Hijackthis ile .LOG Dosyası Hazırlayın

+ Yorum Gönder
1. Sayfa 12 ... Sonuncu8Sonuncu9
Bilgisayar Dünyası ve Spy ve Virüs Haberleri Bölümünden Hijackthis ile .LOG Dosyası Hazırlayın ile ilgili Kısaca Bilgi
  1. 1
    ICEEXOL
    Özel Üye
    Reklam

    Hijackthis ile .LOG Dosyası Hazırlayın

    Reklam



    Hijackthis ile .LOG Dosyası Hazırlayın

    Forum Alev
    Program sistemi tarayarak nelerin olup bittiğine dair size yazılı bir sunum veriyor..Yani sisteminizin o anki halini kaydediyor..Yabancı forumlarda bu program sabit başlıkta veriliyor ve sorunu olanlar .LOG dosyasını çıkarıp gönderiyorlar,böylece virüs,spy ya da bir başka zararlı olup olmadığını öğrenebiliyorlar...

    Kullanımı;Programı açıp DO A SYSTEM SCAN AND SAVE A LOG FILE 'a tıklayın,tarama bitince size bir .LOG dosyası verecek notepad halinde.Hiçbirşey silmeden kaydedin ve buraya gönderin..
    Buraya gönderirken Gelişmiş Cevap Modunu açın ve Konu Araçlarındaki "php" yazan yere tıklayın,o iki kod arasına .LOG dosyanızı yapıştırın...

    ÖRNEKTEKİ GİBİ;

    PHP- Kodu:
    Logfile of HijackThis v1.99.1 
    Scan saved at 15
    :36:03 IcEeXoLon 15.05.2006 
    Platform
    Windows XP SP2 (WinNT 5.01.2600
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180
     
    Running processes
    C:WINDOWSSystem32smss.exe 
    C
    :WINDOWSsystem32winlogon.exe 
    C
    :WINDOWSsystem32services.exe 
    C
    :WINDOWSsystem32lsass.exe 
    C
    :WINDOWSsystem32svchost.exe 
    C
    :WINDOWSSystem32svchost.exe 
    C
    :WINDOWSExplorer.EXE 
    C
    :WINDOWSsystem32cisvc.exe 
    C
    :Program FilesCyberLinkPowerDVDPDVDServ.exe 
    C
    :Program FilesJavajre1.5.0_03binjusched.exe 
    C
    :Program FilesASUS USB ADSL ModemASUS USB ADSL Modemdslmon.exe 
    C
    :Program FilesAvant Browseravant.exe 
    C
    :WINDOWSsystem32cidaemon.exe 
    C
    :Program FilesFlashGetflashget.exe 
    C
    :Program FilesZoom Playerzplayer.exe 
    C
    :Program Filesewido anti-malwareewidoguard.exe 
    C
    :Program Filesewido anti-malwareewidoctrl.exe 
    C
    :Program FilesMozilla Firefoxfirefox.exe 
    C
    :Documents and SettingsICEEXOLDesktopHijackThis.exe 
     
