Teknoloji Haberleri
Aşağı Git
Tüm Forumlar
İşletim Sistemleri ve Yazılımlar
Yazılım Genel
Güvenlik Programları
HIJACKThis Ile Guvenliginizi Saglayin
Bu konudaki kullanıcılar: 1 misafir
254
Cevap 64750
Tıklama 0
Öne Çıkarma
Cevap 64750
Tıklama 0
Öne Çıkarma
-
HIJACKThis Ile Guvenliginizi Saglayin
|
HIJACKTHIS REHBERİ SADECE .TXT uzantısıyla ATTACHMENT olarak eklediğiniz Hijackthis logları dikkate alınacaktır.Copy-Paste şeklindeki logları Forumda çok fazla yer işgal edeceğini düşündüğümüzden değerlendirmeyeceğiz. Lütfen size ait log dosyalarını diğer kullanıcıların açtığı başlıklara eklemeyin. Probleminizi bizlere ulaştırmak için yeni bir konu başlığı açın.Eğer sorununuz çözülmüşse konu başlıklarını SORUN GİDERİLMİŞTİR şeklinde değiştirin.Böylece daha kısa zamanda daha çok arkadaşa yardımcı olma şansımız olur. Ayrıca sadece Network, İnternet ve Güvenlik bölümünde açılan başlıklar dikkate alınacaktır. HJT nin en son sürümünü kullandığınızdan emin olun. HHJT Güncel versiyon : v1.99.1 indirmek için tıklayın. [HijackThis v1.99.1] Hijackthis kurulumu sırasında Hijackthis.exe dosyasını C:\Program Files\HJT içerisine atın. ÖNEMLİ : Kurulum sırasında Masaüstü ya da Temp klasörlerini kurulum için seçtiğiniz takdirde; HJT onarma işlemlerinin yedeklerini alamayacağından bir geri yükleme/onarma (UNDO) yapamazsınız. Kurulumdan sonra Hijackthis'i başlatın..Ve aşağıdaki adımları takip edin. Do a system scan and save a logfile Not Defterinde açılacak bir log dosyası (hijackthis.log) göreceksiniz. File> Save As'e tıklayın. hijackthis.log'u hijackthis.txt şeklinde kaydedin. Sonra Network, İnternet ve Güvenlik bölümünde Yeni Konu açın.Şu an gördüğüm kadarıyla bu bölümde ATTACHMENT ekleyemiyoruz.Bu durumda alternatif olarak RAPIDSHARE kullanabilirsiniz.Daha sonra PM (özel mesaj) ile bana ya da DH Güvenlik Takımı'ndaki uzmanlardan birine ulaşabilirsiniz.Böylece en kısa sürede sorununuzun çözülmesi için yardım alacaksınız. Eğer yeni sorunlarla karşılaşırsanız önceki mesajlarınızı editleyip bize yeniden ulaşabilirsiniz. Umarım bu çalışmamız sizlerden gerekli ilgi ve desteği görür. Trojensiz, Virüssüz ve Casus Yazılımsız ve güvenliği tam olarak sağlanmış bir sisteminiz olması dileğiyle....... |
< Bu mesaj bu kişi tarafından değiştirildi greenflash -- 16 Ekim 2005, 13:34:15 >
Bu mesaja 1 cevap geldi.
