Program Fileas virüsü

daradevil124 · 27 Ağustos 2014

Arkadaşlar C:\ProgramFileas böyle bir klasör var. Sistemimde yanlış yazılmamış tabii ki büyük ihtimal virüs içinde.

winlogoon.exe

deleter.exe

windowsdefeander.exe

svchoost.exe

Yukarıdakilerin hiç biri yanlış yazılmamıştır. Klasör içindekiler bunlar. Nedir bunlar?
Nasıl kaldırabilirim?

btk51 · 27 Ağustos 2014

Malwarebytes Anti-Malware ile bir tarama yap, bunu uygula;

HijackThis Log Paylaşımı ve Çözümleri | Technopat Sosyal

daradevil124 · 27 Ağustos 2014

,

btk51 dedi:
Malwarebytes Anti-Malware ile bir tarama yap,

Şimdi deneyeceğim önerinizi.

THE_MILLER · 27 Ağustos 2014

Düzelmez ise usbyi boot edip USB'den Çalışan Virüs Tarama Araçları | Technopat Sosyal ile taratıp temizleyin.

daradevil124 · 27 Ağustos 2014

USB kullanmıyorum, ayrıca USB Disk Security adlı yazılımı kullanmaktayım. Şuan Malwarebytes Anti-Malware tehdit taraması yapıyor ve aşağıdaki virüsleri buldu;

Buda HijackThis log dosyası;

Kod:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 14:36:30, on 27.8.2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17239)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\USB Disk Security\USBGuard.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Ahmet\Downloads\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsepeti.com/?bd=hp&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsepeti.com/?bd=hp&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.portalsepeti.com/?bd=ds&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.portalsepeti.com/?bd=ds&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [USB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
O4 - HKLM\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Keyboard Inf.] C:\Users\Ahmet\AppData\Roaming\WinRAR\svcchost.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [BitTorrent] C:\Users\Ahmet\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ahmet\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [winlogoon] C:\ProgramFileas\winlogoon.exe
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Keyboard Inf.] C:\Users\Ahmet\AppData\Roaming\WinRAR\svcchost.exe (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [BitTorrent] C:\Users\Ahmet\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Akamai NetSession Interface] "C:\Users\Ahmet\AppData\Local\Akamai\netsession_win.exe" (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [winlogoon] C:\ProgramFileas\winlogoon.exe (User '?')
O8 - Extra context menu item: IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Tüm bağlantıları IDM ile indir - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{39D47C41-44E6-4D71-A0F1-1F34C62116DD}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{39D47C41-44E6-4D71-A0F1-1F34C62116DD}: NameServer = 8.8.8.8,8.8.4.4
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Net Service Event Handler (Sed) - Navigation Co., Ltd. - C:\Users\Ahmet\AppData\Roaming\ntsvc\ntsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @oem15.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12050 bytes

btk51 · 27 Ağustos 2014

Bilgisayarda bayağı zararlı var, bulduklarını silin.

daradevil124 · 27 Ağustos 2014

THE_MILLER dedi:
...

Tam tamına 12 adet virüs buldu ve temizledi sanırım, bu arada öneriniz üzere ComboFix'i çalıştırmadım.
Tamamen silindiğinden nasıl emin olurum virüslerin? Ayrıca bugün ben kasanın yan kapaklarını açtım ve öyle çalıştırdım sistemi sizce bir performans artışı görülürmü? İşlemci sıcaklığı açısından.

THE_MILLER · 27 Ağustos 2014

Verdiğim satırları fixleyin. Arkadaşın belirttiği gibi MalwareBytes taramasını gerçekleştirin. AdwCleaner ile Reklam Temizliği | Technopat Sosyal Yönergeye göre uygulayın.
Zararlılar temizlenmez ise başta verdiğim linkten Kaspersky ile tarama yapın.

Kod:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsepeti.com/?bd=hp&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP5 0795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsepeti.com/?bd=hp&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP5 0795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.portalsepeti.com/?bd=ds&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2 EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675 c&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.portalsepeti.com/?bd=ds&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2 EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675 c&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Keyboard Inf.] C:\Users\Ahmet\AppData\Roaming\WinRAR\svcchost.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ahmet\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [winlogoon] C:\ProgramFileas\winlogoon.exe
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Keyboard Inf.] C:\Users\Ahmet\AppData\Roaming\WinRAR\svcchost.exe (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [BitTorrent] C:\Users\Ahmet\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Akamai NetSession Interface] "C:\Users\Ahmet\AppData\Local\Akamai\netsession_win.exe" (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [winlogoon] C:\ProgramFileas\winlogoon.exe (User '?')
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Net Service Event Handler (Sed) - Navigation Co., Ltd. - C:\Users\Ahmet\AppData\Roaming\ntsvc\ntsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

daradevil124 · 27 Ağustos 2014

THE_MILLER dedi:

Verdiğim satırları fixleyin. Arkadaşın belirttiği gibi MalwareBytes taramasını gerçekleştirin. AdwCleaner ile Reklam Temizliği | Technopat Sosyal Yönergeye göre uygulayın.
Zararlılar temizlenmez ise başta verdiğim linkten Kaspersky ile tarama yapın.

