Logfile of HijackThis v1.99.1
Scan saved at 19:44:05, on 01.05.2005
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
C:\PROGRAM FILES\MESSENGERPLUS! 3\MSGPLUS.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\ISAFE.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
C:\WINDOWS\TASKMON.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\VETMSG.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVTRAY.EXE
C:\PROGRAM FILES\CA\ETRUST EZ ARMOR\ETRUST EZ ANTIVIRUS\CAVRID.EXE
C:\WINDOWS\SYSTEM\CTFMON.EXE
C:\PROGRAM FILES\DELUX\PS2 KEYBOARD ENGLISH EDITION\KEYBOARD.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\DESKTOP\HIJACKTHIS\HIJACKTHIS.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.tmjtxlsnzihdjowblkuz.com/...agSdtwii0.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/cust.../www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Bağlantılar
O2 - BHO: (no name) - - (no file)
O2 - BHO: AcroIEHlprObj Class - - C:\PROGRAM FILES\ADOBE\ACROBAT 5.0\READER\ACTIVEX\ACROIEHELPER.OCX
O2 - BHO: Yahoo! Companion BHO - - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0. DLL
O2 - BHO: MSNToolBandBHO - - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\TR-TR\MSNTB.DLL
O2 - BHO: ST - - C:\PROGRAM FILES\MSN APPS\ST\01.02.3000.1002\EN-XU\STMAIN.DLL
O2 - BHO: DownloadRedirect Class - - C:\PROGRAM FILES\IMESH\IMESH5\IMESHBHO.DLL
O3 - Toolbar: &Yahoo! Companion - - C:\PROGRAM FILES\YAHOO!\COMPANION\INSTALLS\CPN\YCOMP5_3_12_0. DLL
O3 - Toolbar: &Radio - - C:\WINDOWS\SYSTEM\MSDXM.OCX
O3 - Toolbar: MSN - - C:\PROGRAM FILES\MSN APPS\MSN TOOLBAR\01.02.3000.1001\TR-TR\MSNTB.DLL
O3 - Toolbar: &Google - - C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.exe /autorun
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [VetAlert] C:\PROGRA~1\CA\ETRUST~1\ETRUST~1\VETMSG.EXE
O4 - HKLM\..\Run: [CaAvTray] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVTray.exe"
O4 - HKLM\..\Run: [CAVRID] "C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\CAVRID.exe"
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE
O4 - HKLM\..\RunServices: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\RunServices: [CAISafe] C:\Program Files\CA\eTrust EZ Armor\eTrust EZ Antivirus\ISafe.exe
O4 - HKCU\..\Run: [ctfmon.exe] ctfmon.exe
O4 - Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Startup: PS2 Keyboard English Edition.lnk = C:\Program Files\Delux\PS2 Keyboard English Edition\keyboard.exe
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O8 - Extra context menu item: Microsoft Excel'e Go&nder - res://C:\PROGRA~1\MICROS~3\OFFICE10\EXCEL.EXE/3000
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: FlashGet'i kullanarak indir - C:\PROGRAM FILES\FLASHGET\jc_link.htm
O8 - Extra context menu item: Tumunu FlashGet'i kullanarak indir - C:\PROGRAM FILES\FLASHGET\jc_all.htm
O8 - Extra context menu item: &Google Search - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsearch.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmsimilar.html
O8 - Extra context menu item: Backward &Links - res://C:\WINDOWS\DOWNLOADED PROGRAM FILES\GOOGLENAV.DLL/cmbacklinks.html
O9 - Extra button: ICQ - - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: ICQ Lite - - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: FlashGet - - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra 'Tools' menuitem: &FlashGet - - C:\PROGRAM FILES\FLASHGET\FLASHGET.EXE