    R0 
    HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page 
    R0 HKLMSoftwareMicrosoftInternet ExplorerMain,Local Page 
    R0 HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName 
    O2 BHOHelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:Program FilesTechSmithSnagIt 8SnagItBHO.dll 
    O2 
    BHOWindows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll 
    O2 
    BHOIeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:PROGRA~1FlashGetjccatch.dll 
    O4 
    HKLM..Run: [NvCplDaemonRUNDLL32.EXE C:WINDOWSsystem32NvCpl.dll,NvStartup 
    O4 
    HKLM..Run: [RemoteControl"C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" 
    O4 HKLM..Run: [SunJavaUpdateSchedC:Program FilesJavajre1.5.0_03binjusched.exe 
    O4 
    - Global StartupDSLMON.lnk = ? 
    O8 Extra context menu itemAD istenmeyen listesine ekle C:Program FilesAvant BrowserAddToADBlackList.htm 
    O8 
    Extra context menu itemArama C:Program FilesAvant BrowserSearch.htm 
    O8 
    Extra context menu itemAynı Sunucudan Tüm Resimleri Engelle C:Program FilesAvant BrowserAddAllToADBlackList.htm 
    O8 
    Extra context menu itemFlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm 
    O8 - Extra context menu item: Seçilen - C:\Program Files\Avant Browser\Highlight.htm 
    O8 - Extra context menu item: Tüm Bağlantıları Bu Sayfada Aç... - C:\Program Files\Avant Browser\OpenAllLinks.htm 
    O8 - Extra context menu item: Tümünü FlashGet'
    i kullanarak indir C:Program FilesFlashGetjc_all.htm 
    O8 
    Extra context menu itemYeni Avant Browser'da Aç - C:\Program Files\Avant Browser\OpenInNewBrowser.htm 
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe 
    O9 - Extra '
    Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe 
    O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/1/sux.cab 
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C905F7D5-373F-455F-AAEA-742F97134E09}: NameServer = 195.175.37.103 195.175.37.69 
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) 
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) 
    O23 - Service: Diskeeper Lite.lnk (Diskeeper) - Executive Software International, Inc. - C:\Program Files\Executive Software\DiskeeperLite\DkService.exe 
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe 
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe 
    O23 - Service: O&O Defrag (OODefrag) - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe 



    Yukardaki benim bilgisayarımın LOG dosyası,kendime reklam yazılımı yani ADWARE yükledim ve bu programla size .LOG dosyamı çıkardım..
    16 numarasına bakın AZEBAR yazıyor,o benim yüklediğim ADWARE...Sizde bir sorun çıktığında bize .LOG dosyanızı yollarsanız beraber çözüm bulabiliriz.

    Download



  2. 2
    ICEEXOL
    Özel Üye

    HijackThis Günlüklerindeki Kısaltmaların Anlamları

    Reklam



    * R0, R1, R2, R3 - Internet Explorer Başlat/Arama sayfaları URL'leri
    * F0, F1 - Otomatik yüklenen yazılımlar
    * N1, N2, N3, N4 - Netscape/Mozilla Başlat/Arama sayfa URL'leri
    * O1 - Hosts dosyası yönlendirme
    * O2 - Browser Helper Objects (Tarayıcı Yardım Objeleri)
    * O3 - Internet Explorer toolbarları
    * O4 - Registry 'den otomatik yüklenen yazılımlar
    * O5 - Denetim Masasındaki IE Seçenekleri ikonunun görülmemesi
    * O6 - IE Seçenekleri erişimi admin tarafından kısıtlı
    * O7 - Regedit erişimi admin tarafından kısıtlı
    * O8 - IE Sağ Klik menüdeki ekstra bileşenler
    * O9 - IE Buton toolbarında ekstra butonlar veya IE Araçlar menüsünde ekstra bileşenler
    * O10 - Winsock hijacker
    * O11 - IE gelişmiş seçenekler penceresinde ekstra grup
    * O12 - IE pluginleri
    * O13 - IE DefaultPrefix hijack
    * O14 - 'Web Seçeneklerini Sıfırla' hijack
    * O15 - Güvenilir site listesinde istenmeyen adres
    * O16 - ActiveX Objeleri
    * O17 - Lop.com domain hijackers
    * O18 - Ekstra protokoller ve protokol hijackerları
    * O19 - Kullanıcı stil hijack
    * O20 - AppInit_DLLs Registry değeri otomatik çalış (autorun)
    * O21 - ShellServiceObjectDelayLoad
    * O22 - SharedTaskScheduler
    * O23 - Windows NT Serviceleri








