Rehber HijackThis Log Paylaşımı ve Çözümleri

bbora · 28 Şubat 2014

Bu yardımsever yaklaşımızdan dolayı tekrar sorun yaşadığımda danışacağım ilk yer siz olacaksınız, tekrardan teşekkür ederim. Söylediğiniz gibi Kaspersky ağır ve bundan dolayı bende kaldırdım zaten. Siz epey bilgili olduğunuz için genel pc güvenliği ve internet güvenliği için ne kullanmamı önerirsiniz? İstediğiniz linkleri aşağıda eklemiş bulunmaktayım.

Drivers for LENOVO - 20202 (IDEAPAD/Lenovo IdeaPad Z500- SKU:LENOVO_MT_20202) - Scan Result ANONYMOUS -

Скачать файл Report.htm. Скачать бесплатно и без регистрации с TurboBit.net

THE_MILLER · 28 Şubat 2014

Rica ederim. Avira Free 2014 kullanabilirsin. Sadece kurulum sırasında Avira toolbar ve gereksiz eklentilerini seçme. Yani dikkatli bir şekilde Avira'yı kur. https://www.avira.com/tr/download?product=avira-free-antivirus

En güncel driverların altta. Hepsini kurmalısın. Tüm işlemlerin ardından CCleaner ile süprüntü ve kayıt defteri temizliği gerçekleştirin.

Intel(R) Centrino(R) Wireless Bluetooth(R) 4.0 + High Speed Adapter
http://download.gigabyte.us/FileLis...-s11m-win8.1-64bit-bluetooth-3.1.1311.400.zip

Intel(R) HD Graphics 4000 http://download.lenovo.com/consumer/mobiles/ivga202w8164.exe

Intel(R) 7 Series Chipset Family SATA AHCI Controller http://download.gigabyte.us/FileList/Driver/slate-driver-s11m-win8.1-64bit-irst-12.9.0.1001.zip

Lenovo EasyCamera http://ftp.hp.com/pub/softpaq/sp64501-65000/sp64885.exe

Intel(R) Ekran ?�in Ses http://ftp.hp.com/pub/softpaq/sp65001-65500/sp65181.exe

Realtek High Definition Audio http://dlcdnet.asus.com/pub/ASUS/misc/audio/Realtek_Audio_Win8-1_VER7161.zip

Realtek PCIe FE Ailesi Denetleyici http://dlcdnet.asus.com/pub/ASUS/lan/Realtek_LAN_Win7-8-8-1_VER777_VER810_VER819.zip

Intel(R) Centrino(R) Wireless-N 2230 http://download.gigabyte.us/FileList/Driver/slate-driver-s11m-win8.1-64bit-wlan-16.8.0.6.zip

Intel(R) Management Engine Interface http://downloadcenter.samsung.com/content/DR/201312/20131228132920843/BASW-84047A24.ZIP

Intel(R) 7 Series/C216 Chipset Family USB Enhanced Host Controller http://download.lenovo.com/ibmdl/pub/pc/pccbbs/thinkcentre_drivers/t1chp01us17.exe

baris99988801 · 28 Şubat 2014

THE_MILLER dediklerinizi birer birer yaptım ancak HijackThis programından size gönderdiğim raporla temizlik yaptığım rapor farklı olabilir çünkü siz cevap yazmadan önce o programı kapatmıştım yani scan de gitmişti az önce bir daha scan yaptım yani o yüzden raporlar farklı olabilir AdWare temizliği falan da yaptım işte raporlar:
EmsisoftEmergencyKit:

Kod:

Emsisoft Acil Çantası - Sürüm 4.0En son güncelleme: 28.2.2014 18:43:08
Kullanıcı hesabı: baris\barış


Tarama ayarları:


Tarama türü: Derin Tarama
Nesneler: Rootkitler, Hafıza, İzler, C:\, X:\, Y:\


PİPs algılama: Açık
Tarama arşivi: Açık
ADS Tara: Açık
Dosya uzantısı filtresi: Kapalı
Gelişmiş önbelleğe alma: Açık
Doğrudan disk erişimi: Kapalı