Kod:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsepeti.com/?bd=hp&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP5 0795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.portalsepeti.com/?bd=hp&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2EP5 0795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675c
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.portalsepeti.com/?bd=ds&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2 EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675 c&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.portalsepeti.com/?bd=ds&oem=101&uid=WDCXWD5000AAKX-00ERMA0_WD-WCC2 EP50795707957&version=2.0.0.998&pid=414031160&cs=8fb90cdb87bd319b51421365162d675 c&q={searchTerms}
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.linkzb.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:9666
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;
O2 - BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O3 - Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Keyboard Inf.] C:\Users\Ahmet\AppData\Roaming\WinRAR\svcchost.exe
O4 - HKCU\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ahmet\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
O4 - HKCU\..\Run: [winlogoon] C:\ProgramFileas\winlogoon.exe
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Keyboard Inf.] C:\Users\Ahmet\AppData\Roaming\WinRAR\svcchost.exe (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Advanced SystemCare 7] "C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCTray.exe" /Auto (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [BitTorrent] C:\Users\Ahmet\AppData\Roaming\BitTorrent\BitTorrent.exe /MINIMIZED (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Akamai NetSession Interface] "C:\Users\Ahmet\AppData\Local\Akamai\netsession_win.exe" (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup (User '?')
O4 - HKUS\S-1-5-21-1579340163-4240966726-2640441767-1001-{ED1FC765-E35E-4C3D-BF15-2C2 B11260CE4}-0\..\Run: [winlogoon] C:\ProgramFileas\winlogoon.exe (User '?')
O9 - Extra button: (no name) - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Extra 'Tools' menuitem: Classic IE Settings - {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Net Service Event Handler (Sed) - Navigation Co., Ltd. - C:\Users\Ahmet\AppData\Roaming\ntsvc\ntsvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

Satırları fixleyin derken nasıl yapacağım bunu açıklar mısınız?

Öneriniz üzerine AdwCleaner ile tarama yaptım ve hiç bir şey bulamamasına rağmen "Clean" tuşuna bastım ve yeniden başlattı sistemi.

AdwCleaner Log dosyası;

Kod:

# AdwCleaner v3.308 - Report created 27/08/2014 at 14:47:47
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1 Pro  (64 bits)
# Username : Ahmet - AHMET-PC
# Running from : C:\Users\Ahmet\Downloads\Programs\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Users\Ahmet\AppData\Local\Temp\Uninstall.exe
File Deleted : C:\Users\Ahmet\AppData\Roaming\Mozilla\Firefox\Profiles\sjx3ti5n.default\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lkemddiljapcmhicklfpcbpfffahfbja
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKCU\Software\6a6581bad46df4d9482675ff31d26bc4
Key Deleted : HKCU\Software\Softonic

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v

[ File : C:\Users\Ahmet\AppData\Roaming\Mozilla\Firefox\Profiles\sjx3ti5n.default\prefs.js ]


-\\ Google Chrome v36.0.1985.143

[ File : C:\Users\Ahmet\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
Deleted [Extension] : lkemddiljapcmhicklfpcbpfffahfbja

*************************

AdwCleaner[R0].txt - [1609 octets] - [27/08/2014 14:47:37]
AdwCleaner[S0].txt - [1508 octets] - [27/08/2014 14:47:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1568 octets] ##########

THE_MILLER · 27 Ağustos 2014

İlgili konuyu okursnaız ayrıntılı ulaşabilirsiniz. HijackThis Log Paylaşımı ve Çözümleri | Technopat Sosyal

Dediğim satırları tek tek işaretleyip Fixed tuşuna basacaksınız.

Kasayı açmak yerine ek fan takmanız önerilir, kasa açıkken daha çok toz birikebilir. Havalar çok sıcak olduğundan yaptım diyorsanız geçici olarak açık bırakın ama bu şekilde tavsiye edilmez.

Program Fileas virüsü

Ayrıntılı düzenleme

daradevil124

Kilopat

btk51

Hectopat

daradevil124

Kilopat

THE_MILLER

Petapat

daradevil124

Kilopat

btk51

Hectopat

daradevil124

Kilopat

THE_MILLER

Petapat

daradevil124

Kilopat

THE_MILLER

Petapat

Benzer konular

Technopat Haberler

Yeni konular

Yeni mesajlar

Gizliliğinize önem veriyoruz