Yeni Kayıt
Konudaki Resimler
önceki
|
Bildirim
HIJACKThis Ile Guvenliginizi Saglayin (2. sayfa)
Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla 
Bu Konudaki Kullanıcılar:
Daha Az 
3 Misafir - 3 Masaüstü
Giriş
Mesaj
-
-
C : programfiles / HJT ye atınca aşagıdakı mesajı aldım.Sorun nedir acaba? daha taratmadım da? -
quote:
C : programfiles / HJT ye atınca aşagıdakı mesajı aldım.Sorun nedir acaba? daha taratmadım da?
Hocam herhangi bir sorun yok sadece sana bir ön-uyarı mesajı veriyor."Beni kullanırken tecrübeli kullanıcılara danış" diyor....... -
dostum taradım banada bakip PM atarmısın 
HijackThis LOGUM İçin Tıkla -
quote:
Orjinalden alıntı: BurakLEE
dostum taradım banada bakip PM atarmısın
HijackThis LOGUM İçin Tıkla
sistemin temiz merak etme zararlı birşey yok flash get var onunda serialını girdiyse hiçbir sorun olmaz -
saol
-
bir logta benden gecenlerde webte gezenken trojan yuklenmişti sildim ama bakarsanız sevinirim. Teşekkürler.
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\GlobespanVirata\Adsl\dslagent.exe
D:\LifeView Studio\HDTV.EXE
D:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hjt\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: Zero Popup - {2EF37A01-884F-11d5-AC99-B112050ECB4F} - D:\PROGRA~1\ZEROPO~1\HTMLEdit.dll (file missing)
O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [DSLSTATEXE] D:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] D:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKCU\..\Run: [MSMSGS] "D:\Program Files\Messenger\msmsgs.exe" /background
O16 - DPF: TNNPisti -http://oyun.tnn.net/Pisti/tnnPisti.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) -http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) -https://abonenet.e-kolay.net/fsecure/onlinetarama/fscax.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{FEF9CB1E-3023-435C-9379-2189ABACDF8D}: NameServer = 195.175.37.69 195.175.37.14
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "D:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
-
@cicey
O2 ve O18 ile başlayan satırlar seçili iken Fix Checked yapın.Daha sonra MSN Messenger'ın son versiyonunu aşağıdaki linkten yükleyin.
http://messenger.msn.com/Xp/Default.aspx
Not : MSN ile ilgili yüklemeleri kesinlikle kendi sitesinden yapmanızı tavsiye ediyorum. -
tesekkur ederim dediklerini yaptım -
buda bnm log kardeş bi bakarmısın. bide ben bu olaya yeni atldgm için yapacgm şeyleri adım adım anlatırsan sevinirim şimdiden saol. 
Logfile of HijackThis v1.99.1
Scan saved at 20:54:53, on 03.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Bluetooth Software\BTStackServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Emule\Incoming\The All-Seeing Eye 1.9.7 (Crakeado)\EYE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.trgamer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {990D211C-FBA4-47FB-A764-A2D7A78A79E4} (SecureLogin) -http://www.gamegarden.net/game/ggsecure.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06BE17C-BA9E-4F46-8C5F-813377029F72}: NameServer = 10.0.0.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
-
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
yukarıdaki dosyanın hangi servis ya da programla ilişkili olduğunu bulamadım.Ayrıca sisteminde çok fazla context menü ve toolbar vs extra link var bence sistemini yoracak linkleri secip fix checked yapmalısın. -
arkdsm peki neleri fix checked yapim -
quote:
buda bnm log kardeş bi bakarmısın. bide ben bu olaya yeni atldgm için yapacgm şeyleri adım adım anlatırsan sevinirim şimdiden saol.
