Hijackthis Log! - ReadBull.net

19-09-2019, 12:12:03

#1
Diaz

Açık Profil bilgileri

Özel Mesaj Gönder

Diaz tarafından gönderilen tüm mesajları bul

Diaz'ı arkadaş olarak ekle

Platinum
Logfile of HijackThis v1.99.1
Scan saved at 15:21 Zenphex, on 08.06.2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\htpatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\Program Files\Ahead\Nero StartSmart\NeroStartSmart.exe
C:\WINDOWS\System32\imapi.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\LeechGet 2004\LeechGet.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Browser Hijack Recover\bhr.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Downloads\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zgfjteefuxskcbdztwui.info...yH0gK4Qk0.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
O2 - BHO: AcroIEHlprObj Class - - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Response Class - - C:\WINDOWS\System32\dae.dll
O2 - BHO: Google Toolbar Helper - - (no file)
O2 - BHO: (no name) - - (no file)
O3 - Toolbar: (no name) - - (no file)
O3 - Toolbar: &Radyo - - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - - (no file)
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAV50] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kav.exe" -run -n PersonalPro -v 5.0.0.0 -chkss
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: LeechGet ile ayrıştır - file://C:\Program Files\LeechGet 2004\\Parser.html
O8 - Extra context menu item: İndirmek icin LeechGet kullan - file://C:\Program Files\LeechGet 2004\\AddUrl.html
O8 - Extra context menu item: İndirmek icin LeechGet Sihirbazı Kullan - file://C:\Program Files\LeechGet 2004\\Wizard.html
O9 - Extra button: Related - - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - - C:\Program Files\Messenger\MSMSGS.EXE
O17 - HKLM\System\CCS\Services\Tcpip\..\: NameServer = 212.146.145.10,212.146.145.2,195.175.37.14
O17 - HKLM\System\CCS\Services\Tcpip\..\: NameServer = 212.146.145.10,212.146.145.2,195.175.37.14
O17 - HKLM\System\CS1\Services\Tcpip\..\: NameServer = 212.146.145.10,212.146.145.2,195.175.37.14
O17 - HKLM\System\CS2\Services\Tcpip\..\: NameServer = 212.146.145.10,212.146.145.2,195.175.37.14
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: Kaspersky Anti-Virus Service (KLBLMain) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal Pro 5\kavmm.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\Sony Shared\AVLib\Sptisrv.exe

Bugun biri MSN'imi trojan yardımı ile caldı... Daha sonra verdi şifreyi ama ben trojan kaldığından korkuyorum.. Kaspersky ile tarattım bazı dosyalara bir şeyler bulaşmıştı sildim onları... Vatos ajan kullanmış Kaspersky loglarında yazıyordu

Bu dosyalara bulaşmıştı (belki lazım olur) : C:\WINDOWS\system32\WORKGROUPS.\SVCHOST.EXE ve C:\WINDOWS\system32\WORKGROUPS.\netkey.dll

http://www.hecktools.******** işte bu siteden geldi trojan başkalarına bi şey olmasın... (;

Başıma da hic boyle bir şey gelmemişti... Yardımcı olursanız cok sevinirim...
__________________