  3. 3
    NOVA
    Üye
    PHP- Kodu:
    Logfile of HijackThis v1.99.1
    Scan saved at 15
    :35:31on 23.06.2006
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\csrss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\PROGRA~1\COMMON~1\Stardock\SDMCP.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\WINDOWS\system32\RunDll32.exe
    C
    :\WINDOWS\system32\rundll32.exe
    C
    :\WINDOWS\system32\vssms32.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    c
    :\progra~1\intern~1\iexplore.exe
    C
    :\DOCUME~1\ALLUSE~1\APPLIC~1\SKIPAI~1\DENT32~1.EXE
    C
    :\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    C
    :\WINDOWS\System32\alg.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Program Files\Winamp\winamp.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Program Files\Opera 9 Beta\Opera.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe
    C
    :\Program Files\WinRAR\WinRAR.exe
    C
    :\DOCUME~1\Murat\LOCALS~1\Temp\Rar$EX00.172\HijackThis.exe
    C
    :\Documents and Settings\All Users\Application Data\SKIP AIM GLUE CAMP\dent 32.exe

    R0 
    HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName Bağlantılar
    R3 
    URLSearchHookSweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O1 
    Hosts84.44.114.44 sozluk.sourtimes.org
    O1 
    Hosts66.96.222.53 www.divxplanet.net
    O1 
    Hosts69.5.88.72 www.megaupload.com
    O2 
    BHOIDMIEHlprObj Class - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 
    BHOAcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 
    BHOSWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
    O2 
    BHO: (no name) - {214EDC6B-A2F9-07A6-00BB-057D815216D9} - C:\DOCUME~1\Murat\APPLIC~1\VCOOZE~1\DRV 32.exe
    O2 
    BHOIeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 
    BHOURLLink - {4A2AACF3-ADF6-11D5-98A9-00E018981B9E} - C:\Program Files\NewDotNet\newdotnet7_22.dll
    O2 
    BHOSSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O2 
    BHOGoogle Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 
    ToolbarFlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O3 
    ToolbarSweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
    O3 
    Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 
    HKLM\..\Run: [CmaudioRunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 
    HKLM\..\Run: [hmonitorC:\Program Files\Hmonitor\hmonitor.exe
    O4 
    HKLM\..\Run: [New.net Startuprundll32 C:\PROGRA~1\NEWDOT~1\NEWDOT~2.DLL,ClientStartup -s
    O4 
    HKLM\..\Run: [vssms32C:\WINDOWS\system32\vssms32.exe
    O4 
    HKCU\..\Run: [BendwipeC:\DOCUME~1\Murat\APPLIC~1\THIRDB~1\file skip send.exe
    O4 
    HKCU\..\Run: [msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 
    HKCU\..\RunOnce: [__GSCAdditionalInstallation__"E:\Oyun Kurulum\alexander\Setup.exe" -AdditionalInstall
    O4 
    - Global StartupMonitor Apache Servers.lnk C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    O8 
    Extra context menu item: &Google Search res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 Extra context menu item: &Translate English Word res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
    O8 Extra context menu itemBackward Links res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 Extra context menu itemCached Snapshot of Page res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 Extra context menu itemDownload All Links with IDM C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 
    Extra context menu itemDownload with IDM C:\Program Files\Internet Download Manager\IEExt.htm
    O8 
    Extra context menu itemFlashGet'i kullanarak indir - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Tümünü FlashGet'
    i kullanarak indir C:\Program Files\FlashGet\jc_all.htm
    O9 
    Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 
    Extra 'Tools' menuitemSun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
    O9 
    Extra buttonFlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 
    Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 
    Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 
    Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 
    Unknown file in Winsock LSPc:\windows\system32\idmmbc.dll
    O10 
    Unknown file in Winsock LSPc:\windows\system32\idmmbc.dll
    O10 
    Unknown file in Winsock LSPc:\windows\system32\idmmbc.dll
    O10 
    Unknown file in Winsock LSPc:\windows\system32\idmmbc.dll
    O10 
    Unknown file in Winsock LSPc:\windows\system32\idmmbc.dll
    O12 
    Plugin for .spopC:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 
    Protocolmsnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 AppInit_DLLsMsgPlusLoader.dll
    O20 
    Winlogon NotifyMCPClient C:\PROGRA~1\COMMON~1\Stardock\mcpstub.dll
    O23 
    ServiceApache2.2 Unknown owner C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe" -k runservice (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe 








  4. 4
    ICEEXOL
    Özel Üye
    Hijackthis ile aşağıdaki girişleri silmeyi dene...Yazdığım girişleri işaretle ve FİX'le o silmezse XOFT SPY ile tarama yaptır...

