Arp.exe ve Syshost.exe Cpu İşlemci Kasıyor Yüksek Kullanım

Kategori:Bilgisayar

Yayınlandığı Tarih:

Son Güncelleme: 15-10-2018

1 Yıldız2 Yıldız3 Yıldız4 Yıldız5 Yıldız (Henüz Yıldız Verilmedi!)
Loading...

Görev yöneticisinde Arp.exe ve Syshost.exe’nin gereksiz olarak CPU %100 yüksek oranda kullanarak meşgul ettiğini gördüyseniz Malware sorununuzun olduğunu söylemem gerekiyor. Ağ ile alakalı olan bu windows servislerini sürekli tetikleyen ve ağdaki aygıtlarınızın ip adreslerini istediği ve bunu sürekli yapmasından kaynaklanıyor diyebiliriz.

 

Arp ve Syshost İşlemci Kullanımı

Arp ve Syshost İşlemci Kullanımı

 

Arp ve Syshost İşlemci Kullanımı

Arp ve Syshost İşlemci Kullanımı

 

Arp.exe ve Syshost.exe Hataları Nasıl Çözülür:

Arp.exe ve Syshot.exe probleminin çözümü ise genelde değişebilmektedir. Ancak benim tecrübe ettiğim Combofix ve Malwarebytes Programları sayesinde bu sorunlarınızı girebilmektesiniz.

Yapmanız gereken bu programları Google üzerinden arayıp bilgisayarınıza indirmeniz ve taratmanız gerekmekte. Programlar otomatik olarak bu sorunlara sebep olan dosya, program veya servisleri tespit ederek bu problemleri ortadan kaldırmak için gerekli işlemleri kendileri otomatik olarak yerine getiriyor.

Sizin yapabileceğiniz ekstra şey ise bilgisayarınızda yüklü olan ve kullanmadığınız programları kaldırmak. Tüm çözüm yollarını denemenize rağmen hala problem çözülmüyor ise format atmaktan başka çareniz bulunmamakta. Çünkü arp.exe hatası genelde çözülememekte. Bunların haricinde ağınızdaki diğer cihazları devre dışı bırakmayı deniyebilirsiniz.

Ayrıca İnternete bağlanınca bu servisler kendiliğinden aktif olmakta PC internet bağlantınızı kestiğinizde ise bu servisler otomatik susmaktadır ancak bağlanınca tekrar başlıyor. Aşağıda Combofix ve MalwareBytes loglarını veriyorum.

Taramalar Sonrası Elde Ettiğim verileri kontrol edebilirsiniz:

