Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

svchost.exe bağlantı kurmaya çalışıyor-yardım

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
1 Misafir - 1 Masaüstü
5 sn
4
Cevap
0
Favori
1.177
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
0 oy
Öne Çıkar
Cevapla
Sayfa: 1
Giriş
Mesaj
  • Merhaba arkadaşlar,

    ESET firewall'unu yeni kurdum, kurunca svchost.exe nin 66.197.234.53 volikozo.info adresine bağlanmaya çalıştığını söyledi ve ne yapmalıyım diye soruyor. bu site tehlikeli midir, ne yapmam gerekiyor? araştırınca siteyle ilgili aşağıdaki bilgilere ulaştım domainquery den

    Domain ID:D23488096-LRMS
    Domain Name:VOLIKOZO.INFO
    Created On:22-Jan-2008 10:00:49 UTC
    Last Updated On:29-Mar-2009 11:55:18 UTC
    Expiration Date:22-Jan-2010 10:00:49 UTC
    Sponsoring Registrar:Regtime Ltd. (R455-LRMS)
    Status:OK
    Registrant ID:CO242693-RT
    Registrant Name:Jordi Vollom
    Registrant Organization:Jordi Vollom
    Registrant Street1:2168 Nakano-cho
    Registrant Street2:
    Registrant Street3:
    Registrant City:Chiba-shi
    Registrant State/Province:Chiba
    Registrant Postal Code:265-0051
    Registrant Country:JP
    Registrant Phone:+8.1432286260
    Registrant Phone Ext.:
    Registrant FAX:+8.1432286260
    Registrant FAX Ext.:
    Registrant Email:mizazusi@lycos.com
    Admin ID:CA242693-RT
    Admin Name:Jordi Vollom
    Admin Organization:Jordi Vollom
    Admin Street1:2168 Nakano-cho
    Admin Street2:
    Admin Street3:
    Admin City:Chiba-shi
    Admin State/Province:Chiba
    Admin Postal Code:265-0051
    Admin Country:JP
    Admin Phone:+8.1432286260
    Admin Phone Ext.:
    Admin FAX:+8.1432286260
    Admin FAX Ext.:
    Admin Email:mizazusi@lycos.com
    Billing ID:CB242693-RT
    Billing Name:Jordi Vollom
    Billing Organization:Jordi Vollom
    Billing Street1:2168 Nakano-cho
    Billing Street2:
    Billing Street3:
    Billing City:Chiba-shi
    Billing State/Province:Chiba
    Billing Postal Code:265-0051
    Billing Country:JP
    Billing Phone:+8.1432286260
    Billing Phone Ext.:
    Billing FAX:+8.1432286260
    Billing FAX Ext.:
    Billing Email:mizazusi@lycos.com
    Tech ID:CT242693-RT
    Tech Name:Jordi Vollom
    Tech Organization:Jordi Vollom
    Tech Street1:2168 Nakano-cho
    Tech Street2:
    Tech Street3:
    Tech City:Chiba-shi
    Tech State/Province:Chiba
    Tech Postal Code:265-0051
    Tech Country:JP
    Tech Phone:+8.1432286260
    Tech Phone Ext.:
    Tech FAX:+8.1432286260
    Tech FAX Ext.:
    Tech Email:mizazusi@lycos.com
    Name Server:NS1.EVERYDNS.NET
    Name Server:NS2.EVERYDNS.NET
    Name Server:NS3.EVERYDNS.NET
    Name Server:NS4.EVERYDNS.NET