Logfile of HijackThis v1.99.1
Scan saved at 20:54:53, on 03.11.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe
C:\WINDOWS\System32\LckFldService.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Bluetooth Software\BTStackServer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
F:\Emule\Incoming\The All-Seeing Eye 1.9.7 (Crakeado)\EYE.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =http://www.trgamer.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =http://red.clientapps.yahoo.com/customize/ie/defaults/sb/ymsgr6/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://red.clientapps.yahoo.com/customize/ie/defaults/sp/ymsgr6/*http://www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://red.clientapps.yahoo.com/customize/ie/defaults/stp/ymsgr6/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =http://red.clientapps.yahoo.com/customize/ie/defaults/su/ymsgr6/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Radyo - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [OfficeGuard RegChecker] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\ogrc.exe"
O4 - HKLM\..\Run: [AVPCC] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /wait
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Symantec\Norton Ghost\Agent\GhostTray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [warez] "C:\Program Files\Warez P2P Client\warez.exe" -h
O4 - Global Startup: BTTray.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) -http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} (InstallerBehaviorFactory Class) -https://signup.msn.com/pages/MsnInstC.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) -http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) -http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) -http://www.cult3d.com/download/cult.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) -http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {990D211C-FBA4-47FB-A764-A2D7A78A79E4} (SecureLogin) -http://www.gamegarden.net/game/ggsecure.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B06BE17C-BA9E-4F46-8C5F-813377029F72}: NameServer = 10.0.0.2
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVP Control Centre Service (AVPCC) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpcc.exe" /service (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: KAV Monitor Service (KAVMonitorService) - Unknown owner - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro\avpm.exe" /service (file missing)
O23 - Service: LckFldService - Unknown owner - C:\WINDOWS\System32\LckFldService.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Hocam aslında düzeltilmesi ya da silinmesi gereken daha çok satır var ancak ilk önce sen koyu olanları seç ve fix checked de.. ancak özellikle kırmızı ile belirttiğim adım önemli...
-
fixed checked dedikten sora nolcak
direk bunu xp acıkkenmi yapim -
quote:
fixed checked dedikten sora nolcak
direk bunu xp acıkkenmi yapim
kırmızı ile belirttiğim yeri seçip fix checked yaparsan (HJT ile scan yaptıktan sonra)
en azından varsayılan arama motoru ile ilgili dosyaların düzeltilecek.
sisteminde çok fazla modül yüklü... -
benimkinede bi bakarmısınız? bilgisayarım hacklenmişti, üstüne firewall ve antivirüs kurdum sadece, ama onlarada bişii yapmışlar sanırım. Format atıcam ama ondan öncede bi temizleyebilirsem iyi olcak...
Logfile of HijackThis v1.99.1
Scan saved at 16:14:50, on 04.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
C:\Program Files\NetLimiter\NetLimiter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Messenger\Msmsgs.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
O4 - HKLM\..\Run: [NetLimiter] C:\Program Files\NetLimiter\NetLimiter.exe /s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) -http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) -http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) -http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1124310054231
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) -http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: F-Secure 2006 (BackWeb Plug-in - 4476822) - Unknown owner - C:\PROGRA~1\F-SECU~1\backweb\4476822\Program\SERVIC~1.EXE (file missing)
O23 - Service: C-DillaSrv - Unknown owner - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE (file missing)
O23 - Service: fsbwsys - Unknown owner - C:\Program Files\F-Secure Internet Security\backweb\4476822\program\fsbwsys.exe (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Advances.Com WinShark (WinShark) - Unknown owner - C:\program files\advances.com\winshark\WinShark.exe (file missing)
-
Logfile of HijackThis v1.99.1
Scan saved at 00:36:26, on 05.11.2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Opera\Opera.exe
D:\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [Mercora] "C:\Program Files\Mercora\MercoraClient.exe" -startup
O4 - HKLM\..\Run: [amd.exe] C:\Program Files\md\amd.exe
O4 - HKCU\..\Run: [Camfrog] "C:\Program Files\Camfrog\Camfrog Video Chat 3.4\CamfrogNet.exe" 0 C:\Program Files\Camfrog\Camfrog Video Chat 3.4\Camfrog Video Chat.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: ICQ 4.1 - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {53B8B406-42E4-4DD3-96E7-9DEC8CEB3DD8} (ICQVideoControl Class) -http://xtraz.icq.com/xtraz/activex/ICQVideoControl.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDA24A1-C09D-4A18-A398-C23C12F2548F}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{42147C12-BCAD-470B-A180-75847C555164}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD014CA-4FA9-4800-B699-0CB11B2C9703}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
-
@öcüüü
benimkinede bi bakarmısınız? bilgisayarım hacklenmişti, üstüne firewall ve antivirüs kurdum sadece, ama onlarada bişii yapmışlar sanırım. Format atıcam ama ondan öncede bi temizleyebilirsem iyi olcak...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =http://g.msn.com/0SEENUS/SAOS01
R3 - Default URLSearchHook is missing
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
Arkadaşım bu satırlar seçili iken Fix Checked seçeneğine tıkla.