    Sistemde WebHancer spyware'i var gibi gözüküyor...



    O10 - Unknown file in Winsock LSP: c:windowssystem32idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:windowssystem32idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:windowssystem32idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:windowssystem32idmmbc.dll
    O10 - Unknown file in Winsock LSP: c:windowssystem32idmmbc.dll


    Ayrıca GOOGLE TOOLBAR'ıda kaldırmanda fayda var...

  5. 5
    tango
    Üye
    PHP- Kodu:
            Logfile of HijackThis v1.99.0
    Scan saved at 09
    :55:53on 19.01.2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\csrss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\wdfmgr.exe
    C
    :\WINDOWS\System32\alg.exe
    C
    :\Program Files\AlienGUIse\wbload.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\PROGRA~1\IEACCE~1\IEAccelerator.exe
    C
    :\Program Files\Spyware Doctor\swdoctor.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C
    :\Program Files\Messenger\msmsgs.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\Program Files\Skype\Phone\Skype.exe
    C
    :\Program Files\Internet Explorer\IEXPLORE.EXE
    C
    :\Documents and Settings\Ugur1\Desktop\PROGRAMLAR\HijackThis.exe
    R0 
    HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 
    O2 BHOPCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 
    BHOPCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 
    HKLM\..\Run: [IE AcceleratorC:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
    O4 
    HKCU\..\Run: [Spyware Doctor"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 
    HKCU\..\Run: [msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 
    StartupMSN Pictures Displayer.lnk C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O9 
    Extra buttonSpyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O17 
    HKLM\System\CCS\Services\Tcpip\..\{52E5848F-C3C7-49A1-A807-4256388F662F}: NameServer 195.175.39.40 195.175.39.39
    O18 
    Protocolmsnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 AppInit_DLLsMsgPlusLoader.dll,wbsys.dll
    O23 
    ServiceAntiVir PersonalEdition Classic Service AVIRA GmbH C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe 


  6. 6
    ICEEXOL
    Özel Üye
    Alıntı tango Nickli Üyeden Alıntı Mesajı göster
    PHP- Kodu:
            Logfile of HijackThis v1.99.0
    Scan saved at 09
    :55:53on 19.01.2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\csrss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\Program Files\AntiVir PersonalEdition Classic\avguard.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\system32\wdfmgr.exe
    C
    :\WINDOWS\System32\alg.exe
    C
    :\Program Files\AlienGUIse\wbload.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\PROGRA~1\IEACCE~1\IEAccelerator.exe
    C
    :\Program Files\Spyware Doctor\swdoctor.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    C
    :\Program Files\Messenger\msmsgs.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\Program Files\Skype\Phone\Skype.exe
    C
    :\Program Files\Internet Explorer\IEXPLORE.EXE
    C
    :\Documents and Settings\Ugur1\Desktop\PROGRAMLAR\HijackThis.exe
    R0 
    HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 
    O2 BHOPCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 
    BHOPCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O4 
    HKLM\..\Run: [IE AcceleratorC:\PROGRA~1\IEACCE~1\IEAccelerator.exe /Auto
    O4 
    HKCU\..\Run: [Spyware Doctor"C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
    O4 
    HKCU\..\Run: [msnmsgr"C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 
    StartupMSN Pictures Displayer.lnk C:\Program Files\MSN Pictures Displayer\MSN Pictures Displayer.exe
    O9 
    Extra buttonSpyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O17 
    HKLM\System\CCS\Services\Tcpip\..\{52E5848F-C3C7-49A1-A807-4256388F662F}: NameServer 195.175.39.40 195.175.39.39
    O18 
    Protocolmsnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 AppInit_DLLsMsgPlusLoader.dll,wbsys.dll
    O23 
    ServiceAntiVir PersonalEdition Classic Service AVIRA GmbH C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe 
    LOG temiz fakat çok fazla msn eklentisi var..Bunların hepsini güvenilir olarak algılamak yanlış olabilir.Yinede siz bilirsiniz..