Combofix Log Sonuçları

ComboFix 18-02-16.01 – User 17.02.2018 13:51:46.1.4 – x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1254.90.1055.18.3919.2413 [GMT 2:00]
Running from: d:\users\User\Downloads\ComboFix.exe
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\10608586449393011044
c:\programdata\10608586449393011044\0e950e00e627140ea404cb0e8218469f.ini
c:\programdata\10608586449393011044\73ecd09576ab61e0a404cb0e8218469f.ini
c:\programdata\10608586449393011044\81d0ddddd14b7f487dcfe4e4f340fc4c.ini
c:\programdata\10608586449393011044\f5dc0d0456a8eaf3a404cb0e8218469f.ini
c:\programdata\10608586449393011044\fabe6de3a4ead422a404cb0e8218469f.ini
c:\programdata\chrgsecure.exe
c:\programdata\msyermoqd.exe
c:\programdata\ntuser.pol
c:\programdata\sqlsearch.exe
c:\users\User\AppData\Roaming\csrss.exe
c:\users\User\AppData\Roaming\dclogs
c:\users\User\AppData\Roaming\dclogs\2015-04-21-3.dc
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\851 × 314 – facebookbilgi.net.URL
c:\users\User\AppData\Roaming\Microsoft\Windows\Recent\Legend_Online.url
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\wo@7.edu\bootstrap.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\wo@7.edu\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\wo@7.edu\content\bg.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\wo@7.edu\install.rdf
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\ysB@y.com\bootstrap.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\ysB@y.com\chrome.manifest
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\ysB@y.com\content\bg.js
c:\users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\extensions\staged\ysB@y.com\install.rdf
c:\users\User\AppData\Roaming\OpenCandy.dll
c:\users\User\AppData\Roaming\rundll32.exe
c:\users\User\AppData\Roaming\svchost.exe
c:\windows\My.ini
c:\windows\system\TUTIL32.DLL
c:\windows\SysWow64\Temp
c:\windows\SysWow64\Temp\Saltanat Mt2.stderr.log
c:\windows\SysWow64\Temp\Saltanat Mt2.stdout.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
——-\Service_syshost32
.
.
((((((((((((((((((((((((( Files Created from 2018-01-17 to 2018-02-17 )))))))))))))))))))))))))))))))
.
.
2018-02-17 11:49 . 2018-02-17 11:49 ——– d—–w- c:\program files (x86)\Microsoft Security Client
2018-02-17 11:49 . 2018-02-17 11:49 ——– d—–w- c:\program files\Microsoft Security Client
2018-02-17 11:49 . 2018-02-17 11:49 ——– d—–w- c:\program files (x86)\HomeDev
2018-02-17 11:48 . 2018-02-17 11:48 ——– d—–w- c:\program files (x86)\Tweaking.com
2018-02-17 11:19 . 2018-02-17 11:20 ——– d—–w- c:\program files\CCleaner
2018-02-17 11:09 . 2018-02-17 11:09 ——– d—–w- c:\windows\Migration
2018-02-17 10:44 . 2018-02-17 10:44 ——– d—–w- c:\program files\Defraggler
2018-02-17 10:44 . 2018-02-17 10:44 ——– d—–w- c:\programdata\ProductData
2018-02-17 10:44 . 2018-02-17 10:44 ——– d—–w- c:\program files (x86)\Common Files\IObit
2018-02-17 10:43 . 2018-02-17 10:43 ——– d—–w- c:\program files (x86)\IObit
2018-02-17 10:43 . 2018-02-17 10:51 ——– d—–w- c:\users\User\AppData\Roaming\IObit
2018-02-17 10:43 . 2018-02-17 10:44 ——– d—–w- c:\programdata\IObit
2018-02-17 10:07 . 2018-02-17 10:06 1142072 —-a-w- c:\windows\SysWow64\ucrtbase.dll
2018-02-17 10:07 . 2018-02-17 10:05 1001272 —-a-w- c:\windows\system32\ucrtbase.dll
2018-02-17 10:06 . 2018-02-17 10:06 ——– d—–w- c:\program files\Common Files\AVAST Software
2018-02-17 09:59 . 2018-02-17 09:59 ——– d—–w- c:\program files\AVAST Software
2018-02-17 08:27 . 2018-02-17 08:27 ——– d—–w- c:\users\User\AppData\Local\Trend Micro
2018-02-17 07:03 . 2018-02-17 07:03 ——– d—–w- c:\users\User\AppData\Local\Clarus
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-18 12:53 . 2015-03-18 12:47 6103040 —-a-w- c:\program files (x86)\GUTEB0A.tmp
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“{63EC5AEF-86B9-4188-AC5C-F23C6AFAA7AA}”=”c:\windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe” [2009-07-14 452608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
“ConsentPromptBehaviorAdmin”= 0 (0x0)
“ConsentPromptBehaviorUser”= 3 (0x3)
“EnableLUA”= 0 (0x0)
“EnableUIADesktopToggle”= 0 (0x0)
“PromptOnSecureDesktop”= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
“LoadAppInit_DLLs”=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
“aux1″=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@=”Service”
.
R0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
R2 IObitUnSvr;IObit Uninstaller Service;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe;c:\program files (x86)\IObit\IObit Uninstaller\IUService.exe [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvSnSht;DrvSnSht;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys;c:\program files (x86)\R-Drive Image\DrvSnSht64.sys [x]
R3 IUFileFilter;IUFileFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IUFileFilter.sys [x]
