sercansolmaz80
Kilopat
- Katılım
- 27 Aralık 2015
- Mesajlar
- 119
Daha fazla
- Cinsiyet
- Erkek
Merhaba. Benim şöyle bir sorunum var;
Bilgisayarımda ekran koruyucu adı altında yeni klasörler oluşturulmuş ve eski klasörler gizlenmiştir. Hiçbir uygulamaya erişemiyorum ve virüs hem C diskini hem de D diskini ele geçirmiş durumda(tabi bu bir virüs ise). Combofix ile tarattım ve şöyle bir şey elde ettim;
Ne olduğunu anlamadım, yardımcı olursanız sevinirim.
Bilgisayarımda ekran koruyucu adı altında yeni klasörler oluşturulmuş ve eski klasörler gizlenmiştir. Hiçbir uygulamaya erişemiyorum ve virüs hem C diskini hem de D diskini ele geçirmiş durumda(tabi bu bir virüs ise). Combofix ile tarattım ve şöyle bir şey elde ettim;
Kod:
ComboFix 15-12-24.01 - SERCAN 27.12.2015 11:23:14.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1254.90.1055.18.2046.1227 [GMT 2:00]
Running from: c:\users\SERCAN\Downloads\Programs\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\autorun.inf
C:\mpstk.exe
c:\program files (x86)\sXe Injected
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sXe Injected.txt
c:\program files (x86)\sXe Injected\sXe.dll
c:\program files (x86)\sXe Injected\uninstall.exe
c:\program files (x86)\sXe Injected\uninstall.ini
c:\windows\ippicd.log
c:\windows\lvrgqy.log
c:\windows\SysWow64\autoexec.bat
D:\Autorun.inf
J:\autorun.inf
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_pcCMService
.
.
((((((((((((((((((((((((( Files Created from 2015-11-27 to 2015-12-27 )))))))))))))))))))))))))))))))
.
.
2015-12-27 08:59 . 2015-12-27 08:59426----a-w-c:\program files (x86)\Autoexec.bat
2015-12-26 14:17 . 2015-12-26 14:17--------d-----w-c:\programdata\McAfee Security Scan
2015-12-26 14:17 . 2015-12-26 14:17--------d--h--w-c:\program files (x86)\McAfee Security Scan
2015-12-26 14:17 . 2015-12-26 14:17796864----a-w-c:\windows\SysWow64\FlashPlayerApp.exe
2015-12-26 14:17 . 2015-12-26 14:17142528----a-w-c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-12-26 14:17 . 2015-12-26 14:17--------d-----w-c:\windows\SysWow64\Macromed
2015-12-26 14:17 . 2015-12-26 14:17--------d-----w-c:\windows\system32\Macromed
2015-12-26 13:30 . 2015-12-26 13:30--------d-----w-c:\program files\CPUID
2015-12-26 11:48 . 2015-12-27 09:30--------d-----w-c:\users\SERCAN\AppData\Local\CrashDumps
2015-12-25 17:08 . 2015-12-25 17:08--------d-----w-c:\program files\ParkControl
2015-12-25 16:01 . 2015-12-25 16:01--------d-----w-c:\users\SERCAN\AppData\Local\Chromium
2015-12-24 15:26 . 2015-12-24 15:26--------d-----w-C:\NPE
2015-12-24 15:24 . 2015-12-24 16:11--------d-----w-c:\users\SERCAN\AppData\Local\NPE
2015-12-24 15:24 . 2015-12-24 15:24--------d-----w-c:\programdata\Norton
2015-12-13 13:52 . 2015-12-24 16:40--------d-----w-c:\program files\ESET
2015-12-13 13:35 . 2015-12-13 13:36--------d-----w-c:\program files\stinger
2015-12-13 13:31 . 2015-12-14 13:17--------d-----w-c:\program files\Common Files\McAfee
2015-12-13 13:31 . 2015-12-13 13:32--------d-----w-c:\programdata\McAfee
2015-12-10 16:09 . 2015-12-24 16:40--------d--h--w-c:\program files (x86)\Activision
2015-12-10 15:45 . 2015-12-10 15:45--------d-sh--w-c:\windows\ftpcache
2015-12-06 07:08 . 2006-03-17 12:49368640----a-w-c:\windows\SysWow64\TwnLib4.dll
2015-12-06 07:08 . 2006-03-17 09:45802816----a-w-c:\windows\SysWow64\imagXRA7.dll
2015-12-06 07:08 . 2006-03-17 09:45497296----a-w-c:\windows\SysWow64\imagXpr7.dll
2015-12-06 07:08 . 2006-03-17 09:45258048----a-w-c:\windows\SysWow64\imagXR7.dll
2015-12-06 07:08 . 2006-03-17 09:451757184----a-w-c:\windows\SysWow64\imagX7.dll
2015-12-06 07:08 . 2015-12-06 07:21--------d--h--w-c:\program files (x86)\Nero
2015-12-06 07:08 . 2015-12-06 07:08--------d-----w-c:\programdata\Nero
2015-12-06 07:08 . 2015-12-06 07:08--------d-----w-c:\program files (x86)\Common Files\Nero
2015-12-06 07:02 . 2015-12-06 07:19--------d-----w-c:\users\SERCAN\AppData\Roaming\Nero
2015-12-03 14:17 . 2015-12-03 14:17--------d-----w-c:\users\SERCAN\AppData\Roaming\ATI
2015-12-03 14:17 . 2015-12-03 14:17--------d-----w-c:\users\SERCAN\AppData\Local\ATI
2015-12-03 14:17 . 2015-12-03 14:17--------d-----w-c:\programdata\ATI
2015-12-03 14:16 . 2015-12-03 14:16--------d-----w-c:\programdata\AMD
2015-12-03 14:16 . 2015-12-03 14:16--------d--h--w-c:\program files (x86)\AMD AVT
2015-12-03 14:16 . 2015-12-03 14:16--------d--h--w-c:\program files (x86)\AMD APP
2015-12-03 14:16 . 2015-12-03 14:16--------d-----w-c:\program files\Common Files\ATI Technologies
2015-12-03 14:14 . 2015-12-03 14:16--------d-----w-c:\program files\ATI Technologies
2015-12-03 14:14 . 2015-12-03 14:14--------d-----w-c:\program files\ATI
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-12-02 16:04 . 2015-10-13 16:4148648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2015-11-19 13:02 . 2015-10-18 14:4148648----a-w-c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2015-10-13 16:41 . 2015-10-13 16:41524624----a-w-c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\ZyXEL .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Wolfteam .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows Sidebar .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows Portable Devices .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows Photo Viewer .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows NT .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows Media Player .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows Mail .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Windows Defender .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\VstPlugins .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\VirtualDJ .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\valve .