|
Hacktool.Rootkit Tür : Trojen Alias (Takma ad) : Yok Tehlikeli : Evet Yıkıcı Etki : Hayır Dil : İngilizce Platform : Windows 2000, XP, Server 2003 Şifreli : Hayır Risk : Düşük Seviye Açıklama : TROJ_ROOTKIT varyantı genellikle başka tehlikeli uygulamalarla birlikte kullanılarak çalışan işlemleri saklar.Trojenin kopyaları Windows klasörü içinde .SYS dosyalarıyla birlikte çeşitli adlarla bulunabilir ve kendisini bir sistem servisiymiş gibi gösterebilir. Sisteminiz için tehlikeli olabilecek işlemleri gizler.NT tabanlı sistemlerde NTOSKRNL.EXE'yi etkiler. NTOSKRNL.EXE basit Windows fonksiyonlarını gerçekleştirmek amacıyla sistem tarafından kullanılır.Bu nedenle varsayılan yapısı etkilenen bir sistem dosyası sistem bütünlüğünü bozacak ve Windows işletim sisteminize zarar verecektir. Bu Trojen'den etkilenen sistemler genellikle WORM_RBOT ve/veya WORM_SDBOT varyasyonlarıyla da etkilenmiş olabilir.Çünkü bu varyasyonlar ile sisteminiz için tehlikeli olan bu dosyalar birbirlerini gizleme görevini paylaşırlar. Rootkit problemi yaşayıp yaşamadığınızı tespit edebilecek bir program için : Rootkit Revealer Rootkit Revealer'ı indirmek için tıklayın http://www.sysinternals.com/utilities/rootkitrevealer.html Enteresan bir şekilde NAV/NORTON/SYMANTEC ürünlerini kullanan kullanıcılar bu problemle daha çok karşılaşıyor. Dürüst olmak gerekirse: HiJackThis Hacktool.Rootkit'e karşı etkili bir çözüm değildir! HiJackThis SADECE basit semptomların çözümlenmesine yardımcı olur.Bu durumda biz de zor görünen semptomu kolaya indirgemeliyiz. HJT remon.sys, orans.sys, msdirectx.sys ya da benzeri diğer sistem dosyalarını göstermez. Eğer HJT ile tarama yapmak isterseniz.; Öncelikle HijackThis'i C:\Program Files\HJT lokasyonuna yerleştirin.(Kesinlikle Masaüstü ya da Temp klasörüne atmayın) Aşağıdaki dosya/dosyaları bulun.Bunun için: \WINDOWS\ ya da \WINNT\. Klasörlerini kontrol edin. (Çalışan İşlemler)Running processes: C:\WINDOWS\javapanel.exe C:\WINDOWS\taskcntr.exe C:\WINDOWS\System32\xpjava.exe O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe O23 - Service: SystemManager - Unknown owner - C:\WINDOWS\sysmanager.exe Kurtulmak için: Bilgisayarınızı Güvenli kip (SAFE MODE)'te başlatın. (ME/XP) System Geri Yükleme(SYSTEM RESTORE)'yi kapatın. Windows Explorer'da "tüm dosya ve klasörleri (gizliler dahil) göster" seçeneğini aktifleştirin. Daha sonra CTRL+ALT+DELETE kombinasyonu ile Görev Yöneticisi (Windows Task Manager)'ı açın. Eğer İşlemler (Processes) menüsünde aşağıdaki dosyaları görüyorsanız her birine sağ tıklayıp işlemi sonlandır(End Process) seçeniğine tıklayın. javapanel.exe taskcntr.exe xpjava.exe sysmanager.exe Bir sonraki adımda Başlat/Çalıştır'a tıklayın ve services.msc yazın.Servisler listesinden aşağıdaki servisleri bulun. javapanel.exe taskcntr.exe xpjava.exe sysmanager.exe Herbirine çift tıklayın.Eğer bu servisler o anda çalışıyorsa servisi durdurun ve başlangıç türünü (Startup type) Deaktif (Disabled) yapın. Daha sonra HJT ile tarama yapın.(Eğer hala oradaysa) Aşağıdaki dosya ve servislerden önce gelen küçük kareleri (tik ile) işaretleyin. ..................................................................... ............................. C:\WINDOWS\javapanel.exe C:\WINDOWS\taskcntr.exe C:\WINDOWS\System32\xpjava.exe O23 - Service: ECA (cpanel) - Unknown owner - C:\WINDOWS\javapanel.exe O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe O23 - Service: SystemManager - Unknown owner - C:\WINDOWS\sysmanager.exe ...................................................................... ............................. Şimdi Fix Checked (İşaretli olanları onar) butonuna tıklayın ve HJT'yi kapatın. Bu adımı tamamladığınızda yukarıdaki bölümde koyu harflerle belirttiğim dosyaları silin. C:\Documents and Settings\[username]\Local Settings\Temp lokasyonunda bulunan tüm dosya ve klasörleri silin.Bu adımı sistemdeki diğer kullanıcılar için de uygulayın. Masaüstünde Internet Explorer'a sağ tıklayın.Özellikler>Cookie diye tabir ettiğimiz çerezleri ve dosyaları silin(Delete Files and Delete Cookies) C:\WINDOWS\Temp lokasyonunda ne kadar dosya ya da altklasör varsa hepsini silin.(Bugün oluşturulan dosya ve klasörler dahil. (Sadece XP için) C:\WINDOWS\Prefetch lokasyonundaki tüm dosyaları silin. Bilgisayarınızı Normal modda açın. (ME/XP için) Herşey düzeldiyse Sistem Geri Yükleme'yi tekrar aktifleştirebilirsiniz |
< Bu mesaj bu kişi tarafından değiştirildi greenflash -- 16 Ekim 2005, 13:59:28 >
Bu mesaja 1 cevap geldi.
