Üye Girişi
Bağlan Google+ ile Bağlan Facebook ile Bağlan
Yeni Kayıt
Tüm Forumlar
  • Tüm Forumlar
  • İşletim Sistemleri ve Yazılımlar
  • Yazılım Genel
  • Güvenlik Programları
  • Bu Konuda
Şimdi Ara

Combofix log'undan anlayan varsa bakabilir mi?

Sıcak Fırsatlarda Tıklananlar
Editörün Seçtiği Fırsatlar
Daha Fazla
Bu Konudaki Kullanıcılar: Daha Az
2 Misafir (1 Mobil) - 1 Masaüstü1 Mobil
5 sn
1
Cevap
0
Favori
710
Tıklama
Daha Fazla
İstatistik
  • Konu İstatistikleri Yükleniyor
Konuya Özel
0 oy
Öne Çıkar
Cevapla
Sayfa: 1
Giriş
Mesaj
  • Anlayan bi arkadaş varsa bi sorun olup olmadığını bana söyleyebilir mi?



    ComboFix 16-11-13.01 - Callott 28.11.2016 14:33:46.6.2 - x64
    Microsoft Windows 7 Home Basic 6.1.7601.1.1254.90.1055.18.3069.1599 [GMT 3:00]
    Running from: c:\users\Callott\Desktop\ComboFix.exe
    AV: ESET Smart Security 10.0.369.2 *Disabled/Updated* {EC1D6F37-E411-475A-DF50-12FF7FE4AC70}
    FW: ESET Kişisel güvenlik duvarı *Enabled* {D426EE12-AE7E-4602-F40F-BBCA8137EB0B}
    SP: ESET Smart Security 10.0.369.2 *Disabled/Updated* {577C8ED3-C22B-48D4-E5E0-298D0463E6CD}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2016-10-28 to 2016-11-28 )))))))))))))))))))))))))))))))
    .
    .
    2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\Public\AppData\Local\temp
    2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\NULL\AppData\Local\temp
    2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
    2016-11-28 12:52 . 2016-11-28 12:52 -------- d-----w- c:\users\AppData\AppData\Local\temp
    2016-11-22 20:19 . 2016-11-22 20:19 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3220.dll
    2016-11-22 15:02 . 2016-11-22 15:02 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3748.dll
    2016-11-18 19:01 . 2016-11-18 19:01 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3184.dll
    2016-11-14 18:10 . 2016-11-14 18:10 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3472.dll
    2016-11-13 15:26 . 2016-11-13 15:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3524.dll
    2016-11-10 16:40 . 2016-11-10 16:40 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.396.dll
    2016-11-06 19:26 . 2016-11-06 19:26 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3700.dll
    2016-11-06 12:06 . 2016-11-06 12:06 -------- d-----w- c:\users\Callott\AppData\Local\ESET
    2016-11-06 12:00 . 2016-11-06 12:00 -------- d-----w- c:\program files\ESET
    2016-11-06 11:39 . 2016-11-06 11:39 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3264.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2016-11-12 20:34 . 2012-04-17 11:57 796352 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2016-11-12 20:34 . 2011-05-16 14:34 142528 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2016-10-27 16:31 . 2016-10-27 16:31 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.2848.dll
    2016-10-22 20:30 . 2016-10-22 20:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.4076.dll
    2016-10-18 16:30 . 2016-10-18 16:30 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.4204.dll
    2016-10-13 12:39 . 2016-10-13 12:39 91784 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
    2016-10-13 12:39 . 2016-10-13 12:39 76416 ----a-w- c:\windows\system32\drivers\epfw.sys
    2016-10-13 12:39 . 2016-10-13 12:39 59528 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
    2016-10-13 12:39 . 2016-10-13 12:39 48768 ----a-w- c:\windows\system32\drivers\ekbdflt.sys
    2016-10-13 12:39 . 2016-10-13 12:39 232072 ----a-w- c:\windows\system32\drivers\eamonm.sys
    2016-10-13 12:39 . 2016-10-13 12:39 212096 ----a-w- c:\windows\system32\drivers\edevmon.sys
    2016-10-13 12:39 . 2016-10-13 12:39 177792 ----a-w- c:\windows\system32\drivers\ehdrv.sys
    2016-10-10 18:55 . 2016-10-10 18:55 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3908.dll
    2016-10-07 20:48 . 2016-10-07 20:48 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{32FE68B9-09D7-48A4-9A65-FE237FE1B638}\offreg.3132.dll
    2016-10-06 03:47 . 2010-03-07 18:53 142482544 ----a-w- c:\windows\system32\MRT.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2010-07-06 385024]
    "GoogleChromeAutoLaunch_DF26C9F6414BAB9A5A57F040BA672424"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2016-11-08 921192]
    "GoogleChromeAutoLaunch_6A6DF605C701B1A70A8ED895F7BE9FBB"="c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe" [2016-10-21 2466296]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "UpdatePRCShortCut"="c:\program files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
    "Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2009-06-22 60464]
    "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152]
    "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-07-06 98304]
    "WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
    "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
    "Magic Desktop for HP notification"="c:\programdata\Easybits Magic Desktop for HP\mdhpSUN.exe" [2015-11-23 1444880]
    "KeyScrambler"="c:\program files (x86)\KeyScrambler\keyscrambler.exe" [2016-04-01 515600]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "SoftwareSASGeneration"= 1 (0x1)
    .
    [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\system]
    "WallpaperStyle"= 2
