DH Anasayfa
İndirim Kodu
Ara
Popüler
Foruma Git
Hakkımızda
Destek
Mobil Sürüm
Standart Site Görünümü
Bu Konuda
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Arama butonu
Bağlan:
Facebook
Google+
Twitter
Aşağı Git Tüm Forumlar İşletim Sistemleri ve Yazılımlar Yazılım Genel Güvenlik Programları Combofix log'undan anlayan varsa bakabilir mi?
Bu konudaki kullanıcılar: 1 misafir, 1 mobil kullanıcı
0
Cevap 892
Tıklama 0
Öne Çıkarma
Combofix log'undan anlayan varsa bakabilir mi?
Cevap Yaz
Konuya Özel
C
callottemre
9 yıl (755 mesaj)
Yüzbaşı
Konu Sahibi

Anlayan bi arkadaş varsa bi sorun olup olmadığını bana söyleyebilir mi?



ComboFix 16-11-13.01 - Callott 28.11.2016 14:33:46.6.2 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.3069.1599 [GMT 3:00]
Running from: c:\users\Callott\Desktop\ComboFix.exe
AV: ESET Smart Security 10.0.369.2 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
FW: ESET Kişisel güvenlik duvarı *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
SP: ESET Smart Security 10.0.369.2 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2016-10-28 to 2016-11-28 )))))))))))))))))))))))))))))))
.
.
2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\NULL\AppData\Local\temp
2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\AppData\AppData\Local\temp
2016-11-22 20:19 . 2016-11-22 20:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3220.dll
2016-11-22 15:02 . 2016-11-22 15:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3748.dll
2016-11-18 19:01 . 2016-11-18 19:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3184.dll
2016-11-14 18:10 . 2016-11-14 18:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3472.dll
2016-11-13 15:26 . 2016-11-13 15:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3524.dll
2016-11-10 16:40 . 2016-11-10 16:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.396.dll
2016-11-06 19:26 . 2016-11-06 19:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3700.dll
2016-11-06 12:06 . 2016-11-06 12:06 -------- d-----w- c:\users\Callott\AppData\Local\ESET
2016-11-06 12:00 . 2016-11-06 12:00 -------- d-----w- c:\program files\ESET
2016-11-06 11:39 . 2016-11-06 11:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3264.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2016-11-12 20:34 . 2012-04-17 11:57 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2016-11-12 20:34 . 2011-05-16 14:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2016-10-27 16:31 . 2016-10-27 16:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.2848.dll
2016-10-22 20:30 . 2016-10-22 20:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.4076.dll
2016-10-18 16:30 . 2016-10-18 16:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.4204.dll
2016-10-13 12:39 . 2016-10-13 12:39 91784 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2016-10-13 12:39 . 2016-10-13 12:39 76416 ----a-w- c:\windows\system32\drivers\epfw.sys
2016-10-13 12:39 . 2016-10-13 12:39 59528 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2016-10-13 12:39 . 2016-10-13 12:39 48768 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
2016-10-13 12:39 . 2016-10-13 12:39 232072 ----a-w- c:\windows\system32\drivers\eamonm.sys
2016-10-13 12:39 . 2016-10-13 12:39 212096 ----a-w- c:\windows\system32\drivers\edevmon.sys
2016-10-13 12:39 . 2016-10-13 12:39 177792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2016-10-10 18:55 . 2016-10-10 18:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3908.dll
2016-10-07 20:48 . 2016-10-07 20:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3132.dll
2016-10-06 03:47 . 2010-03-07 18:53 142482544 ----a-w- c:\windows\system32\MRT.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2010-07-06 385024]
"GoogleChromeAutoLaunch_DF26C9F6414BAB9A5A57F040BA672424"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-11-08 921192]
"GoogleChromeAutoLaunch_6A6DF605C701B1A70A8ED895F7BE9FBB"="c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" [2016-10-21 2466296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-23 1444880]
"KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2016-04-01 515600]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
"WallpaperStyle"= 2
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
S2 YandexBrowserService;Yandex.Browser Update Service;c:\program files (x86)\Yandex\YandexBrowser\16.10.0.2564\service_update.exe;c:\program files (x86)\Yandex\YandexBrowser\16.10.0.2564\service_update.exe [x]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 09:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2016-11-15 15:05 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2016-11-19 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
- c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-12 20:34]
.
2015-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 20:34]
.
2015-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721209474-1067754816-3221522413-1000Core.job
- c:\users\Callott\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 15:24]
.
2015-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721209474-1067754816-3221522413-1000UA.job
- c:\users\Callott\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 15:24]
.
2015-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