R3 IURegProcessFilter;IURegProcessFilter;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys;c:\program files (x86)\IObit\IObit Uninstaller\drivers\win7_amd64\IURegProcessFilter.sys [x]
R3 KCIRNET;CASIO Device Driver;c:\windows\system32\DRIVERS\kcirnet.sys;c:\windows\SYSNATIVE\DRIVERS\kcirnet.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys;c:\windows\SYSNATIVE\DRIVERS\netaapl64.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Ağ İnceleme;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 R-ImageDisk;R-ImageDisk;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys;c:\program files (x86)\R-Drive Image\R-ImageDisk64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys;c:\windows\SYSNATIVE\DRIVERS\teamviewervpn.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Etkinleştirme Teknolojileri Hizmeti;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0102.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S2 AmmyyAdmin;Ammyy Admin;d:\users\User\Downloads\AA_v3.exe;d:\users\User\Downloads\AA_v3.exe [x]
S2 Beyaz Server;Beyaz Server;d:\dbserver\s4servic.exe;d:\dbserver\s4servic.exe [x]
S2 Beyaz ServerReport;Beyaz ServerReport;d:\dbserver\Server2\s4servic.exe;d:\dbserver\Server2\s4servic.exe [x]
S2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe;c:\program files (x86)\Cobian Backup 10\cbVSCService.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 hlusb;hlusb;c:\windows\system32\Drivers\hlusb.sys;c:\windows\SYSNATIVE\Drivers\hlusb.sys [x]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;c:\windows\system32\DRIVERS\InputFilter_FlexDef2b.sys;c:\windows\SYSNATIVE\DRIVERS\InputFilter_FlexDef2b.sys [x]
S3 RTL8167;Realtek 8167 NT Sürücüsü;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
— Other Services/Drivers In Memory —
.
*Deregistered* – 6c5838a5c6b90fda
.
.
——— X64 Entries ———–
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2018-01-25 15:01 2478864 —-a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
“MSC”=”c:\program files\Microsoft Security Client\msseces.exe” [2016-11-14 1353680]
.
——- Supplementary Scan ——-
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\system32\blank.htm
TCP: Interfaces\{D89B07B9-AD2E-4C74-8181-9D85C7866478}: NameServer = 195.175.39.49,195.175.39.50
.
– – – – ORPHANS REMOVED – – – –
.
Toolbar-Locked – (no file)
Wow6432Node-HKLM-Explorer_Run-799231980 – c:\programdata\msyermoqd.exe
Toolbar-Locked – (no file)
WebBrowser-{91397D20-1446-11D4-8AF4-0040CA1127B6} – (no file)
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} – (no file)
ShellIconOverlayIdentifiers-{E056AFDD-03E9-4D73-8D33-8FCCBCA73438} – (değer atanmamış)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySql]
“ImagePath”=”C:/mysql/bin/mysqld-nt.exe”
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySql]
“ImagePath”=”C:/mysql/bin/mysqld-nt.exe”
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\6c5838a5c6b90fda]
“ImagePath”=”\SystemRoot\System32\Drivers\6c5838a5c6b90fda.sys”
.
——————— LOCKED REGISTRY KEYS ———————
.
[HKEY_USERS\S-1-5-21-360893473-4113404845-4183880120-1000_Classes\Wow6432Node\CLSID\{03741890-77d8-49bf-9af6-3e8289901d65}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
“Model”=dword:00000159
“Therad”=dword:00000001
“MData”=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_USERS\S-1-5-21-360893473-4113404845-4183880120-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
“scansk”=hex(0):04,4c,23,d7,21,e7,48,81,a1,92,66,79,db,73,e9,01,67,9f,0e,27,1c,
0c,d8,60,b5,85,90,f8,ba,ca,88,9d,9c,f0,45,90,35,e3,bf,b7,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
“Solution”=”{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}”
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
“Key”=”ActionsPane3”
“Location”=”c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd”
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0\Alias]
@=””
“0”=”ActionsPane Schema for Add-Ins”
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
“SymbolicLinkValue”=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
———————— Other Running Processes ————————
.
c:\mysql\bin\mysqld-nt.exe
c:\program files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files (x86)\TeamViewer\TeamViewer_Service.exe
c:\program files (x86)\TeamViewer\TeamViewer.exe
c:\program files (x86)\TeamViewer\tv_w32.exe
c:\windows\SysWOW64\msiexec.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
.
**************************************************************************
.
Completion time: 2018-02-17 13:59:27 – machine was rebooted
ComboFix-quarantined-files.txt 2018-02-17 11:59
.
Pre-Run: 66.122.330.112 bayt boş
Post-Run: 64.676.544.512 bayt boş
.
– – End Of File – – 288ABF9C789CE1F4F7C5CE89AF6D579D
FEB476CEC61665F10D6A10B29C8171D6