  7. 7
    kainat
    Üye
    PHP- Kodu:
    Logfile of HijackThis v1.99.1
    Scan saved at 17
    :09:03on 11.02.2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\Ati2evxx.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\Program Files\Ahead\InCD\InCDsrv.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\WINDOWS\system32\Ati2evxx.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\WINDOWS\RTHDCPL.EXE
    C
    :\Program Files\Microsoft IntelliType Pro\itype.exe
    C
    :\Program Files\Microsoft IntelliPoint\ipoint.exe
    C
    :\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C
    :\Program Files\Ahead\InCD\InCD.exe
    C
    :\Program Files\Eset\nod32kui.exe
    C
    :\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C
    :\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C
    :\Program Files\Eset\nod32krn.exe
    C
    :\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C
    :\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\Program Files\MSN Messenger\usnsvc.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C
    :\Program Files\WinRAR\WinRAR.exe
    C
    :\DOCUME~1\tahta\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
    R0 
    HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName Bağlantılar
    O2 BHOSnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 
    BHOAcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 
    BHOSSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 
    BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 BHOWindows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 
    BHOGoogle Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 
    Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 
    ToolbarSnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 
    HKLM\..\Run: [RTHDCPLRTHDCPL.EXE
    O4 
    HKLM\..\Run: [AlcmtrALCMTR.EXE
    O4 
    HKLM\..\Run: [itype"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 HKLM\..\Run: [IntelliPoint"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 HKLM\..\Run: [ATICCC"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 
    HKLM\..\Run: [NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe
    O4 
    HKLM\..\Run: [InCDC:\Program Files\Ahead\InCD\InCD.exe
    O4 
    HKLM\..\Run: [nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 
    HKLM\..\Run: [SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 HKCU\..\Run: [swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 
    HKCU\..\Run: [MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 
    - Global StartupSnagIt 8.lnk C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O9 
    Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 
    Extra 'Tools' menuitemSun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 
    Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 
    Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 
    Plugin for .spopC:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 
    Protocollivecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 
    Protocolmsnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 
    AppInit_DLLsC:\WINDOWS\system32\msxbde4c.dll
    O23 
    ServiceAti HotKey Poller ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 
    ServiceATI Smart Unknown owner C:\WINDOWS\system32\ati2sgag.exe
    O23 
    ServiceInCD Helper (InCDsrv) - Ahead Software AG C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 
    ServiceNOD32 Kernel Service (NOD32krn) - Eset  C:\Program Files\Eset\nod32krn.exe 
    ICEEXOL kardeş benim hitachis raporum bu bi zahmet bakabilirmisin