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    "AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "mixer"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Notification Packages REG_MULTI_SZ scecli c:\program files\TrueKey\McAfeeTrueKeyPasswordFilter
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    R2 InstallerService;Service Installer TrueKey;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe;c:\program files\TrueKey\Mcafee.TrueKey.InstallerService.exe [x]
    R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R2 TrueKeyScheduler;Intel Security True Key Scheduler;c:\program files\TrueKey\McTkSchedulerService.exe;c:\program files\TrueKey\McTkSchedulerService.exe [x]
    R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]
    R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
    R3 TrueKeyServiceHelper;TrueKeyServiceHelper;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe;c:\program files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
    S0 edevmon;edevmon;c:\windows\system32\DRIVERS\edevmon.sys;c:\windows\SYSNATIVE\DRIVERS\edevmon.sys [x]
    S0 fsbts;fsbts;c:\windows\system32\Drivers\fsbts.sys;c:\windows\SYSNATIVE\Drivers\fsbts.sys [x]
    S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys;c:\windows\SYSNATIVE\DRIVERS\cmderd.sys [x]
    S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys;c:\windows\SYSNATIVE\DRIVERS\cmdguard.sys [x]
    S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys;c:\windows\SYSNATIVE\DRIVERS\cmdhlp.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
    S1 EpfwLWF;ESET Personal Firewall;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
    S1 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
    S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 ekbdflt;ekbdflt;c:\windows\system32\DRIVERS\ekbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\ekbdflt.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
    S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
    S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
    S2 TrueKey;Intel Security True Key;c:\program files\TrueKey\McAfee.TrueKey.Service.exe;c:\program files\TrueKey\McAfee.TrueKey.Service.exe [x]
    S2 YandexBrowserService;Yandex.Browser Update Service;c:\program files (x86)\Yandex\YandexBrowser\16.10.0.2564\service_update.exe;c:\program files (x86)\Yandex\YandexBrowser\16.10.0.2564\service_update.exe [x]
    S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys;c:\windows\SYSNATIVE\DRIVERS\enecir.sys [x]
    S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys;c:\windows\SYSNATIVE\DRIVERS\jmcr.sys [x]
    S3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys;c:\windows\SYSNATIVE\drivers\keyscrambler.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr QWAVE wcncsvc
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    ezSharedSvc
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2009-06-17 09:11 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2016-11-15 15:05 1364072 ----a-w- c:\program files (x86)\Google\Chrome\Application\54.0.2840.99\Installer\chrmstp.exe
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
    2016-06-30 11:55 322232 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2016-11-19 c:\windows\Tasks\Adobe Flash Player PPAPI Notifier.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashUtil32_23_0_0_207_pepper.exe [2016-11-12 20:34]
    .
    2015-11-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 20:34]
    .
    2015-10-14 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721209474-1067754816-3221522413-1000Core.job
    - c:\users\Callott\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 15:24]
    .
    2015-11-09 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-721209474-1067754816-3221522413-1000UA.job
    - c:\users\Callott\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-10-19 15:24]
    .
    2015-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
    .
    2016-02-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d12f5b9790a717.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
    .
    2016-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore1d15f2f61cbb370.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
    .
    2015-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
    .
    2016-02-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d12f5b98185586.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
    .
    2016-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1d15f2f6673c925.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-03-04 19:54]
    .
    2015-10-12 c:\windows\Tasks\HPCeeScheduleForCALLOTT-CALLOTT$.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
    .
    2015-11-09 c:\windows\Tasks\HPCeeScheduleForCallott.job
    - c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 02:43]
    .
    2016-11-28 c:\windows\Tasks\Yandex Browser güncellemesi.job
    - c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
    .
    2016-11-28 c:\windows\Tasks\Yandex Browser'ın sistem güncellemesi.job
    - c:\program files (x86)\Yandex\YandexBrowser\16.10.0.2564\service_update.exe [2016-10-27 10:04]
    .
    2016-11-22 c:\windows\Tasks\Yandex.Browser güncellemesi .job
    - c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
    .
    2016-09-06 c:\windows\Tasks\Yandex.Browser güncellemesi.job
