Peki bir antivirüs bilgisayarınızda yüklü mü yani?
Bilgisayar açılıdğı zaman deferdere girebildim tarama kısmı çıktı karşıma tara dediğim zaman bir işlem yapmadı, daha sonra bu uyarı çıktı karşıma.
Kaspersky yüklüydü dediğiniz işlemleri yüklüyken de denedim sildikten sonra da denedim ama bir şey fark etmedi.
Evet benim.Hesapta yönetici siz misiniz?
Aşağıdaki raporu paylaşın.
Rehber: Farbar Recovery Scan ile Rapor Hazırlama
Konu içinde rapor paylaşacak olan kişi sorununu açıkça belirtmesi gereklidir. Yazılımı bir klasör içine atıp altta verilen şıklar işaretli şekilde Scan yapın. Scan bitince klasör içinde çıkan txt dosyalarını rarlayıp dosya upload servislerinden birine upload edip paylaşın. Kurallara uygun...www.technopat.net
Start::
CreateRestorePoint:
CloseProcesses:
C:\Users\Emre\AppData\Roaming\Routes\Routes.exe
HKLM-x32\...\Run: [] => [X]
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction
HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\Run: [Routes] => C:\Users\Emre\AppData\Roaming\Routes\Routes.exe
HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\RunOnce: [Application Restart #0] => C:\Users\Emre\AppData\Roaming\Routes\Routes.exe
HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\MountPoints2: {3ffa9bc3-1f9f-11ec-9431-2cf05d8a0d41} - "E:\Autorun.exe"
HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\MountPoints2: {bd6823da-600a-11ec-94c8-2cf05d8a0d41} - "D:\HiSuiteDownLoader.exe"
GroupPolicy: Restriction - Windows Defender
Policies: C:\ProgramData\NTUSER.pol: Restriction
Task: {9FC30D85-2EA4-4501-8229-A2C4605D097C} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe
Task: {A1D558E0-4A47-446B-B79B-5A6EC94825E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe
Task: {FDCF17B8-1819-437C-B1C5-38A5C465FED7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe
AutoConfigURL: [{AF5AA64B-A50F-4C1C-925B-FE10C3C946C2}] => hxxp://lib.comu.edu.tr/files/proxy.pac
AutoConfigURL: [S-1-5-21-3437352321-2927275522-3856954365-1002] => hxxp://lib.comu.edu.tr/files/proxy.pac
Tcpip\..\Interfaces\{7ab3b02a-efbd-474a-81f5-0c9b3c6dafd6}: [DhcpNameServer] 192.168.1.1
ManualProxies: 0hxxp://lib.comu.edu.tr/files/proxy.pac
OPR DefaultSearchURL: Opera Stable -> hxxps://find-it.pro/search?q={searchTerms}
OPR DefaultSearchKeyword: Opera Stable -> find-it.pro
S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe"
S3 EraserUtilDrv11912; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11912.sys
S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\ENG64.SYS
S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\EX64.SYS
C:\Users\Emre\AppData\Roaming\Routes
C:\Windows\DotNetZip.dll
C:\Users\Emre\AppData\Local\PUTTY.RND
C:\Users\Emre\AppData\Local\Routes
C:\ProgramData\CT3OH5VRK5U012KGH1RTHWAUT
C:\ProgramData\92ZQLC09JBQB40WXZFA51JUKW
C:\Program Files (x86)\AtomTweaker
C:\Program Files (x86)\lSmWvXKKfqUn
C:\ProgramData\ZvEHJNdJDJxIeVVB
C:\Program Files (x86)\wjTkFrExU
C:\Program Files (x86)\uAhcATovcXckvYCnvyR
C:\Program Files (x86)\GuXKuCyCeSmjC
C:\Program Files (x86)\bQZEOuyekqRU2
C:\Program Files (x86)\GiGklFKwjXUn
C:\Program Files (x86)\mqksUmuGzetwJirbMaR
C:\Program Files (x86)\IbTVEepHQDQWC
C:\ProgramData\5L4PXA14N4KHHX2F89VEWUM1B
C:\Users\Emre\AppData\Local\IO Interactive
C:\Windows\red.dll
C:\ProgramData\XMDMAY9U6Q31FMF8W1LH42B57
C:\Program Files (x86)\ZkWLQVWleOUU2
C:\ProgramData\GKRfdfPgktwkhHVB
C:\Program Files (x86)\RKpoxZzTU
C:\Windows\WMK.InstallState
C:\Windows\InstallUtil.InstallLog
C:\Windows\WMK.InstallLog
C:\Users\Emre\AppData\Roaming\tor
C:\Users\Emre\AppData\Roaming\wc
C:\ProgramData\ntuser.pol
C:\Program Files (x86)\PowerControl
C:\Windows\system32\Tasks\PowerControl HR
C:\Windows\system32\Tasks\PowerControl LG
C:\Users\Emre\AppData\LocalLow\NVoMNg1904R.zip
C:\Users\Emre\AppData\Roaming\ProfCleaner
C:\Users\Emre\AppData\LocalLow\wT6wL5h
C:\Users\Emre\AppData\Local\TheJengo
C:\Users\Emre\AppData\Roaming\IO Interactive
C:\Users\Emre\Downloads\codex-hitman.3 (3).torrent
C:\Windows\system32\Windows.Management.InprocObjects.dll
C:\Users\Emre\Downloads\codex-hitman.3 (2).torrent