  8. 8
    ICEEXOL
    Özel Üye
    Alıntı kainat Nickli Üyeden Alıntı Mesajı göster
    PHP- Kodu:
    Logfile of HijackThis v1.99.1
    Scan saved at 17
    :09:03on 11.02.2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\Ati2evxx.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\Program Files\Ahead\InCD\InCDsrv.exe
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\WINDOWS\system32\Ati2evxx.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\WINDOWS\RTHDCPL.EXE
    C
    :\Program Files\Microsoft IntelliType Pro\itype.exe
    C
    :\Program Files\Microsoft IntelliPoint\ipoint.exe
    C
    :\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C
    :\Program Files\Ahead\InCD\InCD.exe
    C
    :\Program Files\Eset\nod32kui.exe
    C
    :\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C
    :\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    C
    :\Program Files\Eset\nod32krn.exe
    C
    :\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C
    :\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\Program Files\MSN Messenger\usnsvc.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C
    :\Program Files\WinRAR\WinRAR.exe
    C
    :\DOCUME~1\tahta\LOCALS~1\Temp\Rar$EX00.422\HijackThis.exe
    R0 
    HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName Bağlantılar
    O2 
    BHOSnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 
    BHOAcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 
    BHOSSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 
    BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 BHOWindows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 
    BHOGoogle Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O3 
    Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 
    ToolbarSnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O4 
    HKLM\..\Run: [RTHDCPLRTHDCPL.EXE
    O4 
    HKLM\..\Run: [AlcmtrALCMTR.EXE
    O4 
    HKLM\..\Run: [itype"C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 HKLM\..\Run: [IntelliPoint"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 HKLM\..\Run: [ATICCC"C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 
    HKLM\..\Run: [NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe
    O4 
    HKLM\..\Run: [InCDC:\Program Files\Ahead\InCD\InCD.exe
    O4 
    HKLM\..\Run: [nod32kui"C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 
    HKLM\..\Run: [SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 
    HKCU\..\Run: [swgC:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
    O4 
    HKCU\..\Run: [MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 
    - Global StartupSnagIt 8.lnk C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O9 
    Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 
    Extra 'Tools' menuitemSun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 
    Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 
    Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 
    Plugin for .spopC:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O18 
    Protocollivecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 
    Protocolmsnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 
    AppInit_DLLsC:\WINDOWS\system32\msxbde4c.dll
    O23 
    ServiceAti HotKey Poller ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 
    ServiceATI Smart Unknown owner C:\WINDOWS\system32\ati2sgag.exe
    O23 
    ServiceInCD Helper (InCDsrv) - Ahead Software AG C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 
    ServiceNOD32 Kernel Service (NOD32krn) - Eset  C:\Program Files\Eset\nod32krn.exe 
    ICEEXOL kardeş benim hitachis raporum bu bi zahmet bakabilirmisin

    Aşağıdakini işaretle ve fix'le;

    PHP- Kodu:
    O2 BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file
    Ayrıca ses kartının olay monitörü senden izinsiz veri taşıyabilir..O nedenle isteğine bağlı olarak aşağıdakini işaretleyip fix'le;

    PHP- Kodu:
    O4 HKLM\..\Run: [AlcmtrALCMTR.EXE 


  9. 9
    Fatih©
    Üye
    Arkadaşlar durduk yere sayfa açılıyor. Hangilerini silmeliyim.


    PHP- Kodu:
    Logfile of HijackThis v1.99.1
    Scan saved at 18
    :18:17on 14.02.2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\WINDOWS\system32\LEXBCES.EXE
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\WINDOWS\system32\LEXPPS.EXE
    C
    :\Program Files\AOL\Active Virus Shield\avp.exe
    C
    :\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\WINDOWS\system32\VTtrayp.exe
    C
    :\WINDOWS\system32\VTTimer.exe
    C
    :\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C
    :\Program Files\AOL\Active Virus Shield\avp.exe
    C
    :\WINDOWS\system32\ctfmon.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\MSN Messenger\usnsvc.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\PROGRA~1\FlashGet\flashget.exe
    D
    :\Program Setupları\HijackThis.exe
    R0 
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page http://l.sohpetsohpet.net/
    R0 HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 
    R0 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page 
    R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName Bağlantılar
    O2 
    BHOAcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 
    BHOIeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 
    BHORunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblhzep.dll
    O2 
    BHOSSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 
    BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 BHOWindows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 
    BHOMario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file)
    O3 ToolbarFlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 
    HKLM\..\Run: [VTTraypVTtrayp.exe
    O4 
    HKLM\..\Run: [VTTimerVTTimer.exe
    O4 
    HKLM\..\Run: [NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe
    O4 
    HKLM\..\Run: [SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 HKLM\..\Run: [aol"C:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 HKLM\..\Run: [DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 
    HKCU\..\Run: [CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe
    O4 
    HKCU\..\Run: [MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 
    - Global StartupAdobe Reader Hızlı Çalıştırma.lnk C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 
    - Global StartupMicrosoft Office.lnk C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 
    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 
    HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 
    Extra context menu itemFlashGet'i kullanarak indir - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: Microsoft Excel'
    e Gö&nder res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 Extra context menu itemTümünü FlashGet'i kullanarak indir - C:\PROGRA~1\FlashGet\jc_all.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra '
    Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra '
    Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra '
    Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mevlana66.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161968375328
    O16 - DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
    O16 - DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab
    O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = Gokdere66
    O17 - HKLM\Software\..\Telephony: DomainName = Gokdere66
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = Gokdere66
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: klogon - C:\WINDOWS\system32\klogon.dll
    O23 - Service: Active Virus Shield (AVP) - Unknown owner - C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE 