|
arkadaşlar bu arada önemli bir uyarı yapmak istiyorum HIJACKTHIS 'i bilgisayarınıza yüklemek için sadece rehberde verdiğimiz linki kullanın.Bunun dışındaki linklerden HIJACKTHIS'i yüklemek istediğinizde sahte versiyonlarla karşılaşabilirsiniz. HIJACKTHIS Orjinal Sürüm http://216.180.233.162/~merijn/files/HijackThis.exe Sahte Trojenli Sürüm Aşağıdaki linktedir kesinlikle yüklemeyin... HIJACK-THIS.NET Programın geliştiricisi Merjin sahte bir domain üzerinden casus yazılım yayınlayan bir grup hakkında kullanıcıları uyarmak için bu mesajı iletti... Kendisine teşekkür ediyoruz.. |
Bu mesaja 1 cevap geldi.
|
Logfile of HijackThis v1.99.1 Scan saved at 13:13:32, on 14.10.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\logonui.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft AntiSpyware\gcasServ.exe C:\Program Files\Winamp\winampa.exe C:\WINDOWS\System32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Zoom Telephonics, Inc\Zoom ADSL USB Modem\dslmon.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - Global Startup: DSLMON.lnk = ? O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A88A8ED8-28E8-4CF5-82DF-A9E4FF1AD9D3}: NameServer = 195.175.37.69 195.175.37.14 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
Bu mesaja 1 cevap geldi.
|
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -http://by113fd.bay113.hotmail.msn.com/resources/MsnPUpld.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{A88A8ED8-28E8-4CF5-82DF-A9E4FF1AD9D3}: NameServer = 195.175.37.69 195.175.37.14 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) bu alanlar seçili iken Fix Selected yap.Daha sonra makinanı güvenli kipte aç C:\WINDOWS\web\ lokasyonundaki related.htm dosyasını sil Güvenli kipteyken MSN Messenger'i ve üzerine yüklediğin tüm eklentileri sistemden kaldir.(UNINSTALL) MSNnin sistemden tam olarak kaldirilidiğindan emin olmak için C:\Program Files\MSN Messenger lokasyonunda dosya bulunmadığından emin ol. Daha sonra bilgisayarını yeniden başlat Normal moddayken MSN'in son versiyonunu yükleyebilirsin.Türkçe versiyonu için aşağıdaki linki kullanabilirsin. Sistemine Ewidoyu kurmanı tavsiye ediyorum. http://messenger.msn.com/xp/downloadDefault.aspx?mkt=tr-tr |
Bu mesaja 1 cevap geldi.
sistemin temiz merak etme zararlı birşey yok flash get var onunda serialını girdiyse hiçbir sorun olmaz |
Bu mesaja 1 cevap geldi.
|
bir logta benden gecenlerde webte gezenken trojan yuklenmişti sildim ama bakarsanız sevinirim. Teşekkürler. Running processes: D:\WINDOWS\System32\smss.exe D:\WINDOWS\system32\winlogon.exe D:\WINDOWS\system32\services.exe D:\WINDOWS\system32\lsass.exe D:\WINDOWS\system32\svchost.exe D:\WINDOWS\System32\svchost.exe D:\WINDOWS\Explorer.EXE D:\Program Files\GlobespanVirata\Adsl\dslagent.exe D:\LifeView Studio\HDTV.EXE D:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\hjt\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll (file missing) O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\GlobespanVirata\Adsl\dslagent.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background O16 - DPF: TNNPisti -http://oyun.tnn.net/Pisti/tnnPisti.cab O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -http://housecall60.trendmicro.com/housecall/xscan60.cab O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -https://abonenet.e-kolay.net/fsecure/onlinetarama/fscax.cab O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF9CB1E-3023-435C-9379-2189ABACDF8D}: NameServer = 195.175.37.69 195.175.37.14 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) |
Bu mesaja 1 cevap geldi.