Tarama başlangıcı:	28.2.2014 18:43:34
Key: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432NODE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} 	Algılandı: Application.AdGenie (A)
Key: HKEY_USERS\.DEFAULT\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	Algılandı: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-20\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	Algılandı: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-19\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	Algılandı: Application.AdGenie (A)
Key: HKEY_USERS\S-1-5-18\SOFTWARE\APPDATALOW\{5F189DF5-2D05-472B-9091-84D9848AE48B} 	Algılandı: Application.AdGenie (A)
C:\Program Files (x86)\GS Supporter\Browsafe_x64.dll 	Algılandı: Adware.Agent.NVA (B)
C:\Users\barış\AppData\Local\Apps\2.0\WM5BQ64X.38W\0WO5EAE5.X0W\cape..tion_80bb0f641fabf817_0001.0000_3d68901b1a33c560\Cape hack.exe 	Algılandı: Gen:Variant.Kazy.231468 (B)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000000 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000001 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000002 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000003 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000004 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000005 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000006 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000007 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000008 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000009 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000010 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000011 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000012 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000013 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000014 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000015 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\File System\002\t\00\00000016 	Algılandı: Application.Win32.InstallAd (A)
C:\Users\barış\AppData\Roaming\regman\regmanager.exe 	Algılandı: Trojan.GenericKD.1575390 (B)
C:\Users\barış\Desktop\Bilgisayarım\karşıdan yüklemeler\Mineofcrafts1.5.1indir.rar.exe 	Algılandı: Adware.Generic.562926 (B)
C:\Users\barış\Desktop\mod\Cape Hack.zip -> Cape Hack/Application Files/Cape hack_1_0_0_4/Cape hack.exe.deploy 	Algılandı: Gen:Variant.Kazy.231468 (B)
C:\Users\barış\Downloads\Cape Hack.zip -> Cape Hack/Application Files/Cape hack_1_0_0_4/Cape hack.exe.deploy 	Algılandı: Gen:Variant.Kazy.231468 (B)


Tarandı	226332
Bulundu	28


Tarama sonu:	28.2.2014 19:38:04
Tarama süresi:	0:54:30

AdWcleaner:

Kod:

# AdwCleaner v3.020 - Rapor olusturuldu 28/02/2014 tarihinde 18:18:37# Guncellendi 27/02/2014 tarafindan Xplode
# Isletim sistemi : Windows 8.1 Single Language  (64 bits)
# Kullanici adi : barış - BARIS
# Adwcleaner konumu : C:\Users\barış\Desktop\AdwCleaner.exe
# Tarama turu : Temizle


***** [ Servisler ] *****




***** [ Dosyalar / Klasorler ] *****


Klasor Silindi : C:\ProgramData\QuickSet
Klasor Silindi : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TornTV.com
Klasor Silindi : C:\Program Files (x86)\TornTV.com
Klasor Silindi : C:\Users\barış\AppData\Local\torch
Dosya Silindi : C:\Users\Public\Desktop\TornTV.lnk
Dosya Silindi : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk


***** [ Kisayollar ] *****




***** [ Registry ] *****


Registry Key Silindi : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Registry Key Silindi : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Registry Key Silindi : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Registry Key Silindi : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Registry Key Silindi : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Registry Key Silindi : HKCU\Software\1ClickDownload
Registry Key Silindi : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Registry Key Silindi : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Registry Key Silindi : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload


***** [ Tarayicilar ] *****


-\\ Internet Explorer v11.0.9600.16518




-\\ Mozilla Firefox v27.0.1 (tr)


[ Dosya : C:\Users\barış\AppData\Roaming\Mozilla\Firefox\Profiles\nhctfe6z.default\prefs.js ]




-\\ Google Chrome v31.0.1650.63


[ Dosya : C:\Users\barış\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [2725 octets] - [28/02/2014 18:17:20]
AdwCleaner[S0].txt - [2581 octets] - [28/02/2014 18:18:37]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2641 octets] ##########

HijackThis:

Kod:

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 20:39:02, on 28.2.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)


FIREFOX: 27.0.1 (tr)
Boot mode: Normal


Running processes:
C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Users\barış\Desktop\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.tr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\IPS\IPSBHO.DLL
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - Startup: shortcut.jar
O8 - Extra context menu item: Bluetooth cihazına gönder - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
O9 - Extra button: Bluetooth cihazına gönder - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O9 - Extra 'Tools' menuitem: Bluetooth cihazına gönder - {2F56DCAA-153B-4479-B4E2-547405B34FB9} - C:\Program Files (x86)\Intel\Bluetooth\btSendToPage.htm (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{9DAB1633-00FB-4985-A35E-E7D54BCD8DEE}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: Bluetooth Device Monitor - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola Solutions, Inc. - C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Depolama Teknolojisi (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: Intel(R) Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe


--
End of file - 10295 bytes

Bunları yaptım şimdi bilgisayar eski haline gelmiş midir?

