Cevap: HijackThis Loglarınızı kendiniz inceleyin[Virüs temizlik][resimli anlatım]

İlgili konuları bak: (bu forumda | tüm forumlarda)

Bu isimle girdiniz: Guest

Bu konudaki kullanıcılar: iskocya

Basılabilir versiyon

Tüm forumlar >> [Donanım / Hardware] >> Network, İnternet ve Güvenlik >> Güvenlik >> Cevap: HijackThis Loglarınızı kendiniz inceleyin[Virüs temizlik][resimli anlatım]

Sayfa: << < önceki 1 2 3 4 5 6 7 8 9 [10]

Giriş

Mesaj

<< Daha eski konu Daha yeni konu >>

G-HuN

Mesaj: 194

24 Haziran 2008; 2:06:12

Bu mesajla ilgili şikayetinizi bu icon a tıklayarak yapabilirsiniz.

sorunu buldum u arada O20 - AppInit_DLLs: ??P,C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll kısmını sildiğim zaman veriler karşıma çıkıyor.

_____________________________

seventyseven

Mesaj: 5533

24 Haziran 2008; 2:15:05

galiba senin sorun yazı karakter tipi sorunu kaydettigi sayfada yazı tipi olarak ne seçili acaba? arial ı seçip tekrar log a bakabilirmisin yazılar bu şekildemi çıkacak O20 - AppInit_DLLs: ??P,C:

zaten herhangi bir sorun göremedim

_____________________________

HijackThis Virüs Temizlik... 5 dk'nızı ayırın kendiniz temizleyin

" O, düşünüp tutasınız diye size öğüt verir "

becrazy

Mesaj: 30

2 Temmuz 2008; 21:46:04

dostum sunada bi bakarmısın

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:43:33, on 02.07.2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Apoint2K\Apoint.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\System32\rundll32.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Users\Acer\AppData\Local\Temp\RtkBtMnt.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Windows\System32\wsqmcons.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://tr.intl.acer.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\System32\msconfig.exe" /auto
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: Microsoft Excel'e &Ver - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 6641 bytes

_____________________________

seventyseven

Mesaj: 5533

3 Temmuz 2008; 0:10:01

quote:

Orjinalden alıntı: becrazy

dostum sunada bi bakarmısın

herhangi bir sorun varise belirtmeslisin kolay gelsin

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

_____________________________

HijackThis Virüs Temizlik... 5 dk'nızı ayırın kendiniz temizleyin

" O, düşünüp tutasınız diye size öğüt verir "

last21second

Mesaj: 23

16 Temmuz 2008; 18:13:31

burda ilk sayfada anlatılan ,işlemi yapıp do a system scan and save a logfile diorum üstte mavi şe doluyo tarıo felan ama daha tam bitmeden %75 lerde dolmuşken felan ekrana uyarı gelio ve aynen şu yazıo :

for some reasons your system denied write access to the Hosts file. If any hijacked domains are in this file, HijackThis may NOT be able to fix this.

if that happens you need to edit the file yourself. To do this, click Start and run type :
notepad C:\Windows\system32\drivers\etc\hosts
and press Enter. Find the line(s) HijackThis report and delete them. Save the file as 'hosts' (with quotes) and reboot
For vista : simply, exit hijackThis , right click on the HijackThis icon , choose 'run as administrator'

nedir arkadaşlar demek istediği ve sistemi tam taramadan bu uyarıyı vermesine neden olan ??

_____________________________

seventyseven

Mesaj: 5533

18 Temmuz 2008; 2:53:51

başlat çalıştır a notepad C:\Windows\system32\drivers\etc\hosts yazıp çıkan dosyayı verebilirmisin dostum ayrıca işletim sistemin nedir

_____________________________

HijackThis Virüs Temizlik... 5 dk'nızı ayırın kendiniz temizleyin

" O, düşünüp tutasınız diye size öğüt verir "

LiNuX

Mesaj: 950

19 Temmuz 2008; 20:41:44

ben neyi neye göre temizleyecegimi tam olarak anlamadım orda cıkanların mı hepsini silecez bi yardım etsen

_____________________________

GIGABYTE 8£ Series,DUAL DDR2, PCI EXPRESS, VGA+P4 3.0&LGA+512x2Kings533DUALKit+SAMSUNG 16x DVD-R (+-)+500GB HDD+2 LG CD-RW+19" SONY LCD -TFT SDM -S95A+XpTRProSP2+GeForCe6200 256VGA

seventyseven

Mesaj: 5533

20 Temmuz 2008; 14:37:28

quote:

Orjinalden alıntı: LiNuX

ben neyi neye göre temizleyecegimi tam olarak anlamadım orda cıkanların mı hepsini silecez bi yardım etsen

tabiki hayır hepsini silmeyeceksiniz , programı çalıştırdıgınızda size verilen log dosyasını kopyalayıp http://www.hijackthis.de/#anl adresini tıklayın açılan sayfada You can paste a logfile in this textbox yazılan kısma bu kopyaladıgınız log dosyasını yapıştırın ve altda bulunan Analyze butonunu tıklayın site sizin log dosyanızı degerlendirip bir liste verecek bu listede zararlı olabilecek satırlar belirtilir buna göre kendi masaüstünüzdeki fix ekranında[1. sayfada resmi mevcut] o satırları bularak temizleyeceksiniz bu yazdıklarım 1. sayfada da mevcut tekrar gözden geçirebilirsiniz kolay gelsin

_____________________________

HijackThis Virüs Temizlik... 5 dk'nızı ayırın kendiniz temizleyin

" O, düşünüp tutasınız diye size öğüt verir "

erkofb

Mesaj: 1

20 Temmuz 2008; 15:22:35

arkadsim senden ricam suna bir el atman benim pc deki sorunum ie cok gec aciliyor mozilla 3.0.1 yükledim aynisi hic bir deisiklik yok ilgilenirsem cok memnun olurum

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:08:55, on 20.07.2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\Avira Premium Security Suite\sched.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\Dit.exe
C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe
C:\Programme\DesktopEarth\DesktopEarth.exe
C:\WINDOWS\DitExp.exe
C:\Programme\Avira\Avira Premium Security Suite\avguard.exe
C:\Programme\Avira\Avira Premium Security Suite\avesvc.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Programme\Avira\Avira Premium Security Suite\avmailc.exe
C:\Programme\Avira\Avira Premium Security Suite\AVWEBGRD.EXE
C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexingService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.haberx.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar mit Pop-Up-Blocker - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Oturum Açma Yardim Araci - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Dit] Dit.exe
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\Avira Premium Security Suite\avgnt.exe" /min
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Programme\Gemeinsame Dateien\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: DesktopEarth AutoStart.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Programme\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {34635AA