|
@cicey O2 ve O18 ile başlayan satırlar seçili iken Fix Checked yapın.Daha sonra MSN Messenger'ın son versiyonunu aşağıdaki linkten yükleyin. http://messenger.msn.com/Xp/Default.aspx Not : MSN ile ilgili yüklemeleri kesinlikle kendi sitesinden yapmanızı tavsiye ediyorum. |
Bu mesaja 1 cevap geldi.
buda bnm log kardeş bi bakarmısın. bide ben bu olaya yeni atldgm için yapacgm şeyleri adım adım anlatırsan sevinirim şimdiden saol. Logfile of HijackThis v1.99.1 Scan saved at 20:54:53, on 03.11.2005 Platform: Windows XP SP1 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\GEARSec.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe C:\WINDOWS\System32\LckFldService.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Bluetooth Software\BTTray.exe C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe C:\Program Files\Bluetooth Software\BTStackServer.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\System32\ctfmon.exe C:\WINDOWS\System32\wuauclt.exe F:\Emule\Incoming\The All-Seeing Eye 1.9.7 (Crakeado)\EYE.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.trgamer.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - Default URLSearchHook is missing O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe" O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h O4 - Global Startup: BTTray.lnk = ? O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -http://www.cult3d.com/download/cult.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {990D211C-FBA4-47FB-A764-A2D7A78A79E4} (SecureLogin) -http://www.gamegarden.net/game/ggsecure.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B06BE17C-BA9E-4F46-8C5F-813377029F72}: NameServer = 10.0.0.2 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing) O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing) O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe |
Bu mesaja 1 cevap geldi.
Hocam aslında düzeltilmesi ya da silinmesi gereken daha çok satır var ancak ilk önce sen koyu olanları seç ve fix checked de.. ancak özellikle kırmızı ile belirttiğim adım önemli... |
Bu mesaja 1 cevap geldi.
|
benimkinede bi bakarmısınız? bilgisayarım hacklenmişti, üstüne firewall ve antivirüs kurdum sadece, ama onlarada bişii yapmışlar sanırım. Format atıcam ama ondan öncede bi temizleyebilirsem iyi olcak... Logfile of HijackThis v1.99.1 Scan saved at 16:14:50, on 04.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\drivers\KodakCCS.exe C:\Program Files\Network Associates\Common Framework\FrameworkService.exe C:\Program Files\Network Associates\VirusScan\Mcshield.exe C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe C:\Program Files\NetLimiter\NetLimiter.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Opera\Opera.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Messenger\Msmsgs.exe C:\WINDOWS\explorer.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe" O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://www.bitdefender.com/scan8/oscan8.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124310054231 O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -http://www3.ca.com/securityadvisor/virusinfo/webscan.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing) O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (file missing) O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing) O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe O23 - Service: Advances.Com WinShark (WinShark) - Unknown owner - C:\program files\advances.com\winshark\WinShark.exe (file missing) |
Bu mesaja 1 cevap geldi.
|
Logfile of HijackThis v1.99.1 Scan saved at 00:36:26, on 05.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\System32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\wscntfy.exe C:\Program Files\DU Meter\DUMeter.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Opera\Opera.exe D:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup O4 - HKLM\..\Run: [amd.exe] C:\Program Files\md\amd.exe O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat 3.4\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat 3.4\Camfrog Video Chat.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDA24A1-C09D-4A18-A398-C23C12F2548F}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{42147C12-BCAD-470B-A180-75847C555164}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD014CA-4FA9-4800-B699-0CB11B2C9703}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O17 - HKLM\System\CS1\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe |
Bu mesaja 1 cevap geldi.