.
2016-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12f5b9790a717.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
.
2016-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15f2f61cbb370.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
.
2015-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
.
2016-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d12f5b98185586.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
.
2016-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15f2f6673c925.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
.
2015-10-12 c:\windows\Tasks\HPCeeScheduleForCALLOTT-CALLOTT$.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2015-11-09 c:\windows\Tasks\HPCeeScheduleForCallott.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
.
2016-11-28 c:\windows\Tasks\Yandex Browser güncellemesi.job
- c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
.
2016-11-28 c:\windows\Tasks\Yandex Browser'ın sistem güncellemesi.job
- c:\program files (x86)\Yandex\YandexBrowser\16.10.0.2564\service_update.exe [2016-10-27 10:04]
.
2016-11-22 c:\windows\Tasks\Yandex.Browser güncellemesi .job
- c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
.
2016-09-06 c:\windows\Tasks\Yandex.Browser güncellemesi.job
- c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
.
2016-11-27 c:\windows\Tasks\?????????? ???????? ?????? .job
- c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page =https://www.google.com/?trackid=sp-006
mStart Page =https://www.google.com/?trackid=sp-006
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page =https://www.google.com/search?trackid=sp-006&q={searchTerms}
mSearch Bar =https://www.google.com/?trackid=sp-006
uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
IE: Bütün linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Free Download Manager ile indir - file://c:\program files (x86)\Free Download Manager\dllink.htm
IE: Free Download Manager ile seçileni indir - file://c:\program files (x86)\Free Download Manager\dlselected.htm
IE: Free Download Manager ile tümünü indir - file://c:\program files (x86)\Free Download Manager\dlall.htm
IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Videoyu Free Download Manager ile indir - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
Trusted Zone: eset.com\help
TCP: DhcpNameServer = 37.220.8.189 37.220.8.190
TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}: NameServer = 195.175.39.39,195.175.39.40
TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\14942545945435F52545D2230353: NameServer = 4.2.2.1,4.2.2.2
TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\4545E45445F5A5978554C4F5D4736433: NameServer = 195.175.39.39,195.175.39.40
TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\77869637B697: NameServer = 77.88.8.8,77.88.8.1
TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\84F4E4F425F505C4B4F523534424: NameServer = 195.175.39.39,195.175.39.40
DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://download.flatcast.net/objects/NpFv522.dll
DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} - hxxp://download.flatcast.net/objects/NpFv530.dll
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{4F524A2D-5350-4500-76A7-7A786E7484D7} - (no file)
Toolbar-{4F524A2D-5350-4500-76A7-7A786E7484D7} - (no file)
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-721209474-1067754816-3221522413-1000_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-721209474-1067754816-3221522413-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):eb,bd,0d,01,45,13,73,7a,48,d2,55,74,fd,85,b7,38,38,d1,1f,20,fd,
cf,9b,a3,47,8e,83,80,7e,4e,60,a6,58,38,29,53,86,a7,3d,5c,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-721209474-1067754816-3221522413-1000_Classes\Wow6432Node\CLSID\{cb34a7a4-9551-4ad8-9bb5-ec0c1f97eef2}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000008f
"Therad"=dword:00000015
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_207_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_207_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ÿ*]
"Policy"=dword:00000003
"AppName"=""
"AppPath"="c:\\Program Files (x86)\\Siber Systems\\AI RoboForm"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\*@]
"Policy"=dword:00000003
"AppName"=""
"AppPath"="c:\\Program Files (x86)\\Siber Systems\\AI RoboForm"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\zbshareware]
@DACL=(02 0000)
DUMPHIVE0.003 (REGF)
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2016-11-28 16:01:04
ComboFix-quarantined-files.txt 2016-11-28 13:01
ComboFix2.txt 2016-10-08 17:31
.
Pre-Run: 69.387.825.152 bayt boş
Post-Run: 69.203.214.336 bayt boş
.
- - End Of File - - 68482252714707FFB3704B8697D814A3
531B3DFEBDC6EB98B0A7C03E8C5078C6



Cevap Yaz
Tüm Forumlar İşletim Sistemleri ve Yazılımlar Yazılım Genel Güvenlik Programları Combofix log'undan anlayan varsa bakabilir mi?
DH Mobil uygulaması ile devam edin. Mobil tarayıcınız ile mümkün olanların yanı sıra, birçok yeni ve faydalı özelliğe erişin.
App Store'danİndirin Google Play'denİndirin
Gizle ve güncelleme çıkana kadar tekrar gösterme.
DonanımHaber Forum - Mini Sürüm

Hakkımızda | Yukarı

Tam sürüm için tıklayınız
Version: 1.2.885
Donanım Sponsoru: incehesap.com