Şimdi Ara

Combofix log analizinden anlayanlar yardım lütfen

Sıcak Fırsatlarda Tıklananlar

Editörün Seçtiği Fırsatlar

Daha Fazla

Bu Konudaki Kullanıcılar: Daha Az

1 Misafir - 1 Masaüstü

5 sn

3
Cevap

0
Favori

365
Tıklama

Daha Fazla
İstatistik

Konu İstatistikleri Yükleniyor

Konuya Özel

0 oy

Öne Çıkar

Cevapla

Sayfa: 1

Giriş

Mesaj

Merhaba arkadaşlar,

Üni öğrencisiyim. Malum ben yokken bilgisayara evdekiler ne yaptılarsa geldiğimde hem bilgisayar yavaşlamıştı hem de internet 23mbit hız almasına rağmen çok yavaştı.

Not: Ben bırakırken hepsi çok iyi çalışıyordu :)

Combofix ile tarattırdım ve log aşağıda. Anlayan arkadaşlar yardımcı olursa sevinirim.

İşletim Sistemi Windows 7 64bit
Kingsoft Antivirüs 2012 kullanıyorum.

ComboFix 16-03-18.01 - Ecrin 19.03.2016  15:20:24.1.6 - x64 
  Microsoft Windows 7 Home Premium   6.1.7601.1.1254.90.1055.18.4061.2175 [GMT 2:00] 
  Running from: c:\users\Ecrin\Desktop\ComboFix.exe 
  AV: Kingsoft Antivirus System Defense *Disabled/Updated* {B6A51389-A795-5AC9-13BA-F569D73F3FE8} 
  SP: Kingsoft Antivirus System Defense *Disabled/Updated* {0DC4F26D-81AF-5547-290A-CE1BACB87555} 
  SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} 
  . 
  . 
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_ctypes.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_elementtree.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_hashlib.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_multiprocessing.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_psutil_windows.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_socket.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_ssl.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_yappi.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\common.time34.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\hashobjs_ext.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\pyexpat.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\pysqlite2._sqlite.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\python27.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\pythoncom27.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\PyWinTypes27.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\select.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\thumbnails_ext.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\unicodedata.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\usb_ext.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32api.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32com.shell.shell.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32crypt.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32event.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32file.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32gui.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32inet.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32pdh.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32pipe.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32process.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32profile.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32security.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32ts.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\windows._lib_cacheinvalidation.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._animate.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._controls_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._core_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._gdi_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._html2.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._misc_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._windows_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._wizard.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxbase30u_net_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxbase30u_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_adv_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_core_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_html_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_webview_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\mdi064.dll 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\dwm.exe 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libcurl-4.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libiconv-2.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libidn-11.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libintl-8.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\zlib1.dl1 
  c:\users\Ecrin\Dosyalarım.exe 
  . 
  . 