|
@öcüüü benimkinede bi bakarmısınız? bilgisayarım hacklenmişti, üstüne firewall ve antivirüs kurdum sadece, ama onlarada bişii yapmışlar sanırım. Format atıcam ama ondan öncede bi temizleyebilirsem iyi olcak... R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01 R3 - Default URLSearchHook is missing O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll Arkadaşım bu satırlar seçili iken Fix Checked seçeneğine tıkla. Ayrıca sistemin temiz gibi gözüküyor.Ancak önceden kurup sildiğin ya da hala sistemde olan programlar çok sayıda iz bırakmış logdan anladığım kadarıyla.Online Scan sitelerinin activeX denetçileri her zaman dll dosyalarını bu şekilde sisteme işler.Kafan rahat olsun.Ancak güvenmediğin siteleri Online Scan için kullanma. Sistemini rahatlatmak istiyorsan msconfig komutuyla Startup (başlangıç) ayarlarını optimize et. Eğer sisteminde bir yavaşlama oluyorsa 15 günlük peryotlar halinde XP'de Disk Defragmenter' i çalıştır. Antivirüs olarak tavsiyem Kaspersky 4.5 (sistemi yormaz) Güvenlik Duvarı olarak da XP SP2 nin entegre firewall ı yeterlidir.Ancak memnun değilsen Kaspersky Anti-Hacker'ı kullanabilirsin. |
Bu mesaja 2 cevap geldi.
|
@casual Merhabalar hocam sen anladığım kadarıyla bir solucan kapmışsın.
Nasıl Silerim 1) Sistem Geri Yüklemeyi deaktif konuma getir. 2) Virüs tanımlamalarını güncelle... 3) W32.Zokrim.V@mm ya da Bloodhound.VBS.Worm'dan etkilenen lokasyonları temizlemek için komple bir tarama yap ve bahsedilen tehlikelerden etkilenen tüm dosyaları sil. 4) Bu tehlikelerin kayıt defterine eklediği tüm satırları sil. Kaynak Ayrıca O17 ile başlayan tüm satırlar seçili iken Fix Checked'e tıkla. Önemli : Eğer aşağıdaki ip adreslerinin sana servis sağlayıcın tarafından atandığını düşünüyorsan bu işlemi yapmayabilirsin.
|
< Bu mesaj bu kişi tarafından değiştirildi greenflash -- 7 Kasım 2005, 0:10:50 >
|
Merhaba bu foruma yeni üyeyim son 1 haftadır bilgisayrımdaki Hacktool ve Backtool.Trojan virusleriyle ugrasıyorum ne yapsam silemedim bunları ve norton her defasında bunları c:\windows\temp klasoru icerisinde goruyor klasordeki .tmp dosyalarını sildigim halde her acılısta gene buluyor... bende bu konu uzerine internette arastırma yaparken buraya rastladım forumda gezindikten sonra burada cozum bulabilicegime inanarak uye oldum umarım bulabilirim sizin sayenizde :) HijackThis programı ile de tarama yaptım cıkan sonucta asagıda.Yardım edebilirseniz cok sevinirim simdiden tskler. ---------------------------------------------------------------------------------------------------------------------------------- Logfile of HijackThis v1.99.1 Scan saved at 18:22:15, on 07.11.2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ArcaVir\Bin\avmonsv.exe C:\apache\mysql\bin\mysqld-nt.exe C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Norton AntiVirus\navapsvc.exe C:\Program Files\ArcaVir\Bin\arcascan.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe C:\Program Files\ArcaVir\Bin\ABmenu.exe C:\Program Files\ArcaVir\Bin\ABregmon.exe C:\WINDOWS\Fontview32.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\Program Files\Messenger\msmsgs.exe C:\program files\voipbuster.com\voipbuster\voipbuster.exe C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe C:\WINDOWS\nbcstat.exe C:\WINDOWS\system32\taskmgr.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Winamp\winamp.exe C:\Program Files\FlashGet\flashget.exe C:\Program Files\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =http://windowsupdate.microsoft.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.159.255.80:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar R3 - Default URLSearchHook is missing O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: SnapFlash Class - {A44CBB0B-C77D-4BF5-87CC-B4EE79AD1B7E} - C:\Program Files\Common Files\justDo\Jd2002.dll O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe O4 - HKLM\..