O9 - Extra button: Messenger - - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0521.DLL
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://www.hotmail.com
O16 - DPF: (MSNBC News Menu Control 3.01) - http://www.ntvmsnbc.com/download/nm1228.cab
O16 - DPF: (MSNBC News Menu Control 3.02) - http://www.ntvmsnbc.com/download/nm0321.cab
O16 - DPF: Okey - http://212.252.115.197/Okey/Okey4/Okey.CAB
O16 - DPF: (EARTPatchX Class) - http://www.ea.com/downloads/rtpatch/EARTPX.cab
O16 - DPF: (SubClassEditCtrlContainer Class) - https://sube.garanti.com.tr/lib/JaguarEditControl98.CAB
O16 - DPF: (YAddBook Class) - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O16 - DPF: - http://www.netvenda.com/sites/games-tr/tr/games20.cab
O16 - DPF: - http://deposito.hostance.net/dialer/604852.exe
O16 - DPF: Yahoo! Backgammon - http://download.games.yahoo.com/game...ts/y/at1_x.cab
O16 - DPF: Tavla - http://212.252.114.77/Tavla/Tavla1/Tavla.CAB
O16 - DPF: (Google Activate) - http://toolbar.google.com/data/tr/de.../GoogleNav.cab
O16 - DPF: (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: MynetOkey - http://oyun.mynet.com/game/WebRoot/Okey.CAB
O16 - DPF: (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com.../c381/chat.cab
O16 - DPF: (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
Daha once kullandığım antivirus programım 4-5 tane adware ve virus buluyor fakat temizlemiyordu ez armor kullanmaya başladım fakat hicbir şey bulamadı .panda active scan ise aşağıdaki dosyaları buldu
bunları nasıl temizleyebilirim
Ayrıca bazı linklere tıkladığımda geocities de olmayan lydia gibi bi web sayfasına bağlanıyor bu sorun da lsasss.exe den kaynaklandığını duşuunuyorum bu sorunuda nasıl giderebilirim şimdiden teşekkurler iyi calışmalar
Incident Status Location
Adware:Adware/Aureate-Radiate No disinfected C:\WINDOWS\SYSTEM\msipcsv.exe
Adware:Adware/Aureate-Radiate No disinfected C:\WINDOWS\SYSTEM\htmdeng.exe
Adware:Adware/Aureate-Radiate No disinfected C:\WINDOWS\SYSTEM\ipcclient.dll
Adware:Adware/Aureate-Radiate No disinfected C:\WINDOWS\SYSTEM\adimage.dll
Adware:Adware/Aureate-Radiate No disinfected C:\WINDOWS\SYSTEM\tfde.dll
Adware:Adware/FavoriteMan No disinfected C:\WINDOWS\SYSTEM\ofrg.dll
Adware:Adware/IPBill No disinfected C:\WINDOWS\SYSTEM\comload.dll
Adware:Adware/Lop No disinfected C:\WINDOWS\TEMP\bis33A0.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\Desktop\Silinen\NDNuninstall5_64.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\Desktop\Silinen\NDNuninstall6_10.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\Desktop\Silinen\NDNuninstall6_22.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\Desktop\Silinen\NDNuninstall6_30.exe
Spyware:Spyware/New.net No disinfected C:\WINDOWS\Desktop\Silinen\NDNuninstall6_38.exe
Virus:HackTool/Gendel.A No disinfected C:\WINDOWS\gendel32.exe
Spyware:Spyware/New.net No disinfected C:\RECYCLED\DC13.EXE
Spyware:Spyware/New.net No disinfected C:\RECYCLED\DC11\newdotnet6_38.dll
Virus:Trj/Multidropper.DM Disinfected D:\MoonStar\Dosya Sozluk\msu setup\games (1).exe
__________________
hijackthis log ve lsasss.exe yardımı
Bilgisayar Güvenliği0 Mesaj
●26 Görüntüleme
- ReadBull.net
- Teknoloji Forumları
- Donanım ve Bilgisayar
- Bilgisayar Güvenliği
- hijackthis log ve lsasss.exe yardımı