1. sayfa
İnternet explorer a reklem sitesi yapışmış, Hjackthis programını kullanıp raporu burada yayınlarmısınız |
Running processes: F:\WINDOWS\System32\smss.exe F:\WINDOWS\system32\winlogon.exe F:\WINDOWS\system32\services.exe F:\WINDOWS\system32\lsass.exe F:\WINDOWS\system32\nvsvc32.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\rundll32.exe F:\Program Files\Windows Defender\MsMpEng.exe F:\WINDOWS\System32\svchost.exe F:\WINDOWS\system32\svchost.exe F:\WINDOWS\system32\spoolsv.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe F:\WINDOWS\system32\Rundll32.exe F:\Program Files\Creative\Shared Files\CTSched.exe F:\Program Files\Windows Defender\MSASCui.exe F:\Program Files\UPSMON\UPSMON.exe F:\WINDOWS\system32\taskswitch.exe F:\WINDOWS\VMSnap3.EXE F:\WINDOWS\Domino.EXE F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\Common Files\Real\Update_OB\realsched.exe F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe F:\WINDOWS\system32\rundll32.exe F:\WINDOWS\system32\RUNDLL32.EXE F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\DAEMON Tools Lite\daemon.exe F:\Program Files\Vtune\TBPanel.exe F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe F:\Program Files\Logitech\SetPoint\SetPoint.exe F:\Program Files\Windows Desktop Search\WindowsSearch.exe F:\Program Files\Hamachi\hamachi.exe G:\MSC.Software\MSC.Licensing\10.8.6\lmgrd.exe F:\Program Files\Nortel NetDirect Client\NetDirectService.exe G:\MSC.Software\MSC.Licensing\10.8.6\lmgrd.exe F:\WINDOWS\system32\svchost.exe F:\Program Files\UPSMON\UPSMON_Service.Exe F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE F:\WINDOWS\system32\SearchIndexer.exe G:\MSC.Software\MSC.Licensing\10.8.6\msc.exe F:\Program Files\PC Connectivity Solution\ServiceLayer.exe F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe F:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe F:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe F:\Program Files\ESET\ESET Smart Security\ekrn.exe F:\Program Files\ESET\ESET Smart Security\egui.exe F:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Windows Live\Contacts\wlcomm.exe F:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Winamp\winamp.exe F:\Program Files\emule\emule.exe F:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Webteh\BSplayerPro\bsplayer.exe F:\WINDOWS\system32\SearchProtocolHost.exe F:\Program Files\WinRAR\WinRAR.exe F:\DOCUME~1\SAYGIN\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [CreativeTaskScheduler] "F:\Program Files\Creative\Shared Files\CTSched.exe" /logon O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [TrialReset] F:\WINDOWS\fix.exe O4 - HKLM\..\Run: [UPSMON] F:\Program Files\UPSMON\UPSMON.exe O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe O4 - HKLM\..\Run: [VMSnap3] F:\WINDOWS\VMSnap3.EXE O4 - HKLM\..\Run: [Domino] F:\WINDOWS\Domino.EXE O4 - HKLM\..\Run: [BigDog303] F:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH) O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [NokiaMServer] F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun O4 - HKCU\..\Run: [TBPanel] F:\Program Files\Vtune\TBPanel.exe /A O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\SAYGIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Startup: hamachi.lnk = F:\Program Files\Hamachi\hamachi.exe O4 - Startup: Logitech . Ürün Kaydı.lnk = F:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe O4 - Global Startup: Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -http://www.ipix.com/viewers/ipixx.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229802416109 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229802406453 O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) -https://vpn.arcelik.com/nortel_cacheable/NetDirect.cab O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe O23 - Service: ESET Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe O23 - Service: MSC.Licensing 10.8.6 - Macrovision Corporation - G:\MSC.Software\MSC.Licensing\10.8.6\lmgrd.exe O23 - Service: NetDirectService (NetDirectService) - Unknown owner - F:\Program Files\Nortel NetDirect Client\NetDirectService.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe O23 - Service: UPSMONService - Unknown owner - F:\Program Files\UPSMON\UPSMON_Service.Exe |
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe Bu satırları "fix" leyip, "Combofix" ve "Mbam" ile taratıp. Loglarınızı buraya gönderin. |
1. sayfa
ESET firewall'unu yeni kurdum, kurunca svchost.exe nin 66.197.234.53 volikozo.info adresine bağlanmaya çalıştığını söyledi ve ne yapmalıyım diye soruyor. bu site tehlikeli midir, ne yapmam gerekiyor? araştırınca siteyle ilgili aşağıdaki bilgilere ulaştım domainquery den
Domain ID:D23488096-LRMS
Domain Name:VOLIKOZO.INFO
Created On:22-Jan-2008 10:00:49 UTC
Last Updated On:29-Mar-2009 11:55:18 UTC
Expiration Date:22-Jan-2010 10:00:49 UTC
Sponsoring Registrar:Regtime Ltd. (R455-LRMS)
Status:OK
Registrant ID:CO242693-RT
Registrant Name:Jordi Vollom
Registrant Organization:Jordi Vollom
Registrant Street1:2168 Nakano-cho
Registrant Street2:
Registrant Street3:
Registrant City:Chiba-shi
Registrant State/Province:Chiba
Registrant Postal Code:265-0051
Registrant Country:JP
Registrant Phone:+8.1432286260
Registrant Phone Ext.:
Registrant FAX:+8.1432286260
Registrant FAX Ext.:
Registrant Email:mizazusi@lycos.com
Admin ID:CA242693-RT
Admin Name:Jordi Vollom
Admin Organization:Jordi Vollom
Admin Street1:2168 Nakano-cho
Admin Street2:
Admin Street3:
Admin City:Chiba-shi
Admin State/Province:Chiba
Admin Postal Code:265-0051
Admin Country:JP
Admin Phone:+8.1432286260
Admin Phone Ext.:
Admin FAX:+8.1432286260
Admin FAX Ext.:
Admin Email:mizazusi@lycos.com
Billing ID:CB242693-RT
Billing Name:Jordi Vollom
Billing Organization:Jordi Vollom
Billing Street1:2168 Nakano-cho
Billing Street2:
Billing Street3:
Billing City:Chiba-shi
Billing State/Province:Chiba
Billing Postal Code:265-0051
Billing Country:JP
Billing Phone:+8.1432286260
Billing Phone Ext.:
Billing FAX:+8.1432286260
Billing FAX Ext.:
Billing Email:mizazusi@lycos.com
Tech ID:CT242693-RT
Tech Name:Jordi Vollom
Tech Organization:Jordi Vollom
Tech Street1:2168 Nakano-cho
Tech Street2:
Tech Street3:
Tech City:Chiba-shi
Tech State/Province:Chiba
Tech Postal Code:265-0051
Tech Country:JP
Tech Phone:+8.1432286260
Tech Phone Ext.:
Tech FAX:+8.1432286260
Tech FAX Ext.:
Tech Email:mizazusi@lycos.com
Name Server:NS1.EVERYDNS.NET
Name Server:NS2.EVERYDNS.NET
Name Server:NS3.EVERYDNS.NET
Name Server:NS4.EVERYDNS.NET