C:\Users\Emre\Downloads\codex-hitman.3 (1).torrent
C:\Users\Emre\Downloads\Hitman.3-CODEX
C:\Users\Emre\Downloads\codex-hitman.3.torrent
C:\Users\Emre\Downloads\f1644153599.zip
C:\ProgramData\DP45977C.lfl
C:\Users\Emre\AppData\Local\2636042875
C:\Users\Emre\AppData\Local\PUTTY.RND
C:\Windows\SysWOW64\ForgiveMe.exe
VirusTotal: C:\Windows\SysWOW64\ForgiveMe.exe
C:\Users\Emre\Pictures\Adobe Films\
C:\Windows\system32\msln.exe
C:\Program Files\ESET
EmptyTemp:
End::start::
HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (No File)
Edge HKLM-x32\...\Edge\Extension: [odbmjgikedenicicookngdckhkjbebpd]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NS_22.8.0.50\coFFAddon => not found
S2 AppServicea; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicea; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceb; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceb; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicec; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicec; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiced; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiced; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicee; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicee; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicef; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicef; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceg; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceg; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceh; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceh; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicei; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicei; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicej; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicej; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicek; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicek; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicel; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicel; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicem; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicem; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicen; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicen; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceo; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceo; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicep; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServicep; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceq; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServiceq; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServices; C:\Windows\System32\svchost.exe [59952 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
S2 AppServices; C:\Windows\SysWOW64\svchost.exe [49600 2022-03-12] (Microsoft Windows Publisher -> Microsoft Corporation) <==== ATTENTION <==== ATTENTION (no ServiceDLL)
AV: Norton Security (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Norton Security (Enabled - Out of date) {9E3FD331-C4C2-7AC4-0537-131EEF1B1F8A}
FW: Norton Security (Disabled) {A6045214-8EAD-7B9C-2E68-BA2B11C858F1}
FW: Norton Security (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
IE trusted site: HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\webcompanion.com -> hxxp://webcompanion.com
end::Sistem servisinde sorun var. Kaspersky ıs ile sistemi taratın.
Atomtweaker, ESET, Norton, Hitman 3 bunları kaldırın var olanları.
Bunlarla da av artıklarını kaldırın. Sistemden düzgün kaldırılmadığından Defender açılmaz.
Clean viruses and spyware with malware removal | ESET
Expert malware removal done remotely, removes all traces of viruses or spyware for a low, predictable fixed-rate fee.www.eset.com
Bunları fixleyin:
Kod:Start:: CreateRestorePoint: CloseProcesses: C:\Users\Emre\AppData\Roaming\Routes\Routes.exe HKLM-x32\...\Run: [] => [X] HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction. HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\Run: [Routes] => C:\Users\Emre\AppData\Roaming\Routes\Routes.exe HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\RunOnce: [Application Restart #0] => C:\Users\Emre\AppData\Roaming\Routes\Routes.exe HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\MountPoints2: {3ffa9bc3-1f9f-11ec-9431-2cf05d8a0d41} - "E:\Autorun.exe" HKU\S-1-5-21-3437352321-2927275522-3856954365-1002\...\MountPoints2: {bd6823da-600a-11ec-94c8-2cf05d8a0d41} - "D:\HiSuiteDownLoader.exe" GroupPolicy: Restriction - Windows Defender. Policies: C:\ProgramData\NTUSER.pol: Restriction. Task: {9FC30D85-2EA4-4501-8229-A2C4605D097C} - System32\Tasks\Intel\Intel Telemetry 2 (x86) => C:\Program Files (x86)\Intel\Telemetry 2.0\lrio.exe Task: {A1D558E0-4A47-446B-B79B-5A6EC94825E9} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe Task: {FDCF17B8-1819-437C-B1C5-38A5C465FED7} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCmdRun.exe AutoConfigURL: [{AF5AA64B-A50F-4C1C-925B-FE10C3C946C2}] => hxxp://lib.comu.edu.tr/files/proxy.pac AutoConfigURL: [S-1-5-21-3437352321-2927275522-3856954365-1002] => hxxp://lib.comu.edu.tr/files/proxy.pac Tcpip\..\Interfaces\{7ab3b02a-efbd-474a-81f5-0c9b3c6dafd6}: [DhcpNameServer] 192.168.1.1 ManualProxies: 0hxxp://lib.comu.edu.tr/files/proxy.pac OPR DefaultSearchURL: Opera Stable -> hxxps://find-it.pro/search?q={searchTerms} OPR DefaultSearchKeyword: Opera Stable -> find-it.pro S2 ekrn; "C:\Program Files\ESET\ESET Security\ekrn.exe" S3 EraserUtilDrv11912; \??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11912.sys S3 NAVENG; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\ENG64.SYS S3 NAVEX15; \??\C:\Program Files (x86)\Norton Security\NortonData\22.8.0.50\Definitions\SDSDefs\20160915.023\EX64.SYS C:\Users\Emre\AppData\Roaming\Routes C:\Windows\DotNetZip.dll C:\Users\Emre\AppData\Local\PUTTY.RND C:\Users\Emre\AppData\Local\Routes C:\ProgramData\CT3OH5VRK5U012KGH1RTHWAUT C:\ProgramData\92ZQLC09JBQB40WXZFA51JUKW C:\Program Files (x86)\AtomTweaker C:\Program Files (x86)\lSmWvXKKfqUn C:\ProgramData\ZvEHJNdJDJxIeVVB C:\Program Files (x86)\wjTkFrExU C:\Program Files (x86)\uAhcATovcXckvYCnvyR C:\Program Files (x86)\GuXKuCyCeSmjC C:\Program Files (x86)\bQZEOuyekqRU2 C:\Program Files (x86)\GiGklFKwjXUn C:\Program Files (x86)\mqksUmuGzetwJirbMaR C:\Program Files (x86)\IbTVEepHQDQWC C:\ProgramData\5L4PXA14N4KHHX2F89VEWUM1B C:\Users\Emre\AppData\Local\IO Interactive. C:\Windows\red.dll C:\ProgramData\XMDMAY9U6Q31FMF8W1LH42B57 C:\Program Files (x86)\ZkWLQVWleOUU2 C:\ProgramData\GKRfdfPgktwkhHVB C:\Program Files (x86)\RKpoxZzTU C:\Windows\WMK.InstallState C:\Windows\InstallUtil.InstallLog C:\Windows\WMK.InstallLog C:\Users\Emre\AppData\Roaming\tor C:\Users\Emre\AppData\Roaming\wc C:\ProgramData\ntuser.pol C:\Program Files (x86)\PowerControl C:\Windows\system32\Tasks\PowerControl HR. C:\Windows\system32\Tasks\PowerControl LG. C:\Users\Emre\AppData\LocalLow\NVoMNg1904R.zip C:\Users\Emre\AppData\Roaming\ProfCleaner C:\Users\Emre\AppData\LocalLow\wT6wL5h C:\Users\Emre\AppData\Local\TheJengo C:\Users\Emre\AppData\Roaming\IO Interactive. C:\Users\Emre\Downloads\codex-hitman.3 (3).torrent C:\Windows\system32\Windows.Management.InprocObjects.dll C:\Users\Emre\Downloads\codex-hitman.3 (2).torrent C:\Users\Emre\Downloads\codex-hitman.3 (1).torrent C:\Users\Emre\Downloads\Hitman.3-CODEX C:\Users\Emre\Downloads\codex-hitman.3.torrent C:\Users\Emre\Downloads\f1644153599.zip C:\ProgramData\DP45977C.lfl C:\Users\Emre\AppData\Local\2636042875 C:\Users\Emre\AppData\Local\PUTTY.RND C:\Windows\SysWOW64\ForgiveMe.exe VirusTotal: C:\Windows\SysWOW64\ForgiveMe.exe C:\Users\Emre\Pictures\Adobe Films\ C:\Windows\system32\msln.exe C:\Program Files\ESET EmptyTemp: End::
BIOS güncel değil güncelleyin.
Bunu kullanınHocam ESET av removeri yüklerken bu sorunla karşılaşıyorum.
O verdiğimin altında bir link daha var onu gözden kaçırmayın. Eset tespit etmemiş tam verdiklerim yeterli olur.Hocam ESET av removeri yüklerken bu sorunla karşılaşıyorum.
O verdiğimin altında bir link daha var onu gözden kaçırmayın. ESET tespit etmemiş tam verdiklerim yeterli olur.
En kısa zamanda deneyeceğim hocam.