  (((((((((((((((((((((((((   Files Created from 2016-02-19 to 2016-03-19  ))))))))))))))))))))))))))))))) 
  . 
  . 
  2016-03-19 13:26 . 2016-03-19 13:26	--------	d-----w-	c:\users\Default\AppData\Local\temp 
  2016-03-12 13:28 . 2016-03-12 13:28	--------	d-----w-	c:\users\Ecrin\Autodesk 
  2016-03-12 13:28 . 2016-03-12 13:28	--------	d-----w-	c:\users\Ecrin\AppData\Roaming\NVIDIA 
  2016-03-12 13:24 . 2016-03-12 13:25	--------	d-----w-	c:\programdata\FLEXnet 
  2016-03-12 13:20 . 2016-03-12 13:27	--------	d-----w-	c:\users\Ecrin\AppData\Local\Autodesk 
  2016-03-12 13:11 . 2016-03-12 13:11	--------	d-----w-	c:\program files (x86)\Autodesk 
  2016-03-12 13:06 . 2016-03-12 13:06	--------	d-----w-	c:\program files\Common Files\Macrovision Shared 
  2016-03-12 12:56 . 2016-03-12 13:19	--------	d-----w-	c:\program files\Common Files\Autodesk Shared 
  2016-03-12 12:56 . 2016-03-12 12:56	--------	d-----w-	c:\program files\Autodesk 
  2016-03-12 12:34 . 2016-03-12 12:34	--------	d-----w-	c:\windows\Migration 
  2016-03-12 12:29 . 2016-03-12 13:20	--------	d-----w-	c:\programdata\Package Cache 
  2016-03-12 12:27 . 2016-03-12 13:58	--------	d-----w-	c:\users\Ecrin\AppData\Roaming\Autodesk 
  2016-03-12 12:27 . 2016-03-12 13:25	--------	d-----w-	c:\programdata\Autodesk 
  2016-03-12 12:26 . 2016-03-12 12:26	--------	d-----w-	c:\users\Ecrin\AppData\Local\Akamai 
  2016-03-12 12:25 . 2016-03-12 12:25	--------	d-----w-	C:\Autodesk 
  2016-03-11 18:37 . 2016-03-11 18:37	11035328	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe 
  2016-03-07 20:37 . 2016-03-07 20:37	--------	d-----w-	c:\programdata\KRSHistory 
  2016-03-06 20:01 . 2016-03-06 20:01	--------	d-----w-	c:\windows\SysWow64\4206 
  2016-03-06 19:57 . 2016-03-06 21:39	454656	----a-w-	c:\windows\SysWow64\yssk.dll 
  2016-03-06 19:57 . 2011-04-04 16:03	20091117	----a-w-	c:\windows\SysWow64\Ozne.dll 
  2016-03-06 19:57 . 2011-04-01 06:37	634880	----a-w-	c:\windows\SysWow64\systroy.dll 
  2016-03-06 19:49 . 2016-03-06 19:49	8704	----a-w-	c:\windows\SysWow64\SpOrder.dll 
  2016-03-06 19:49 . 2016-03-06 19:49	73728	----a-w-	c:\windows\SysWow64\VistaInfo8.dll 
  2016-03-06 19:48 . 2016-03-07 20:36	--------	d-----w-	c:\program files (x86)\TemizNet 
  2016-03-06 19:40 . 2016-03-06 19:40	--------	d-----w-	c:\programdata\handyCafe 
  2016-03-06 19:39 . 2016-03-06 19:46	--------	d-----w-	c:\program files (x86)\Filtre Programi 
  2016-02-28 15:38 . 2016-02-28 15:38	--------	d-----w-	c:\program files (x86)\Internet Download Manager 
  2016-02-24 15:45 . 2016-02-24 15:45	--------	d-----w-	c:\users\Ecrin\AppData\Local\Macromedia 
  2016-02-24 15:40 . 2016-03-11 18:37	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe 
  2016-02-24 15:40 . 2016-03-11 18:37	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl 
  2016-02-24 15:40 . 2016-02-24 15:40	--------	d-----w-	c:\windows\SysWow64\Macromed 
  2016-02-24 15:40 . 2016-02-24 15:40	--------	d-----w-	c:\windows\system32\Macromed 
  2016-02-24 15:39 . 2016-02-24 15:40	--------	d-----w-	c:\users\Ecrin\AppData\Local\Adobe 
  2016-02-19 21:41 . 2016-02-19 21:47	--------	d-----w-	c:\users\Ecrin\AppData\Local\Mozilla 
  2016-02-19 21:40 . 2016-02-19 21:40	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service 
  . 
  . 
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  . 
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
  . 
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-02-24 23260000] 
  "GoogleChromeAutoLaunch_308EB6A907AED472DC47A0C90CA049C6"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-03-16 1008792] 
  "Akamai NetSession Interface"="c:\users\Ecrin\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384] 
  . 
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 
  "kxesc"="c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" [2015-12-05 1595056] 
  "ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2016-02-24 529480] 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] 
  "ConsentPromptBehaviorAdmin"= 0 (0x0) 
  "ConsentPromptBehaviorUser"= 3 (0x3) 
  "EnableLUA"= 0 (0x0) 
  "EnableUIADesktopToggle"= 0 (0x0) 
  "PromptOnSecureDesktop"= 0 (0x0) 
  . 
  R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x] 
  R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] 
  R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] 
  R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] 
  R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] 
  R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x] 
  R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] 
  R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] 