  10. 10
    ICEEXOL
    Özel Üye
    Alıntı Fatih© Nickli Üyeden Alıntı Mesajı göster
    Arkadaşlar durduk yere sayfa açılıyor. Hangilerini silmeliyim.


    PHP- Kodu:
    Logfile of HijackThis v1.99.1
    Scan saved at 18
    :18:17on 14.02.2007
    Platform
    Windows XP SP2 (WinNT 5.01.2600)
    MSIEInternet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C
    :\WINDOWS\system32\winlogon.exe
    C
    :\WINDOWS\system32\services.exe
    C
    :\WINDOWS\system32\lsass.exe
    C
    :\WINDOWS\system32\svchost.exe
    C
    :\WINDOWS\System32\svchost.exe
    C
    :\WINDOWS\system32\LEXBCES.EXE
    C
    :\WINDOWS\system32\spoolsv.exe
    C
    :\WINDOWS\system32\LEXPPS.EXE
    C
    :\Program Files\AOL\Active Virus Shield\avp.exe
    C
    :\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C
    :\WINDOWS\Explorer.EXE
    C
    :\WINDOWS\system32\VTtrayp.exe
    C
    :\WINDOWS\system32\VTTimer.exe
    C
    :\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C
    :\Program Files\AOL\Active Virus Shield\avp.exe
    C
    :\WINDOWS\system32\ctfmon.exe
    C
    :\Program Files\MSN Messenger\msnmsgr.exe
    C
    :\Program Files\MSN Messenger\usnsvc.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\Program Files\Internet Explorer\iexplore.exe
    C
    :\PROGRA~1\FlashGet\flashget.exe
    D
    :\Program Setupları\HijackThis.exe
    R0 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page http://l.sohpetsohpet.net/
    R0 HKCU\Software\Microsoft\Internet Explorer\Main,Local Page 
    R0 HKLM\Software\Microsoft\Internet Explorer\Main,Local Page 
    R0 HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName Bağlantılar
    O2 BHOAcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 
    BHOIeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
    O2 
    BHORunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:\WINDOWS\system32\tcblhzep.dll
    O2 
    BHOSSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 
    BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 BHOWindows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 
    BHOMario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file)
    O3 ToolbarFlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
    O4 
    HKLM\..\Run: [VTTraypVTtrayp.exe
    O4 
    HKLM\..\Run: [VTTimerVTTimer.exe
    O4 
    HKLM\..\Run: [NeroFilterCheckC:\WINDOWS\system32\NeroCheck.exe
    O4 
    HKLM\..\Run: [SunJavaUpdateSched"C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 HKLM\..\Run: [aol"C:\Program Files\AOL\Active Virus Shield\avp.exe"
    O4 HKLM\..\Run: [DAEMON Tools"C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
    O4 
    HKCU\..\Run: [CTFMON.EXEC:\WINDOWS\system32\ctfmon.exe
    O4 
    HKCU\..\Run: [MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 
    - Global StartupAdobe Reader Hızlı Çalıştırma.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global StartupMicrosoft Office.lnk C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O6 
    HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O6 
    HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 
    Extra context menu itemFlashGet'i kullanarak indir - C:\PROGRA~1\FlashGet\jc_link.htm
    O8 - Extra context menu item: Microsoft Excel'
    e Gö&nder - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 Extra context menu itemTümünü FlashGet'i kullanarak indir - C:\PROGRA~1\FlashGet\jc_all.htm
    O9 Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 
    Extra 'Tools' menuitemSun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 
    Extra buttonFlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 
    Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
    O9 
    Extra buttonMessenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 
    Extra 'Tools' menuitemWindows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 
    DPF: {4EFA317A-8569-4788-B175-5BAF9731A549} (Microsoft Virtual Server VMRC Advanced Control) - http://www.windowsvistatestdrive.com/ActiveX/VMRCActiveXClient1.cab
    O16 DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://mevlana66.spaces.msn.com//PhotoUpload/MsnPUpld.cab
    O16 DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase9602.cab
    O16 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1161968375328
    O16 DPF: {B49C4597-8721-4789-9250-315DFBD9F525} (IWinAmpActiveX Class) - http://www.yayindayiz.biz/yayin/ampx2.6.1.11_en_dl.cab
    O16 DPF: {C5E28B9D-0A68-4B50-94E9-E8F6B4697516} (NsvPlayX Control) - http://www.yayindayiz.biz/codec/nsvplayx_vp6_mp3.cab
    O16 DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://arcade.icq.com/online2/bejeweled2/popcaploader_v6.cab
    O17 HKLM\System\CCS\Services\Tcpip\ParametersDomain Gokdere66
    O17 
    HKLM\Software\..\TelephonyDomainName Gokdere66
    O17 
    HKLM\System\CS1\Services\Tcpip\ParametersDomain Gokdere66
    O18 
    Protocollivecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 
    Protocolmsnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 
    Winlogon Notifyklogon C:\WINDOWS\system32\klogon.dll
    O23 
    ServiceActive Virus Shield (AVP) - Unknown owner C:\Program Files\AOL\Active Virus Shield\avp.exe" -r (file missing)
    O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE 
    Aşağıdakilerini fix'le ve AVG Antispyware programı indirerek sistemi tarat....