\Run: [OperationTakedown] C:\Documents and Settings\PerWer\Desktop\otakedown\Project1.exe O4 - HKLM\..\Run: [CyberLat Ram Cleaner] C:\Program Files\CyberLat RAM Cleaner 2,0\CLRamCleaner.exe O4 - HKLM\..\Run: [ABmenu] C:\Program Files\ArcaVir\Bin\ABmenu.exe O4 - HKLM\..\Run: [ABREGMON] C:\Program Files\ArcaVir\Bin\ABregmon.exe O4 - HKLM\..\Run: [Fontview] C:\WINDOWS\Fontview32.exe O4 - HKLM\..\Run: [HCEmployee] C:\Program Files\Oleansoft\Hc\Hce.exe O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [SimkaStudio] "C:\Program Files\Simka Çeviri Demo\SimkaStudio.exe" O4 - HKCU\..\Run: [VoipBuster] "C:\program files\voipbuster.com\voipbuster\voipbuster.exe" -nosplash -minimized O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Startup: Kısayol trayit!.lnk = C:\Downloads\trayit\trayit!.exe O4 - Startup: WinMySQLadmin.lnk = C:\apache\mysql\bin\winmysqladmin.exe O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Save Flash with Flash Catcher - res://C:\Program Files\Common Files\justDo\IECatcher.DLL/FlashCatcher.htm O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O8 - Extra context menu item: Sothink SWF Decompiler - C:\Program Files\SourceTec\Sothink SWF Decompiler\InternetExplorer.htm O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O8 - Extra context menu item: Tümünü FlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_all.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL O9 - Extra 'Tools' menuitem: Flash Catcher - {90BAE0EF-F4BF-4FAC-B2EC-2C725C34AF12} - C:\Program Files\Common Files\justDo\IECatcher.DLL O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Flash Decompiler SWF Capture tool - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O9 - Extra 'Tools' menuitem: Flash Decompiler SWF Capture tool menu - {86B4FC19-8FA4-4FD3-B243-9AEDB42FA2D5} - C:\PROGRA~1\ELTIMA~1\FLASHD~1\iebt.dll (HKCU) O16 - DPF: {40BF816B-D862-41B9-9445-ECA36D5F67F9} (Flatcast Viewer 4.12) -http://www.1mal1.com/flatcast/NpFv412.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1055064649734 O17 - HKLM\System\CCS\Services\Tcpip\..\{A7530114-E2F7-4D7E-8054-89277F845ADF}: NameServer = 192.168.0.1 O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: ArcaBit NetMonitor (ABNetMon) - ArcaBit sp. z o.o. - C:\Program Files\ArcaVir\Bin\NetMonSv.exe O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: ArcaVir antivirus monitor (ArcaMonSvc) - ArcaBit - C:\Program Files\ArcaVir\Bin\avmonsv.exe O23 - Service: ArcaScan - ArcaBit - C:\Program Files\ArcaVir\Bin\arcascan.exe O23 - Service: arcaserv - ArcaBit Sp. z o. o. - C:\Program Files\ArcaVir\bin\arcaserv.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe O23 - Service: MySql - Unknown owner - C:/apache/mysql/bin/mysqld-nt.exe O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe |
@PerWer
|
Bu mesaja 1 cevap geldi.
@greenflash yorum ve tavsiyelerini bekliyorum. Baya bi adult siteye girmişim  Logfile of HijackThis v1.99.1 Scan saved at 01:22:21, on 20.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\Program Files\Spyware Doctor\sdhelp.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wdfmgr.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\DU Meter\DUMeter.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Simka Çeviri\SimkaStudio.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Avant Browser\avant.exe C:\Documents and Settings\Gokay\Desktop\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.mcilker.