THE_MILLER · 28 Şubat 2014

baris99988801;

Sonradan verdiklerimi fixleseniz de sorun olmaz. Altta verdiğim işlemleri gerçekleştirin. Bunun dışında Windows güncelleştirmeleri varsa gerçekleştirin. msconfig üzerinden kullanmadığınız hizmet ve uygulamaları devre dışı bırakın. Bütün işlemlerin ardından 1 gün sisteminizi kullanıp test edin. Ardından performans konusunda düzelme olup olmadığı hakkında bilgi verin.

Loading... bu adresten PureRa yazılımını indirip rardan çıkart masaüstüne atın. Sağ tıklayıp yönetici olarak çalıştırın. Next dedikten sonra Check All’ı seçip tüm kutucukları işaretle ardından clean tuşuna bas ve temizle.

http://www.wisecleaner.com/soft/WRCFree.zip Wise Registry Cleaner yazılımını indirip, kayıt defteri temizliği gerçekleştirin.

Disk birleştirmesi yapın. Windows disk birleştirici yerine daha etkili ve kısa sürede başarabilen Disk Defrag - Best Free Defrag Software For Your Hard Drive yazılımı kullanabilirsiniz.

C:\Windows\Prefetch klasörünün içindeki tüm dosyaları silin.

BATTLEFIELD ENGİN47 · 1 Mart 2014

Merhaba. Benim bilgisayarımda yavaşlama olduğunu fark ettim. Antivirüs programının belki silemediği virüsler var dedim. Bu programla virüsler varsa siler diye düşündüm. Bir deneyeyim dedim. Bilgisayarı ilk açtığımda windows'un hoşgeldiniz yazısından önce siyah ekran geliyor. Daha sonra hoşgeldiniz yazısı çıkıyor. Önceleri çıkmazdı.

Kod:

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 18:36:05, on 01.03.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)




Boot mode: Normal


Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\engın\Downloads\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\engın\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--
End of file - 9867 bytes

THE_MILLER · 1 Mart 2014

Merhaba BATTLEFIELD ENGİN47,

Sorun muhtemelen kullandığın optimizasyon yazılımının sistem ayarlarını bozması.

1) Altta verdiğim satırları fixleyin.

2) Tüm Iobit ürünlerini (Advanced System Care, Malware Fighter, Ad Block) kaldırın.

3) Java'yı https://www.technopat.net/forum/guvenlik/33149-javara-ile-sistemden-java-kaldirimi.html konudaki yönergeye uygun olmak üzere kaldırın.

4) https://www.technopat.net/forum/guvenlik/32754-adwcleaner-ile-reklam-temizligi.html Yönergeye uygun olarak temizlik yapıp oluşan raporu buraya ekleyin.

5) Downloads - SurfRight bu adresten Hitman Pro indirip, uygulamayı çalıştırın. Taratmadan önce options(settings) dan, lisans kısmına girip 30 günlük deneme sürümünü aktif edin.
Ardından tarama yapıp bulduklarını silin. Hitman Pro çok kısa sürede tarama yapar. Zararlı bulursa ekran görüntüsünün resmini alıp ekleyin.

6) Norton Power Eraser NPE ile tarama yapın. Rootkit varsa ekran görüntüsü alıp silin.

7) C:\Windows\Prefetch klasörünün içindeki tüm dosyaları silin.

8) Komut istemini yönetici olarak açıp sfc /scannow yazıp enterlayarak sistem onarımını başlatın. İşlem bitince bilgisayarınızı yeniden başlatın.

Son durumu bildirin.

Kod:

C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -  C:\Program Files (x86)\IObit\IObit Malware  Fighter\adsremoval\IE\Adblock.dll
O2 - BHO: Advanced SystemCare Browser Protection -  {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -  C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper -  {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files  (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe  "C:\Users\engın\AppData\Roaming\newnext.me\nengine.dll",EntryPoint  -m l
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
O9 - Extra button: SmarThru4 Web Capture -  {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture -  {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection -  {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection -  {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML -  {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML -  {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text -  {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text -  {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru  4\WebCapture.dll (HKCU)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe  Systems Incorporated - C:\Program Files (x86)\Common  Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200  (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101  (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media  Player\wmpnetwk.exe (file missing)

BATTLEFIELD ENGİN47 · 1 Mart 2014

Nerden bildiniz. Mesela drıver booster yazılımı var optimizasyon olarak.

Peki Advanced System Care yerine ne kurabilirim? Yarın sabah dediklerinizi yaparım. Çok teşekkürler. Size geri bildirim yapacağım.