  R3 mi-raysat_3dsmax2016_64;mental ray Satellite for Autodesk 3ds Max 2016 64-bit;c:\program files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe;c:\program files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [x] 
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] 
  R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] 
  R3 Yassak;Yassak;c:\program files (x86)\TemizNet\wlcomm.exe;c:\program files (x86)\TemizNet\wlcomm.exe [x] 
  S0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc64.sys;c:\windows\SYSNATIVE\drivers\kavbootc64.sys [x] 
  S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] 
  S1 KDHacker;KDHacker;c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys;c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [x] 
  S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x] 
  S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys;c:\windows\SYSNATIVE\drivers\kisknl.sys [x] 
  S2 kxescore;Kingsoft Core Service;c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe;c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [x] 
  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] 
  S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] 
  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] 
  S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x] 
  S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x] 
  S4 KUsbGuard;KUsbGuard;c:\program files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys;c:\program files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys [x] 
  . 
  . 
  Contents of the 'Scheduled Tasks' folder 
  . 
  2016-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job 
  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-24 18:37] 
  . 
  2016-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job 
  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05 09:42] 
  . 
  2016-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job 
  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05 09:42] 
  . 
  . 
  --------- X64 Entries ----------- 
  . 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted] 
  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" 
  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 
  2016-02-24 20:39	775064	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced] 
  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" 
  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 
  2016-02-24 20:39	775064	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing] 
  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" 
  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 
  2016-02-24 20:39	775064	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll 
  . 
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "VIAxHCUtl"="c:\program files\VIA XHCI UASP Utility\usb3Monitor" [X] 
  "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-13 13662936] 
  . 
  ------- Supplementary Scan ------- 
  . 
  uLocal Page = c:\windows\system32\blank.htm 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = <local> 
  TCP: DhcpNameServer = 192.168.1.1 
  FF - ProfilePath - c:\users\Ecrin\AppData\Roaming\Mozilla\Firefox\Profiles\b323t8it.default\ 
  FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.tr/?gfe_rd=cr&ei=UozHVqm5HaLY8Ael_paICA 
  . 
  - - - - ORPHANS REMOVED - - - - 
  . 
  Wow6432Node-HKCU-Run-Microsoft.Net - c:\users\Ecrin\Dosyalarım.exe 
  . 
  . 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
  . 
  [HKEY_USERS\S-1-5-21-3615535235-763976793-2235896908-1000_Classes\Wow6432Node\CLSID\{605d86c2-311c-4bdc-a5ea-5e1a5b9df173}] 
  @Denied: (Full) (Everyone) 
  @Allowed: (Read) (RestrictedCode) 
  "Model"=dword:00000035 
  "Therad"=dword:00000006 
  . 
  [HKEY_USERS\S-1-5-21-3615535235-763976793-2235896908-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] 
  @Denied: (Full) (Everyone) 
  "scansk"=hex(0):2e,a1,9e,a8,70,b2,74,86,0b,64,2e,ba,7d,fb,d3,af,74,c2,8c,1c,77, 
     95,d7,9d,95,cb,f9,6b,3c,f4,1e,b5,96,5d,c9,12,15,1d,99,61,00,00,00,00,00,00,\ 
  . 
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] 
  @Denied: (Full) (Everyone) 
  . 
  ------------------------ Other Running Processes ------------------------ 
  . 
  c:\program files (x86)\kingsoft\kingsoft antivirus\vulfix.exe 
  c:\users\Ecrin\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe 
  c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe 
  . 
  ************************************************************************** 
  . 
  Completion time: 2016-03-19  15:33:07 - machine was rebooted 
  ComboFix-quarantined-files.txt  2016-03-19 13:33 
  . 
  Pre-Run: 435.313.684.480 bayt boş 
  Post-Run: 435.142.144.000 bayt boş 
  . 
  - - End Of File - - DB00E553B30270376612C5114C316B96 
  A36C5E4F47E84449FF07ED3517B43A31