  • İnternet explorer a reklem sitesi yapışmış, Hjackthis programını kullanıp raporu burada yayınlarmısınız
  • Running processes:
    F:\WINDOWS\System32\smss.exe
    F:\WINDOWS\system32\winlogon.exe
    F:\WINDOWS\system32\services.exe
    F:\WINDOWS\system32\lsass.exe
    F:\WINDOWS\system32\nvsvc32.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\Program Files\Windows Defender\MsMpEng.exe
    F:\WINDOWS\System32\svchost.exe
    F:\WINDOWS\system32\svchost.exe
    F:\WINDOWS\system32\spoolsv.exe
    F:\WINDOWS\Explorer.EXE
    F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    F:\WINDOWS\system32\Rundll32.exe
    F:\Program Files\Creative\Shared Files\CTSched.exe
    F:\Program Files\Windows Defender\MSASCui.exe
    F:\Program Files\UPSMON\UPSMON.exe
    F:\WINDOWS\system32\taskswitch.exe
    F:\WINDOWS\VMSnap3.EXE
    F:\WINDOWS\Domino.EXE
    F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
    F:\Program Files\Common Files\Real\Update_OB\realsched.exe
    F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
    F:\WINDOWS\system32\rundll32.exe
    F:\WINDOWS\system32\RUNDLL32.EXE
    F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    F:\WINDOWS\system32\ctfmon.exe
    F:\Program Files\DAEMON Tools Lite\daemon.exe
    F:\Program Files\Vtune\TBPanel.exe
    F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
    F:\Program Files\Logitech\SetPoint\SetPoint.exe
    F:\Program Files\Windows Desktop Search\WindowsSearch.exe
    F:\Program Files\Hamachi\hamachi.exe
    G:\MSC.Software\MSC.Licensing\10.8.6\lmgrd.exe
    F:\Program Files\Nortel NetDirect Client\NetDirectService.exe
    G:\MSC.Software\MSC.Licensing\10.8.6\lmgrd.exe
    F:\WINDOWS\system32\svchost.exe
    F:\Program Files\UPSMON\UPSMON_Service.Exe
    F:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
    F:\WINDOWS\system32\SearchIndexer.exe
    G:\MSC.Software\MSC.Licensing\10.8.6\msc.exe
    F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    F:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
    F:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
    F:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrv.exe
    F:\Program Files\ESET\ESET Smart Security\ekrn.exe
    F:\Program Files\ESET\ESET Smart Security\egui.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Windows Live\Contacts\wlcomm.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Winamp\winamp.exe
    F:\Program Files\emule\emule.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Internet Explorer\iexplore.exe
    F:\Program Files\Webteh\BSplayerPro\bsplayer.exe
    F:\WINDOWS\system32\SearchProtocolHost.exe
    F:\Program Files\WinRAR\WinRAR.exe
    F:\DOCUME~1\SAYGIN\LOCALS~1\Temp\Rar$EX00.391\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKLM\..\Run: [CTSysVol] F:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
    O4 - HKLM\..\Run: [UpdReg] F:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [CreativeTaskScheduler] "F:\Program Files\Creative\Shared Files\CTSched.exe" /logon
    O4 - HKLM\..\Run: [Windows Defender] "F:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [TrialReset] F:\WINDOWS\fix.exe
    O4 - HKLM\..\Run: [UPSMON] F:\Program Files\UPSMON\UPSMON.exe
    O4 - HKLM\..\Run: [CoolSwitch] F:\WINDOWS\system32\taskswitch.exe
    O4 - HKLM\..\Run: [VMSnap3] F:\WINDOWS\VMSnap3.EXE
    O4 - HKLM\..\Run: [Domino] F:\WINDOWS\Domino.EXE
    O4 - HKLM\..\Run: [BigDog303] F:\WINDOWS\VM303_STI.EXE VIMICRO USB PC Camera (ZC0301PLH)
    O4 - HKLM\..\Run: [ISUSPM] "F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [TkBellExe] "F:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [NokiaMServer] F:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles
    O4 - HKLM\..\Run: [Nokia FastStart] "C:\Program Files\Nokia\Nokia Music\NokiaMusic.exe" /command:faststart
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE F:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE F:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [egui] "F:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
    O4 - HKCU\..\Run: [MsnMsgr] "F:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] F:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "F:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [TBPanel] F:\Program Files\Vtune\TBPanel.exe /A
    O4 - HKCU\..\Run: [Google Update] "F:\Documents and Settings\SAYGIN\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [PC Suite Tray] "F:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: hamachi.lnk = F:\Program Files\Hamachi\hamachi.exe
    O4 - Startup: Logitech . Ürün Kaydı.lnk = F:\Program Files\Common Files\Logishrd\eReg\SetPoint\eReg.exe
    O4 - Global Startup: Logitech SetPoint.lnk = F:\Program Files\Logitech\SetPoint\SetPoint.exe
    O4 - Global Startup: Windows Search.lnk = F:\Program Files\Windows Desktop Search\WindowsSearch.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) -http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
    O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) -http://www.ipix.com/viewers/ipixx.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229802416109
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229802406453
    O16 - DPF: {7FA319FB-FFB9-4089-87EB-63179244E6E6} (NetDirect) -https://vpn.arcelik.com/nortel_cacheable/NetDirect.cab
    O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) -http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - F:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - G:\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
    O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - F:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    O23 - Service: ESET Service (ekrn) - ESET - F:\Program Files\ESET\ESET Smart Security\ekrn.exe
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - F:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - F:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
    O23 - Service: MSC.Licensing 10.8.6 - Macrovision Corporation - G:\MSC.Software\MSC.Licensing\10.8.6\lmgrd.exe
    O23 - Service: NetDirectService (NetDirectService) - Unknown owner - F:\Program Files\Nortel NetDirect Client\NetDirectService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - F:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: ServiceLayer - Nokia. - F:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: UPSMONService - Unknown owner - F:\Program Files\UPSMON\UPSMON_Service.Exe




  • R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
    O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - F:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] F:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - F:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - F:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - F:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\msmsgs.exe

    Bu satırları "fix" leyip, "Combofix" ve "Mbam" ile taratıp. Loglarınızı buraya gönderin.




    • 
Sayfa: 1

Benzer içerikler

- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz. DH’ye girerek kullanım izni vermiş sayılırsınız.
Anladım Veri Politikamız