Technogamer · 1 Mart 2014

BATTLEFIELD ENGİN47 dedi:
Nerden bildiniz. Mesela drıver booster yazılımı var optimizasyon olarak. Peki Advanced System Care yerine ne kurabilirim? Yarın sabah dediklerinizi yaparım. Çok teşekkürler. Size geri bildirim yapacağım.

CCleaner yeterli.

THE_MILLER · 1 Mart 2014

Sorununuz çözülene kadar optimizasyon yazılımı kurmayın. Raporda aktif uygulamalardan hangi yazılımların olduğu gözükmekte, ayrıca bu tür yazılımların verdiği zararların da bilincindeyim. Cengiz Han'ın da belirttiği gibi CCleaner'dan başka optimizasyon yazılımı kullanmayın.

BATTLEFIELD ENGİN47 · 2 Mart 2014

BATTLEFIELD ENGİN47 dedi:

Merhaba. Benim bilgisayarımda yavaşlama olduğunu fark ettim. Antivirüs programının belki silemediği virüsler var dedim. Bu programla virüsler varsa siler diye düşündüm. Bir deneyeyim dedim. Bilgisayarı ilk açtığımda windows'un hoşgeldiniz yazısından önce siyah ekran geliyor. Daha sonra hoşgeldiniz yazısı çıkıyor. Önceleri çıkmazdı.

Kod:

Logfile of Trend Micro HijackThis v2.0.5Scan saved at 18:36:05, on 01.03.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)




Boot mode: Normal


Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\engın\Downloads\HijackThis.exe


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\IPS\IPSBHO.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Ads Removal - {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} - C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\coIEPlg.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKCU\..\Run: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\engın\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
O4 - Global Startup: AirTies ADSL Hizmet Programı.lnk = ?
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files (x86)\SmarThru 4\WebCapture.dll (HKCU)
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Norton 360 (N360) - Symantec Corporation - C:\Program Files (x86)\Norton 360\Engine\21.1.0.18\N360.exe
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


--
End of file - 9867 bytes

AdwCleaner temizlemeden sonra oluşan raporu:

Kod:

# AdwCleaner v3.020 - Rapor olusturuldu 02/03/2014 tarihinde 10:54:57# Guncellendi 27/02/2014 tarafindan Xplode
# Isletim sistemi : Windows 7 Professional Service Pack 1 (64 bits)
# Kullanici adi : engın - ASUSBILGISAYAR
# Adwcleaner konumu : C:\Users\engın\Downloads\AdwCleaner.exe
# Tarama turu : Temizle


***** [ Servisler ] *****




***** [ Dosyalar / Klasorler ] *****


Klasor Silindi : C:\Program Files (x86)\Mobogenie
Klasor Silindi : C:\Users\engın\AppData\Local\genienext
Klasor Silindi : C:\Users\engın\AppData\Local\Mobogenie
Klasor Silindi : C:\Users\engın\AppData\Roaming\newnext.me
Klasor Silindi : C:\Users\engın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Klasor Silindi : C:\Users\engın\Documents\Mobogenie
Dosya Silindi : C:\Users\engın\Desktop\Mobogenie.lnk


***** [ Kisayollar ] *****




***** [ Registry ] *****


Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Registry Key Silindi : HKCU\Software\Softonic
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie


***** [ Tarayicilar ] *****


-\\ Internet Explorer v11.0.9600.16518




-\\ Google Chrome v33.0.1750.117


[ Dosya : C:\Users\engın\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [1615 octets] - [02/03/2014 10:52:14]
AdwCleaner[S0].txt - [1497 octets] - [02/03/2014 10:54:57]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1557 octets] ##########

- - - Güncellendi - - -

BATTLEFIELD ENGİN47 dedi:

AdwCleaner temizlemeden sonra oluşan raporu:

Kod:

# AdwCleaner v3.020 - Rapor olusturuldu 02/03/2014 tarihinde 10:54:57# Guncellendi 27/02/2014 tarafindan Xplode
# Isletim sistemi : Windows 7 Professional Service Pack 1 (64 bits)
# Kullanici adi : engın - ASUSBILGISAYAR
# Adwcleaner konumu : C:\Users\engın\Downloads\AdwCleaner.exe
# Tarama turu : Temizle


***** [ Servisler ] *****




***** [ Dosyalar / Klasorler ] *****


Klasor Silindi : C:\Program Files (x86)\Mobogenie
Klasor Silindi : C:\Users\engın\AppData\Local\genienext
Klasor Silindi : C:\Users\engın\AppData\Local\Mobogenie
Klasor Silindi : C:\Users\engın\AppData\Roaming\newnext.me
Klasor Silindi : C:\Users\engın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Klasor Silindi : C:\Users\engın\Documents\Mobogenie
Dosya Silindi : C:\Users\engın\Desktop\Mobogenie.lnk