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O1 - Hosts: 127.0.0.5 n-glx.s-redirect.com O1 - Hosts: 127.0.0.5 x.full-tgp.net O1 - Hosts: 127.0.0.5 counter.sexmaniack.com O1 - Hosts: 127.0.0.5 autoescrowpay.com O1 - Hosts: 127.0.0.5www.autoescrowpay.com O1 - Hosts: 127.0.0.5www.awmdabest.com O1 - Hosts: 127.0.0.5www.sexfiles.nu O1 - Hosts: 127.0.0.5 awmdabest.com O1 - Hosts: 127.0.0.5 sexfiles.nu O1 - Hosts: 127.0.0.5 allforadult.com O1 - Hosts: 127.0.0.5www.allforadult.com O1 - Hosts: 127.0.0.5www.iframe.biz O1 - Hosts: 127.0.0.5 iframe.biz O1 - Hosts: 127.0.0.5www.newiframe.biz O1 - Hosts: 127.0.0.5 newiframe.biz O1 - Hosts: 127.0.0.5www.vesbiz.biz O1 - Hosts: 127.0.0.5 vesbiz.biz O1 - Hosts: 127.0.0.5www.pizdato.biz O1 - Hosts: 127.0.0.5 pizdato.biz O1 - Hosts: 127.0.0.5www.awmcash.biz O1 - Hosts: 127.0.0.5 awmcash.biz O1 - Hosts: 127.0.0.5 buldog-stats.com O1 - Hosts: 127.0.0.5www.buldog-stats.com O1 - Hosts: 127.0.0.5 fregat.drocherway.com O1 - Hosts: 127.0.0.5 slutmania.biz O1 - Hosts: 127.0.0.5www.slutmania.biz O1 - Hosts: 127.0.0.5 toolbarpartner.com O1 - Hosts: 127.0.0.5www.toolbarpartner.com O1 - Hosts: 127.0.0.5www.megapornix.com O1 - Hosts: 127.0.0.5 megapornix.com O1 - Hosts: 127.0.0.5www.sp2fucked.biz O1 - Hosts: 127.0.0.5 sp2fucked.biz O1 - Hosts: 127.0.0.5 greg-tut.com O1 - Hosts: 127.0.0.5www.greg-tut.com O1 - Hosts: 127.0.0.5 nylonsexy.com O1 - Hosts: 127.0.0.5www.nylonsexy.com O1 - Hosts: 127.0.0.5 vparivalka.com O1 - Hosts: 127.0.0.5www.vparivalka.com O1 - Hosts: 127.0.0.5 iframeprofit.com O1 - Hosts: 127.0.0.5www.iframeprofit.com O1 - Hosts: 127.0.0.5 topsearch10.com O1 - Hosts: 127.0.0.5www.topsearch10.com O1 - Hosts: 127.0.0.5 statscash.biz O1 - Hosts: 127.0.0.5www.statscash.biz O1 - Hosts: 127.0.0.5 vxiframe.biz O1 - Hosts: 127.0.0.5www.vxiframe.biz O1 - Hosts: 127.0.0.5 crazy-toolbar.com O1 - Hosts: 127.0.0.5www.crazy-toolbar.com O1 - Hosts: 127.0.0.5 topcash.biz O1 - Hosts: 127.0.0.5www.topcash.biz O1 - Hosts: 127.0.0.5 loadcash.biz O1 - Hosts: 127.0.0.5www.loadcash.biz O1 - Hosts: 127.0.0.5 txiframe.biz O1 - Hosts: 127.0.0.5www.txiframe.biz O1 - Hosts: 127.0.0.5 procounter.biz O1 - Hosts: 127.0.0.5www.procounter.biz O1 - Hosts: 127.0.0.5 advadmin.biz O1 - Hosts: 127.0.0.5www.advadmin.biz O1 - Hosts: 127.0.0.5 trafficbest.net O1 - Hosts: 127.0.0.5www.trafficbest.net O1 - Hosts: 127.0.0.5 besthvac.com O1 - Hosts: 127.0.0.5www.besthvac.com O1 - Hosts: 127.0.0.5 traff4.com O1 - Hosts: 127.0.0.5www.traff4.com O1 - Hosts: 127.0.0.5 ambush-script.com O1 - Hosts: 127.0.0.5www.ambush-script.com O1 - Hosts: 127.0.0.5 beehappyy.biz O1 - Hosts: 127.0.0.5www.beehappyy.biz O1 - Hosts: 127.0.0.5 tracktraff.cc O1 - Hosts: 127.0.0.5www.tracktraff.cc O1 - Hosts: 127.0.0.5 allcount.net O1 - Hosts: 127.0.0.5www.allcount.net O1 - Hosts: 127.0.0.5 onedayoffer.biz O1 - Hosts: 127.0.0.5www.onedayoffer.biz O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKCU\..\Run: [SimkaStudio] "C:\Program Files\Simka Çeviri\SimkaStudio.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O8 - Extra context menu item: AD istenmeyen listesine ekle - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Arama - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Aynı Sunucudan Tüm Resimleri Engelle - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\PROGRA~1\Browster\Browster.dll/CustomPrefetchMenu.htm O8 - Extra context menu item: Free Download Manager ile indir - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Free Download Manager ile seçileni indir - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Free Download Manager ile siteyi indir - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Free Download Manager ile tümünü indir - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Seçilen - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Tüm Bağlantıları Bu Sayfada Aç... - C:\Program Files\Avant Browser\OpenAllLinks.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204 O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\System32\kcmoalkg.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
Bu mesaja 1 cevap geldi.