Ayrıca sistemin temiz gibi gözüküyor.Ancak önceden kurup sildiğin ya da hala sistemde olan programlar çok sayıda iz bırakmış logdan anladığım kadarıyla.Online Scan sitelerinin activeX denetçileri her zaman dll dosyalarını bu şekilde sisteme işler.Kafan rahat olsun.Ancak güvenmediğin siteleri Online Scan için kullanma.
Sistemini rahatlatmak istiyorsan msconfig komutuyla Startup (başlangıç) ayarlarını optimize et.
Eğer sisteminde bir yavaşlama oluyorsa 15 günlük peryotlar halinde XP'de Disk Defragmenter' i çalıştır.
Antivirüs olarak tavsiyem Kaspersky 4.5 (sistemi yormaz)
Güvenlik Duvarı olarak da XP SP2 nin entegre firewall ı yeterlidir.Ancak memnun değilsen Kaspersky Anti-Hacker'ı kullanabilirsin.
-
@casual
Merhabalar hocam sen anladığım kadarıyla bir solucan kapmışsın.
quote:
O4 - HKLM\..\Run: [amd.exe] C:\Program Files\md\amd.exe
Nasıl Silerim
1) Sistem Geri Yüklemeyi deaktif konuma getir.
2) Virüs tanımlamalarını güncelle...
3) W32.Zokrim.V@mm ya da Bloodhound.VBS.Worm'dan etkilenen lokasyonları temizlemek için komple bir tarama yap ve bahsedilen tehlikelerden etkilenen tüm dosyaları sil.
4) Bu tehlikelerin kayıt defterine eklediği tüm satırları sil.
Kaynak
Ayrıca O17 ile başlayan tüm satırlar seçili iken Fix Checked'e tıkla.
Önemli : Eğer aşağıdaki ip adreslerinin sana servis sağlayıcın tarafından atandığını düşünüyorsan bu işlemi yapmayabilirsin.
quote:
O17 - HKLM\System\CCS\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{2CDA24A1-C09D-4A18-A398-C23C12F2548F}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{42147C12-BCAD-470B-A180-75847C555164}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CCS\Services\Tcpip\..\{EFD014CA-4FA9-4800-B699-0CB11B2C9703}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
O17 - HKLM\System\CS1\Services\Tcpip\..\{1F974BA1-4350-4396-A4FA-23A7FF42C5BF}: NameServer = 62.248.113.53,193.140.83.251,193.140.83.252
< Bu mesaj bu kişi tarafından değiştirildi greenflash -- 7 Kasım 2005, 0:10:50 >
-
teşekkür ediyorum greenflash. Onları Fix Checked yaptım
ayrıca Zonealarm Pro kullanıyorum firewall olarak, çok memnunum şimdilik.. Antivirüs tercihim değişiyo ara ara. Ama Kaspersky antivirüsün son sürümlerini (5,0 sürümleri) niye tavsiye etmedin? kasar diye mi?
bide Msconfig olayımı resim olarak koyuyorum, bi bakarmısın, bişey dikkatimi çekti: McAfee antivirüse ait 3 program çalışıyo: SHSTAT , UpdaterIU ve TBMon.exe. Şimdi bunlardan ilk ikisi NORMAL Bİ ŞEKİLDE Program files'ın içinde yer alıyo ama sonuncusu Common Filesta yer alıyo, niye??
Ip işlemleri
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara
KAPAT X