AYNIADAM

Yüzbaşı

370 Mesaj

Tüm Başarılarını Gör

quote:

Orijinalden alıntı: themyth_1905

Merhaba arkadaşlar,

Üni öğrencisiyim. Malum ben yokken bilgisayara evdekiler ne yaptılarsa geldiğimde hem bilgisayar yavaşlamıştı hem de internet 23mbit hız almasına rağmen çok yavaştı.

Not: Ben bırakırken hepsi çok iyi çalışıyordu :)

Combofix ile tarattırdım ve log aşağıda. Anlayan arkadaşlar yardımcı olursa sevinirim.

İşletim Sistemi Windows 7 64bit
Kingsoft Antivirüs 2012 kullanıyorum.

ComboFix 16-03-18.01 - Ecrin 19.03.2016  15:20:24.1.6 - x64 
  Microsoft Windows 7 Home Premium   6.1.7601.1.1254.90.1055.18.4061.2175 [GMT 2:00] 
  Running from: c:\users\Ecrin\Desktop\ComboFix.exe 
  AV: Kingsoft Antivirus System Defense *Disabled/Updated* {B6A51389-A795-5AC9-13BA-F569D73F3FE8} 
  SP: Kingsoft Antivirus System Defense *Disabled/Updated* {0DC4F26D-81AF-5547-290A-CE1BACB87555} 
  SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} 
  . 
  . 
  (((((((((((((((((((((((((((((((((((((((   Other Deletions   ))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_ctypes.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_elementtree.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_hashlib.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_multiprocessing.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_psutil_windows.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_socket.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_ssl.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\_yappi.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\common.time34.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\hashobjs_ext.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\pyexpat.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\pysqlite2._sqlite.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\python27.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\pythoncom27.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\PyWinTypes27.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\select.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\thumbnails_ext.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\unicodedata.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\usb_ext.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32api.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32com.shell.shell.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32crypt.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32event.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32file.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32gui.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32inet.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32pdh.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32pipe.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32process.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32profile.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32security.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\win32ts.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\windows._lib_cacheinvalidation.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._animate.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._controls_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._core_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._gdi_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._html2.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._misc_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._windows_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._wizard.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxbase30u_net_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxbase30u_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_adv_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_core_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_html_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxmsw30u_webview_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\mdi064.dll 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\dwm.exe 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libcurl-4.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libiconv-2.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libidn-11.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libintl-8.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\libwinpthread-1.dl1 
  c:\users\Ecrin\AppData\Local\Temp\msupdate71\zlib1.dl1 
  c:\users\Ecrin\Dosyalarım.exe 
  . 
  . 
  (((((((((((((((((((((((((   Files Created from 2016-02-19 to 2016-03-19  ))))))))))))))))))))))))))))))) 
  . 
  . 
  2016-03-19 13:26 . 2016-03-19 13:26	--------	d-----w-	c:\users\Default\AppData\Local\temp 
  2016-03-12 13:28 . 2016-03-12 13:28	--------	d-----w-	c:\users\Ecrin\Autodesk 
  2016-03-12 13:28 . 2016-03-12 13:28	--------	d-----w-	c:\users\Ecrin\AppData\Roaming\NVIDIA 