 

MalwareBytes ile elde ettiğim veriler:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/18
Scan Time: 2:37 PM
Log File: 5b632972-13df-11e8-8619-20cf30c0e51c.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3976
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: server\User

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 282521
Threats Detected: 55
Threats Quarantined: 54
Time Elapsed: 6 min, 13 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 27
PUP.Optional.MultiPlug, HKU\S-1-5-21-360893473-4113404845-4183880120-1000_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarantined, [230], [247117],1.0.3976
PUP.Optional.MultiPlug, HKU\S-1-5-21-360893473-4113404845-4183880120-1000_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarantined, [230], [247117],1.0.3976
Adware.PennyBee, HKU\S-1-5-18\SOFTWARE\PennyBee, Quarantined, [97], [324206],1.0.3976
Adware.PennyBee, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PennyBeeW_RASAPI32, Quarantined, [97], [324205],1.0.3976
PUP.Optional.SuperOptimizer, HKU\S-1-5-18\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2303], [243667],1.0.3976
Adware.PennyBee, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PennyBeeW_RASMANCS, Quarantined, [97], [324205],1.0.3976
PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP, Quarantined, [8467], [240843],1.0.3976
PUP.Optional.OptimizerPro, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\OPTIMIZER PRO, Quarantined, [781], [241445],1.0.3976
PUP.Optional.InstallCore, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\PRODUCTSETUP, Quarantined, [2], [481004],1.0.3976
PUP.Optional.CrossBrowse, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\CrossBrowser, Quarantined, [6029], [237104],1.0.3976
PUP.Optional.DigitalSites, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\DSiteProducts, Quarantined, [790], [237780],1.0.3976
PUP.Optional.InstallCore, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\InstallCore, Quarantined, [2], [239563],1.0.3976
PUP.Optional.Tuto4PC, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\Tutorials, Quarantined, [59], [315308],1.0.3976
PUP.Optional.Tuto4PC, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\TutoTag, Quarantined, [59], [244265],1.0.3976
PUP.Optional.SuperOptimizer, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\APPDATALOW\{1146AC44-2F03-4431-B4FD-889BC837521F}, Quarantined, [2303], [243667],1.0.3976
PUP.Optional.IHProtect, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarantined, [12450], [239373],1.0.3976
PUP.Optional.PortalSepeti, HKLM\SOFTWARE\WOW6432NODE\portalsepeti, Quarantined, [2955], [191027],1.0.3976
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\supTab, Quarantined, [3260], [254403],1.0.3976
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\sweet-pageSoftware, Quarantined, [8353], [230757],1.0.3976
Adware.MoboGenie, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MobogenieAdd, Quarantined, [1154], [477441],1.0.3976
PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{4abaf598}, Quarantined, [230], [240969],1.0.3976
PUP.Optional.SuperOptimizer, HKLM\SOFTWARE\WOW6432NODE\{6791A2F3-FC80-475C-A002-C014AF797E9C}, Quarantined, [2303], [243672],1.0.3976
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Quarantined, [12237], [235414],1.0.3976
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Quarantined, [12237], [235414],1.0.3976
Adware.MoboGenie, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\MobogenieAdd, Quarantined, [1154], [477441],1.0.3976
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [8353], [233723],1.0.3976
PUP.Optional.PortalSepeti, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E921F400-D383-4B1B-9DE6-FCFCACFC1173}, Quarantined, [2955], [160639],1.0.3976

Registry Value: 10
PUP.Optional.MiuiTab, HKLM\SOFTWARE\WOW6432NODE\SUPDP|DIR, Quarantined, [8467], [240843],1.0.3976
Trojan.PowerShellSP.EncJob, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{63EC5AEF-86B9-4188-AC5C-F23C6AFAA7AA}, Removal Failed, [14719], [467529],1.0.3976
PUP.Optional.OptimizerPro, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\OPTIMIZER PRO|ADSBUYNOWURL, Quarantined, [781], [241445],1.0.3976
PUP.Optional.InstallCore, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\PRODUCTSETUP|TB, Quarantined, [2], [481004],1.0.3976
Trojan.Agent.MSDGen, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|799231980, Quarantined, [11498], [189400],1.0.3976
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DISPLAYNAME, Quarantined, [8353], [233723],1.0.3976
PUP.Optional.SweetPage.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, Quarantined, [8353], [233723],1.0.3976
Trojan.Agent.MSDGen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\RUN|799231980, Quarantined, [11498], [189400],1.0.3976
PUP.Optional.SupTab, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|PTID, Quarantined, [3260], [243702],1.0.3976
PUP.Optional.RussAd, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER|{91397D20-1446-11D4-8AF4-0040CA1127B6}, Quarantined, [9], [435197],1.0.3976

Registry Data: 1
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DEFAULTSCOPE, Replaced, [12048], [292819],1.0.3976

Data Stream: 0
(No malicious items detected)