    PHP- Kodu:
    O2 BHORunBus Class - {4865F155-CE00-4E93-A414-147844D7C81A} - C:WINDOWSsystem32tcblhzep.dll 
    PHP- Kodu:
    O2 BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file
    PHP- Kodu:
    O2 BHOMario Forever Toolbar Helper - {A20854FD-DDB5-4931-8F76-D11EA2364D94} - (no file
    PHP- Kodu:
    O4 HKCU..Run: [CTFMON.EXEC:WINDOWSsystem32ctfmon.exe 


  11. 11
    by_trojan
    Emekli

    --->: Hijackthis ile .LOG Dosyası Hazırlayın

    Reklam



    Logfile of HijackThis v1.99.1
    Scan saved at 21:21:13, on 14.02.2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Microsoft IntelliType Pro\itype.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\DOCUME~1\mardinli\LOCALS~1\Temp\Rar$EX00.235\Hi jackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [itype] "C:\Program Files\Microsoft IntelliType Pro\itype.exe"
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [D_V_T] C:\\dvt.exe /S \C:\\d_v_t.reg\
    O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [ADSL Bilgilendiricisi] "C:\ADSL Bilgilendiricisi\adslbilg.exe"
    O4 - HKCU\..\Run: [Internet Download Accelerator] C:\Program Files\IDA\ida.exe -autorun
    O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
    O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
    O9 - Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://f16sonsamuray.spaces.live.com...d/MsnPUpld.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
    O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: Remote Administrator Service (r_server) - Unknown owner - C:\WINDOWS\system32\r_server.exe" /service (file missing)


    KARDEŞ BENİMKİNEDE BAKABİLİRMİSİN Bİ ZAHMET

  12. 12
    ICEEXOL
    Özel Üye
    Alıntı by_trojan Nickli Üyeden Alıntı Mesajı göster
    KARDEŞ BENİMKİNEDE BAKABİLİRMİSİN Bİ ZAHMET
    PHP- Kodu:
    O2 BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

    O9 Extra button: (no name) - {9819CC0E-9669-4D01-9CD7-2C66DA43AC6C} - (no file)

    O23 ServiceRemote Administrator Service (r_server) - Unknown owner C:\WINDOWS\system32\r_server.exe" /service (file missing) 


+ Yorum Gönder
1. Sayfa 12 ... Sonuncu8Sonuncu9
5 üzerinden 5.00 | Toplam : 1 kişi