  2016-03-12 13:24 . 2016-03-12 13:25	--------	d-----w-	c:\programdata\FLEXnet 
  2016-03-12 13:20 . 2016-03-12 13:27	--------	d-----w-	c:\users\Ecrin\AppData\Local\Autodesk 
  2016-03-12 13:11 . 2016-03-12 13:11	--------	d-----w-	c:\program files (x86)\Autodesk 
  2016-03-12 13:06 . 2016-03-12 13:06	--------	d-----w-	c:\program files\Common Files\Macrovision Shared 
  2016-03-12 12:56 . 2016-03-12 13:19	--------	d-----w-	c:\program files\Common Files\Autodesk Shared 
  2016-03-12 12:56 . 2016-03-12 12:56	--------	d-----w-	c:\program files\Autodesk 
  2016-03-12 12:34 . 2016-03-12 12:34	--------	d-----w-	c:\windows\Migration 
  2016-03-12 12:29 . 2016-03-12 13:20	--------	d-----w-	c:\programdata\Package Cache 
  2016-03-12 12:27 . 2016-03-12 13:58	--------	d-----w-	c:\users\Ecrin\AppData\Roaming\Autodesk 
  2016-03-12 12:27 . 2016-03-12 13:25	--------	d-----w-	c:\programdata\Autodesk 
  2016-03-12 12:26 . 2016-03-12 12:26	--------	d-----w-	c:\users\Ecrin\AppData\Local\Akamai 
  2016-03-12 12:25 . 2016-03-12 12:25	--------	d-----w-	C:\Autodesk 
  2016-03-11 18:37 . 2016-03-11 18:37	11035328	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe 
  2016-03-07 20:37 . 2016-03-07 20:37	--------	d-----w-	c:\programdata\KRSHistory 
  2016-03-06 20:01 . 2016-03-06 20:01	--------	d-----w-	c:\windows\SysWow64\4206 
  2016-03-06 19:57 . 2016-03-06 21:39	454656	----a-w-	c:\windows\SysWow64\yssk.dll 
  2016-03-06 19:57 . 2011-04-04 16:03	20091117	----a-w-	c:\windows\SysWow64\Ozne.dll 
  2016-03-06 19:57 . 2011-04-01 06:37	634880	----a-w-	c:\windows\SysWow64\systroy.dll 
  2016-03-06 19:49 . 2016-03-06 19:49	8704	----a-w-	c:\windows\SysWow64\SpOrder.dll 
  2016-03-06 19:49 . 2016-03-06 19:49	73728	----a-w-	c:\windows\SysWow64\VistaInfo8.dll 
  2016-03-06 19:48 . 2016-03-07 20:36	--------	d-----w-	c:\program files (x86)\TemizNet 
  2016-03-06 19:40 . 2016-03-06 19:40	--------	d-----w-	c:\programdata\handyCafe 
  2016-03-06 19:39 . 2016-03-06 19:46	--------	d-----w-	c:\program files (x86)\Filtre Programi 
  2016-02-28 15:38 . 2016-02-28 15:38	--------	d-----w-	c:\program files (x86)\Internet Download Manager 
  2016-02-24 15:45 . 2016-02-24 15:45	--------	d-----w-	c:\users\Ecrin\AppData\Local\Macromedia 
  2016-02-24 15:40 . 2016-03-11 18:37	797376	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe 
  2016-02-24 15:40 . 2016-03-11 18:37	142528	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl 
  2016-02-24 15:40 . 2016-02-24 15:40	--------	d-----w-	c:\windows\SysWow64\Macromed 
  2016-02-24 15:40 . 2016-02-24 15:40	--------	d-----w-	c:\windows\system32\Macromed 
  2016-02-24 15:39 . 2016-02-24 15:40	--------	d-----w-	c:\users\Ecrin\AppData\Local\Adobe 
  2016-02-19 21:41 . 2016-02-19 21:47	--------	d-----w-	c:\users\Ecrin\AppData\Local\Mozilla 
  2016-02-19 21:40 . 2016-02-19 21:40	--------	d-----w-	c:\program files (x86)\Mozilla Maintenance Service 
  . 
  . 
  . 
  ((((((((((((((((((((((((((((((((((((((((   Find3M Report   )))))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  . 
  (((((((((((((((((((((((((((((((((((((   Reg Loading Points   )))))))))))))))))))))))))))))))))))))))))))))))))) 
  . 
  . 
  *Note* empty entries & legit default entries are not shown  
  REGEDIT4 
  . 
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2016-02-24 23260000] 
  "GoogleChromeAutoLaunch_308EB6A907AED472DC47A0C90CA049C6"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-03-16 1008792] 
  "Akamai NetSession Interface"="c:\users\Ecrin\AppData\Local\Akamai\netsession_win.exe" [2015-09-10 4691384] 
  . 
  [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 
  "kxesc"="c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" [2015-12-05 1595056] 
  "ADSKAppManager"="c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" [2016-02-24 529480] 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] 
  "ConsentPromptBehaviorAdmin"= 0 (0x0) 
  "ConsentPromptBehaviorUser"= 3 (0x3) 
  "EnableLUA"= 0 (0x0) 
  "EnableUIADesktopToggle"= 0 (0x0) 
  "PromptOnSecureDesktop"= 0 (0x0) 
  . 
  R1 UsbCharger;UsbCharger;c:\windows\system32\DRIVERS\UsbCharger.sys;c:\windows\SYSNATIVE\DRIVERS\UsbCharger.sys [x] 
  R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x] 
  R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x] 
  R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x] 
  R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x] 
  R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe [x] 
  R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x] 
  R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] 
  R3 mi-raysat_3dsmax2016_64;mental ray Satellite for Autodesk 3ds Max 2016 64-bit;c:\program files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe;c:\program files\Autodesk\3ds Max 2016\NVIDIA\Satellite\raysat_3dsmax2016_64server.exe [x] 
  R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x] 
  R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x] 
