstüne firewall ve antivirüs kurdum sadece, ama onlarada bişii yapmışlar sanırım. Format atıcam ama ondan öncede bi temizleyebilirsem iyi olcak... Logfile of HijackThis v1.99.1 Scan saved at 16:14:50, on 04.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Messenger\Msmsgs.exe C:\WINDOWS\explorer.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124310054231 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing) O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (file missing) O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Advances.Com WinShark (WinShark) - Unknown owner - C:\program files\advances.com\winshark\WinShark.exe (file missing) |
Bu mesaja 1 cevap geldi.
|
Logfile of HijackThis v1.99.1 Scan saved at 00:36:26, on 05.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Opera\Opera.exe D:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup O4 - HKLM\..\Run: [amd.exe] C:\Program Files\md\amd.exe O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat 3.4\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat 3.4\Camfrog Video Chat.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDA24A1-C09D-4A18-A398-C23C12F2548F}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{42147C12-BCAD-470B-A180-75847C555164}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD014CA-4FA9-4800-B699-0CB11B2C9703}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
Bu mesaja 1 cevap geldi.
|
@öcüüü benimkinede bi bakarmısınız? bilgisayarım hacklenmişti, üstüne firewall ve antivirüs kurdum sadece, ama onlarada bişii yapmışlar sanırım. Format atıcam ama ondan öncede bi temizleyebilirsem iyi olcak... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01 R3 - Default URLSearchHook is missing O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll Arkadaşım bu satırlar seçili iken Fix Checked seçeneğine tıkla. Ayrıca sistemin temiz gibi gözüküyor.Ancak önceden kurup sildiğin ya da hala sistemde olan programlar çok sayıda iz bırakmış logdan anladığım kadarıyla.Online Scan sitelerinin activeX denetçileri her zaman dll dosyalarını bu şekilde sisteme işler.Kafan rahat olsun.Ancak güvenmediğin siteleri Online Scan için kullanma. Sistemini rahatlatmak istiyorsan msconfig komutuyla Startup (başlangıç) ayarlarını optimize et. Eğer sisteminde bir yavaşlama oluyorsa 15 günlük peryotlar halinde XP'de Disk Defragmenter' i çalıştır. Antivirüs olarak tavsiyem Kaspersky 4.5 (sistemi yormaz) Güvenlik Duvarı olarak da XP SP2 nin entegre firewall ı yeterlidir.Ancak memnun değilsen Kaspersky Anti-Hacker'ı kullanabilirsin. |
Bu mesaja 2 cevap geldi.
|
@casual Merhabalar hocam sen anladığım kadarıyla bir solucan kapmışsın.
Nasıl Silerim 1) Sistem Geri Yüklemeyi deaktif konuma getir. 2) Virüs tanımlamalarını güncelle... 3) W32.Zokrim.V@mm ya da Bloodhound.VBS.Worm'dan etkilenen lokasyonları temizlemek için komple bir tarama yap ve bahsedilen tehlikelerden etkilenen tüm dosyaları sil. 4) Bu tehlikelerin kayıt defterine eklediği tüm satırları sil. Kaynak Ayrıca O17 ile başlayan tüm satırlar seçili iken Fix Checked'e tıkla. Önemli : Eğer aşağıdaki ip adreslerinin sana servis sağlayıcın tarafından atandığını düşünüyorsan bu işlemi yapmayabilirsin.
|
< Bu mesaj bu kişi tarafından değiştirildi greenflash -- 7 Kasım 2005, 0:10:50 >
|
teşekkür ediyorum greenflash. Onları Fix Checked yaptım ayrıca Zonealarm Pro kullanıyorum firewall olarak, çok memnunum şimdilik.. Antivirüs tercihim değişiyo ara ara. Ama Kaspersky antivirüsün son sürümlerini (5,0 sürümleri) niye tavsiye etmedin? kasar diye mi? bide Msconfig olayımı resim olarak koyuyorum, bi bakarmısın, bişey dikkatimi çekti: McAfee antivirüse ait 3 program çalışıyo: SHSTAT , UpdaterIU ve TBMon.exe. Şimdi bunlardan ilk ikisi NORMAL Bİ ŞEKİLDE Program files'ın içinde yer alıyo ama sonuncusu Common Filesta yer alıyo, niye?? < Resime gitmek için tıklayın > |
Bu mesaja 1 cevap geldi.
Bu mesaja 1 cevap geldi. Cevapları Gizle