***** [ Kisayollar ] *****




***** [ Registry ] *****


Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Registry Key Silindi : HKCU\Software\Softonic
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie


***** [ Tarayicilar ] *****


-\\ Internet Explorer v11.0.9600.16518




-\\ Google Chrome v33.0.1750.117


[ Dosya : C:\Users\engın\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [1615 octets] - [02/03/2014 10:52:14]
AdwCleaner[S0].txt - [1497 octets] - [02/03/2014 10:54:57]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1557 octets] ##########

Hıtman Pro raporu:

Kod:

PnkBstrK.sys 
C:/Users/AppData/Local/PunkBuster/BF3/pb/                      Şüpheli                  yoksay




pbcl.dll
C:Users/engin/Appdata/Local/PunkBuster/BF3pb/                  Şüpheli                  yoksay






pbcls.dll
C:Users/engin/Appdata/Local/PunkBuster/BF3/pb/                  Şüpheli                yoksay






SoftonicDownloader_for_magic-photo-editor.exe
C:/Users/engin/Downloads/                                       Malware                Karantina

- - - Güncellendi - - -

BATTLEFIELD ENGİN47 dedi:

AdwCleaner temizlemeden sonra oluşan raporu:

Kod:

# AdwCleaner v3.020 - Rapor olusturuldu 02/03/2014 tarihinde 10:54:57# Guncellendi 27/02/2014 tarafindan Xplode
# Isletim sistemi : Windows 7 Professional Service Pack 1 (64 bits)
# Kullanici adi : engın - ASUSBILGISAYAR
# Adwcleaner konumu : C:\Users\engın\Downloads\AdwCleaner.exe
# Tarama turu : Temizle


***** [ Servisler ] *****




***** [ Dosyalar / Klasorler ] *****


Klasor Silindi : C:\Program Files (x86)\Mobogenie
Klasor Silindi : C:\Users\engın\AppData\Local\genienext
Klasor Silindi : C:\Users\engın\AppData\Local\Mobogenie
Klasor Silindi : C:\Users\engın\AppData\Roaming\newnext.me
Klasor Silindi : C:\Users\engın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Klasor Silindi : C:\Users\engın\Documents\Mobogenie
Dosya Silindi : C:\Users\engın\Desktop\Mobogenie.lnk


***** [ Kisayollar ] *****




***** [ Registry ] *****


Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\Mobogenie.exe
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Registry Key Silindi : HKCU\Software\Softonic
Registry Key Silindi : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mobogenie


***** [ Tarayicilar ] *****


-\\ Internet Explorer v11.0.9600.16518




-\\ Google Chrome v33.0.1750.117


[ Dosya : C:\Users\engın\AppData\Local\Google\Chrome\User Data\Default\preferences ]




*************************


AdwCleaner[R0].txt - [1615 octets] - [02/03/2014 10:52:14]
AdwCleaner[S0].txt - [1497 octets] - [02/03/2014 10:54:57]


########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1557 octets] ##########

- - - Güncellendi - - -

Hıtman Pro raporu:

Kod:

PnkBstrK.sys 
C:/Users/AppData/Local/PunkBuster/BF3/pb/                      Şüpheli                  yoksay




pbcl.dll
C:Users/engin/Appdata/Local/PunkBuster/BF3pb/                  Şüpheli                  yoksay






pbcls.dll
C:Users/engin/Appdata/Local/PunkBuster/BF3/pb/                  Şüpheli                yoksay






SoftonicDownloader_for_magic-photo-editor.exe
C:/Users/engin/Downloads/                                       Malware                Karantina

Hitman proyu web kameramın DVD'si kırıldığı için yazılımını yükleyemedim yazılım yüklenseydi raporun görüntüsünü yollayacaktım. O yüzden yazarak kod halinde gönderdim.

Rehber HijackThis Log Paylaşımı ve Çözümleri

Ayrıntılı düzenleme

HiJackThis

bbora

Hectopat

THE_MILLER

Petapat

baris99988801

Hectopat

THE_MILLER

Petapat

BATTLEFIELD ENGİN47

Kilopat

THE_MILLER

Petapat

BATTLEFIELD ENGİN47

Kilopat

Technogamer

Ziyaretçi

THE_MILLER

Petapat

BATTLEFIELD ENGİN47

Kilopat

Benzer konular

Technopat Haberler

Yeni konular

Yeni mesajlar

Gizliliğinize önem veriyoruz