    - c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
    .
    2016-11-27 c:\windows\Tasks\?????????? ???????? ?????? .job
    - c:\users\Callott\AppData\Local\Yandex\YandexBrowser\Application\browser.exe [2015-08-24 10:03]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=c:\windows\System32\guard64.dll
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page =https://www.google.com/?trackid=sp-006
    mStart Page =https://www.google.com/?trackid=sp-006
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page =https://www.google.com/search?trackid=sp-006&q={searchTerms}
    mSearch Bar =https://www.google.com/?trackid=sp-006
    uInternet Settings,ProxyOverride = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
    uInternet Settings,ProxyServer = http=127.0.0.1:8555;https=127.0.0.1:8555
    IE: Bütün linkleri IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
    IE: Free Download Manager ile indir - file://c:\program files (x86)\Free Download Manager\dllink.htm
    IE: Free Download Manager ile seçileni indir - file://c:\program files (x86)\Free Download Manager\dlselected.htm
    IE: Free Download Manager ile tümünü indir - file://c:\program files (x86)\Free Download Manager\dlall.htm
    IE: Görüntüyü &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
    IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Sayfayı &Bluetooth Aygıtına Gönder... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: Videoyu Free Download Manager ile indir - file://c:\program files (x86)\Free Download Manager\dlfvideo.htm
    Trusted Zone: eset.com\help
    TCP: DhcpNameServer = 37.220.8.189 37.220.8.190
    TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}: NameServer = 195.175.39.39,195.175.39.40
    TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\14942545945435F52545D2230353: NameServer = 4.2.2.1,4.2.2.2
    TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\4545E45445F5A5978554C4F5D4736433: NameServer = 195.175.39.39,195.175.39.40
    TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\77869637B697: NameServer = 77.88.8.8,77.88.8.1
    TCP: Interfaces\{D466474C-08F1-4066-B0BC-9F0221BA478F}\84F4E4F425F505C4B4F523534424: NameServer = 195.175.39.39,195.175.39.40
    DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} - hxxps://www.isbank.com.tr/Internet/lib/JaguarEdit4ISBv29.CAB
    DPF: {E55FD215-A32E-43FE-A777-A7E8F165F560} - hxxp://download.flatcast.net/objects/NpFv522.dll
    DPF: {E55FD215-A32E-43FE-A777-A7E8F165F561} - hxxp://download.flatcast.net/objects/NpFv530.dll
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{4F524A2D-5350-4500-76A7-7A786E7484D7} - (no file)
    Toolbar-{4F524A2D-5350-4500-76A7-7A786E7484D7} - (no file)
    BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
    ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
    ShellIconOverlayIdentifiers-{CDC95B92-E27C-4745-A8C5-64A52A78855D} - (no file)
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-721209474-1067754816-3221522413-1000_Classes\VirtualStore\MACHINE\SOFTWARE\zbshareware]
    @DACL=(02 0000)
    .
    [HKEY_USERS\S-1-5-21-721209474-1067754816-3221522413-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):eb,bd,0d,01,45,13,73,7a,48,d2,55,74,fd,85,b7,38,38,d1,1f,20,fd,
    cf,9b,a3,47,8e,83,80,7e,4e,60,a6,58,38,29,53,86,a7,3d,5c,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-721209474-1067754816-3221522413-1000_Classes\Wow6432Node\CLSID\{cb34a7a4-9551-4ad8-9bb5-ec0c1f97eef2}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:0000008f
    "Therad"=dword:00000015
    "MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
    1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_207_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_207_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_207_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_207_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.19"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_207.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\ÿ*]
    "Policy"=dword:00000003
    "AppName"=""
    "AppPath"="c:\\Program Files (x86)\\Siber Systems\\AI RoboForm"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\*@]
    "Policy"=dword:00000003
    "AppName"=""
    "AppPath"="c:\\Program Files (x86)\\Siber Systems\\AI RoboForm"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\zbshareware]
    @DACL=(02 0000)
    DUMPHIVE0.003 (REGF)
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2016-11-28 16:01:04
    ComboFix-quarantined-files.txt 2016-11-28 13:01
    ComboFix2.txt 2016-10-08 17:31
    .
    Pre-Run: 69.387.825.152 bayt boş
    Post-Run: 69.203.214.336 bayt boş
    .
    - - End Of File - - 68482252714707FFB3704B8697D814A3
    531B3DFEBDC6EB98B0A7C03E8C5078C6







    • Yapay Zeka’dan İlgili Konular
    Excel'den anlayan biri acil yardım edebilir mi?
    3 yıl önce açıldı
    BİRİ MAİLİ KONTROL EDEBİLİR Mİ
    2 yıl önce açıldı
    modem hatası ne olur anlayan varsa bi baksın
    9 yıl önce açıldı
    Daha Fazla Göster
    
Sayfa: 1

Benzer içerikler

- x
Bildirim
mesajınız kopyalandı (ctrl+v) yapıştırmak istediğiniz yere yapıştırabilirsiniz.
Hizmet kalitesi için çerezleri kullanabiliriz, DH'yi kullanırken depoladığımız çerezlerle ilgili veri politikamıza gözatın.
Kabul Ediyorum