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Uninstall Information .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\TTNET .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\sXe Injected .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Steam .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Serato .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Reference Assemblies .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\QuickTime .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Nero .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Native Instruments .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\MSBuild .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\MixMeister BPM Analyzer .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Microsoft.NET .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Microsoft Works .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Microsoft Visual Studio 8 .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Microsoft Visual Studio .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Microsoft Silverlight .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Microsoft Office .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\McAfee Security Scan .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Internet Explorer .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Internet Download Manager .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\InstallShield Installation Information .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Image-Line .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Google .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Freemake .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\DSPRobotics .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Common Files .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\ATI Technologies .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\ASIO4ALL v2 .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Apple Software Update .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\AMD AVT .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\AMD APP .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Adobe .scr
2012-09-20 19:10 . 2010-07-25 04:55106496------r-c:\program files (x86)\Activision .scr
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2015-08-28 3972688]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
.
c:\users\SERCAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Online.com [2012-9-20 106496]
Adobe update.com [2012-9-20 106496]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.11.266\SSScheduler.exe [2015-12-2 277920]
TTNET Akıllı Çubuk.lnk - c:\program files (x86)\TTNET\TTNET Akilli Çubuk\TTNET Akilli Cubuk.exe [2013-3-14 540288]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"FirewallOverride"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"UacDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 ATICDSDr;ATICDSDr;c:\users\SERCAN\AppData\Local\Temp\ATICDSDr.sys;c:\users\SERCAN\AppData\Local\Temp\ATICDSDr.sys [x]
R3 Disc Soft Lite Bus Service;Disc Soft Lite Bus Service;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe;c:\program files\DAEMON Tools Lite\DiscSoftBusService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.11.266\McCHSvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R3 xspirit;xspirit;c:\windows\xspirit.sys;c:\windows\xspirit.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtlitescsibus;DAEMON Tools Lite Virtual SCSI Bus;c:\windows\system32\DRIVERS\dtlitescsibus.sys;c:\windows\SYSNATIVE\DRIVERS\dtlitescsibus.sys [x]
S3 RTL8167;Realtek 8167 NT Sürücüsü;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-12-25 16:031073992----a-w-c:\program files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25 16:03]
.
2015-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-12-25 16:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2015-08-14 10:5225624----a-w-c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: IDM ile indir - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Microsoft Excel'e &Ver - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Tüm bağlantıları IDM ile indir - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 195.175.39.39 195.175.39.40
.
.
------- File Associations -------
.
scrfile=%1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ZyXEL MAP v2 - (no file)
AddRemove-FL Studio 11 - c:\program files (x86)\Image-Line\FL Studio 11\uninstall.exe
AddRemove-Raptr - c:\program files (x86)\Raptr\uninstall.exe
AddRemove-reFX Nexus_is1 - c:\users\SERCAN\Desktop\Uninstall Nexus\unins000.exe
AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1462065909-3546365151-270312791-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):60,af,2c,3f,0e,5d,72,b8,91,95,d6,e5,2d,01,7d,be,5d,5b,94,e1,85,
4b,78,40,d8,66,8d,26,5a,70,61,33,51,9c,75,08,11,72,60,8a,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-1462065909-3546365151-270312791-1000_Classes\Wow6432Node\CLSID\{83d05fbe-6dd0-4e54-a5d8-88c75900b6e3}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:0000014e
"Therad"=dword:0000000f
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\users\SERCAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Online.com
c:\users\SERCAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe update.com
.
**************************************************************************
.
Completion time: 2015-12-27 11:34:10 - machine was rebooted
ComboFix-quarantined-files.txt 2015-12-27 09:34
.
Pre-Run: 72.345.489.408 bayt boş
Post-Run: 73.126.408.192 bayt boş
.
- - End Of File - - D22A74245C5BEF8D438F07A6F125CB70
A36C5E4F47E84449FF07ED3517B43A31