|
haa bu da son logum DR bey :) Logfile of HijackThis v1.99.1 Scan saved at 19:22:22, on 23.11.2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\System32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe C:\Program Files\ewido\security suite\ewidoctrl.exe C:\Program Files\ewido\security suite\ewidoguard.exe C:\Program Files\Agnitum\Outpost Firewall\outpost.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe C:\Program Files\Analog Devices\SoundMAX\Smax4.exe C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe C:\Program Files\DU Meter\DUMeter.exe C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe C:\Program Files\Simka Çeviri\SimkaStudio.exe C:\Program Files\Free Download Manager\fdm.exe C:\Program Files\Avant Browser\avant.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Documents and Settings\Gokay\Desktop\Download\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://www.mcilker.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O3 - Toolbar: SolidConverter PDF - {259F616C-A300-44F5-B04A-ED001A26C85C} - C:\Program Files\SolidDocuments\SolidConverterPDF\ExploreExtPDF.dll O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray O4 - HKLM\..\Run: [FastTVSync] "C:\Program Files\Common Files\InterVideo\FastTVSync\FastTVSync.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP O4 - HKLM\..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup O4 - HKLM\..\Run: [Outpost Firewall] C:\Program Files\Agnitum\Outpost Firewall\outpost.exe /waitservice O4 - HKCU\..\Run: [SimkaStudio] "C:\Program Files\Simka Çeviri\SimkaStudio.exe" O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun O8 - Extra context menu item: AD istenmeyen listesine ekle - C:\Program Files\Avant Browser\AddToADBlackList.htm O8 - Extra context menu item: Arama - C:\Program Files\Avant Browser\Search.htm O8 - Extra context menu item: Aynı Sunucudan Tüm Resimleri Engelle - C:\Program Files\Avant Browser\AddAllToADBlackList.htm O8 - Extra context menu item: Browster Prefetch On/Off - res://C:\PROGRA~1\Browster\Browster.dll/CustomPrefetchMenu.htm O8 - Extra context menu item: Free Download Manager ile indir - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: Free Download Manager ile seçileni indir - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Free Download Manager ile siteyi indir - file://C:\Program Files\Free Download Manager\dlpage.htm O8 - Extra context menu item: Free Download Manager ile tümünü indir - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Seçilen - C:\Program Files\Avant Browser\Highlight.htm O8 - Extra context menu item: Tüm Bağlantıları Bu Sayfada Aç... - C:\Program Files\Avant Browser\OpenAllLinks.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll O9 - Extra button: Outpost Firewall Pro Quick Tune - {44627E97-789B-40d4-B5C2-58BD171129A1} - C:\Program Files\Agnitum\Outpost Firewall\Plugins\BrowserBar\ie_bar.dll O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe O9 - Extra button: (no name) - SolidConverterPDF - (no file) (HKCU) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204 O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) -http://player.radyotvonline.com/ampx_en_dl.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - AppInit_DLLs: C:\PROGRA~1\Agnitum\OUTPOS~1\wl_hook.dll O21 - SSODL: SysTray.Exys - {7368D5FC-6F5C-4f5b-B964-E67214F67852} - C:\WINDOWS\System32\kcmoalkg.dll (file missing) O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Unknown owner - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe (file missing) O23 - Service: Outpost Firewall Service (OutpostFirewall) - Agnitum Ltd. - C:\Program Files\Agnitum\Outpost Firewall\outpost.exe O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe |
Bu mesaja 1 cevap geldi.
Arkadaşlar isteyen arkadaşlar goldberg arkadaşımızın yardımıyla bu forum aracılığı ile de yardım alabilir.
Diğer projelerim için websitemi ziyaret edebilirsiniz.
< Bu mesaj bu kişi tarafından değiştirildi greenflash -- 21 Mayıs 2006; 19:04:53 >