  R3 Yassak;Yassak;c:\program files (x86)\TemizNet\wlcomm.exe;c:\program files (x86)\TemizNet\wlcomm.exe [x] 
  S0 kavbootc;kavbootc;c:\windows\system32\drivers\kavbootc64.sys;c:\windows\SYSNATIVE\drivers\kavbootc64.sys [x] 
  S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x] 
  S1 KDHacker;KDHacker;c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys;c:\program files (x86)\kingsoft\kingsoft antivirus\security\kxescan\kdhacker64.sys [x] 
  S2 AdAppMgrSvc;Autodesk Application Manager Service;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe ;c:\program files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe  [x] 
  S2 kisknl;kisknl;c:\windows\system32\drivers\kisknl.sys;c:\windows\SYSNATIVE\drivers\kisknl.sys [x] 
  S2 kxescore;Kingsoft Core Service;c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe;c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe [x] 
  S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] 
  S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] 
  S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] 
  S3 VUSB3HUB;VIA USB 3 Root Hub Service;c:\windows\system32\DRIVERS\ViaHub3.sys;c:\windows\SYSNATIVE\DRIVERS\ViaHub3.sys [x] 
  S3 xhcdrv;VIA USB eXtensible Host Controller Service;c:\windows\system32\DRIVERS\xhcdrv.sys;c:\windows\SYSNATIVE\DRIVERS\xhcdrv.sys [x] 
  S4 KUsbGuard;KUsbGuard;c:\program files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys;c:\program files (x86)\kingsoft\kingsoft antivirus\kusbquery64.sys [x] 
  . 
  . 
  Contents of the 'Scheduled Tasks' folder 
  . 
  2016-03-19 c:\windows\Tasks\Adobe Flash Player Updater.job 
  - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-24 18:37] 
  . 
  2016-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job 
  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05 09:42] 
  . 
  2016-03-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job 
  - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-05 09:42] 
  . 
  . 
  --------- X64 Entries ----------- 
  . 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveBlacklisted] 
  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}" 
  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}] 
  2016-02-24 20:39	775064	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSynced] 
  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}" 
  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}] 
  2016-02-24 20:39	775064	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll 
  . 
  [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\  GoogleDriveSyncing] 
  @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}" 
  [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}] 
  2016-02-24 20:39	775064	----a-w-	c:\program files (x86)\Google\Drive\googledrivesync64.dll 
  . 
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 
  "VIAxHCUtl"="c:\program files\VIA XHCI UASP Utility\usb3Monitor" [X] 
  "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-12-13 13662936] 
  . 
  ------- Supplementary Scan ------- 
  . 
  uLocal Page = c:\windows\system32\blank.htm 
  uStart Page = about:blank 
  uInternet Settings,ProxyOverride = <local> 
  TCP: DhcpNameServer = 192.168.1.1 
  FF - ProfilePath - c:\users\Ecrin\AppData\Roaming\Mozilla\Firefox\Profiles\b323t8it.default\ 
  FF - prefs.js: browser.startup.homepage - hxxps://www.google.com.tr/?gfe_rd=cr&ei=UozHVqm5HaLY8Ael_paICA 
  . 
  - - - - ORPHANS REMOVED - - - - 
  . 
  Wow6432Node-HKCU-Run-Microsoft.Net - c:\users\Ecrin\Dosyalarım.exe 
  . 
  . 
  . 
  --------------------- LOCKED REGISTRY KEYS --------------------- 
  . 
  [HKEY_USERS\S-1-5-21-3615535235-763976793-2235896908-1000_Classes\Wow6432Node\CLSID\{605d86c2-311c-4bdc-a5ea-5e1a5b9df173}] 
  @Denied: (Full) (Everyone) 
  @Allowed: (Read) (RestrictedCode) 
  "Model"=dword:00000035 
  "Therad"=dword:00000006 
  . 
  [HKEY_USERS\S-1-5-21-3615535235-763976793-2235896908-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}] 
  @Denied: (Full) (Everyone) 
  "scansk"=hex(0):2e,a1,9e,a8,70,b2,74,86,0b,64,2e,ba,7d,fb,d3,af,74,c2,8c,1c,77, 
     95,d7,9d,95,cb,f9,6b,3c,f4,1e,b5,96,5d,c9,12,15,1d,99,61,00,00,00,00,00,00,\ 
  . 
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] 
  @Denied: (Full) (Everyone) 
  . 
  ------------------------ Other Running Processes ------------------------ 
  . 
  c:\program files (x86)\kingsoft\kingsoft antivirus\vulfix.exe 
  c:\users\Ecrin\AppData\Local\Autodesk\.AdskAppManager\R1\AdAppMgr.exe 
  c:\program files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe 
  . 
  ************************************************************************** 
  . 
  Completion time: 2016-03-19  15:33:07 - machine was rebooted 
  ComboFix-quarantined-files.txt  2016-03-19 13:33 
  . 
  Pre-Run: 435.313.684.480 bayt boş 
  Post-Run: 435.142.144.000 bayt boş 
  . 
  - - End Of File - - DB00E553B30270376612C5114C316B96 
  A36C5E4F47E84449FF07ED3517B43A31

Öncelikle fake antivürüs programı bulmuş sanırım. Kinston Antivürs sistem diye. Bu hizmeti durdurarak windowsun kendi antivürs hizmetini yeniden aktif etmiş.
Bknz:

AV: Kingsoft Antivirus System Defense *Disabled/Updated* {B6A51389-A795-5AC9-13BA-F569D73F3FE8} 
  SP: Kingsoft Antivirus System Defense *Disabled/Updated* {0DC4F26D-81AF-5547-290A-CE1BACB87555} 
  SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Hızlı bir tarama yazarak root dizin ve windows altındaki virüslü dosyaları silmiş.
Bknz:

c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._core_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._gdi_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._html2.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._misc_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._windows_.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wx._wizard.pyd 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxbase30u_net_vc90.dll 
  c:\users\Ecrin\AppData\Local\Temp\_MEI21842\wxbase30u_vc90.dll

Yinede tam sistem taraması yapmanız gerekmekte. ( Başka yazılımlarla )

Diğer başlıklara gelince. Sistem kayıt defterinde bulduğu virüslerle ilgili kayıtları silmiş, bu virüslerin kayıt defterinde işletim sisteminde ki yaptığı değişiklikleri ise varsayılan ayarlarına getirmiş.

Daha sonra zamanlanmış görevlerde tanımlı görevleride iptal etmiş.
Bazı ayarların değiştirilmesini önlemek için kilitlemiş. vs. vs.

Sonuç olarak sisteminde bulaşma var. Yapabildiği kadar temizliyip stabil hale getirmeye çalışmış.
İyi bir antivürs programı kurarak korumanı tamamla. Sistem halen stabil çalışmıyor ise yedek alıp yeniden kurulum yap.

Sayfa: 1

Benzer içerikler

Ip işlemleri

Bu mesaj IP'si ile atılan mesajları ara Bu kullanıcının son IP'si ile atılan mesajları ara Bu mesaj IP'si ile kullanıcı ara Bu kullanıcının son IP'si ile kullanıcı ara

KAPAT X

%40
Kazan

%2,8
Kazan

%5
Kazan

%6,8
Kazan

%1,6
Kazan

%3,2
Kazan

%5,5
Kazan

%1,2
Kazan

%5
Kazan

%3,2
Kazan

%6,4
Kazan

%2
Kazan

Alışveriş Yaptıkça Para Kazan Harekete Geç »