Folder: 6
PUP.Optional.OptimizerPro, C:\USERS\USER\DOCUMENTS\OPTIMIZER PRO, Quarantined, [781], [241439],1.0.3976
PUP.Optional.PennyBee, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.2.0, Quarantined, [281], [178856],1.0.3976
PUP.Optional.PennyBee, C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\ICSHARPCODE.NET\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw, Quarantined, [281], [178856],1.0.3976
PUP.Optional.SpeedFox, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\jetpack\jid1-uabu5A9hduqzCw@jetpack\simple-storage, Quarantined, [8472], [179780],1.0.3976
PUP.Optional.SpeedFox, C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\221YSZ2O.DEFAULT\JETPACK\JID1-UABU5A9HDUQZCW@JETPACK, Quarantined, [8472], [179780],1.0.3976
PUP.Optional.ASPackage, C:\USERS\USER\APPDATA\ROAMING\ASPACKAGE, Quarantined, [5315], [181992],1.0.3976

File: 11
PUP.Optional.OptimizerPro, C:\USERS\USER\DOCUMENTS\OPTIMIZER PRO\COOKIESEXCEPTION.TXT, Quarantined, [781], [241439],1.0.3976
PUP.Optional.PennyBee, C:\Windows\SysWOW64\config\systemprofile\AppData\Local\ICSharpCode.net\PennyBeeW.exe_Url_pdfsfuhjvq2z1tkl01mfogi3g1cr2hhw\1.0.2.0\user.config, Quarantined, [281], [178856],1.0.3976
PUP.Optional.SpeedFox, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\221ysz2o.default\jetpack\jid1-uabu5A9hduqzCw@jetpack\simple-storage\store.json, Quarantined, [8472], [179780],1.0.3976
Trojan.Agent.E.Generic, C:\USERS\USER\APPDATA\ROAMING\rundll3.exe, Quarantined, [1023], [363231],1.0.3976
PUP.Optional.MultiPlug, C:\USERS\HILAY\NTUSER.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\USERS\USER\NTUSER.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.MultiPlug, C:\WINDOWS\SYSTEM32\GROUPPOLICY\USER\REGISTRY.POL, Quarantined, [230], [-1],0.0.0
PUP.Optional.OpenCandy, C:\USERS\USER\APPDATA\ROAMING\UTORRENT\UPDATES\3.4.3_40298.EXE, Quarantined, [476], [317290],1.0.3976
PUP.Optional.OpenCandy, C:\USERS\USER\APPDATA\ROAMING\UTORRENT\UTORRENT.EXE, Quarantined, [476], [317290],1.0.3976
Trojan.Injector.DL, C:\WINDOWS\SYSTEM32\OOBE\WDSCORE.DLL, Quarantined, [13421], [265273],1.0.3976
Backdoor.Agent.FSGen, C:\WINDOWS\INSTALLER\{F4CFCDE8-5F4D-E7BF-0E4C-A736ED6DC253}\SYSHOST.EXE, Quarantined, [6289], [85870],1.0.3976

Physical Sector: 0
(No malicious items detected)

(end)

 

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 2/17/18
Scan Time: 2:49 PM
Log File: 08c2e282-13e1-11e8-92d8-20cf30c0e51c.json
Administrator: Yes

-Software Information-
Version: 3.3.1.2183
Components Version: 1.0.262
Update Package Version: 1.0.3976
License: Trial

-System Information-
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: System

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 283020
Threats Detected: 5
Threats Quarantined: 5
Time Elapsed: 22 min, 14 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 0
(No malicious items detected)

Registry Value: 1
Trojan.PowerShellSP.EncJob, HKU\S-1-5-21-360893473-4113404845-4183880120-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|{63EC5AEF-86B9-4188-AC5C-F23C6AFAA7AA}, Quarantined, [14719], [467529],1.0.3976

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 0
(No malicious items detected)

File: 3
Rootkit.Necurs.R.64, C:\Windows\System32\drivers\6c5838a5c6b90fda.sys, Quarantined, [15045], [200000216],0.0.0
RiskWare.Tool.HCK, C:\USERS\USER\DESKTOP\PRORAMLAR\UNIVERSALTERMSRVPATCH-X64.EXE, Quarantined, [1989], [66010],1.0.3976
RiskWare.Tool.HCK, C:\USERS\USER\DESKTOP\PRORAMLAR\UNIVERSALTERMSRVPATCH-X86.EXE, Quarantined, [1989], [66010],1.0.3976

Physical Sector: 1
Rootkit.Pitou.C.MBR, 0, Replace-on-Reboot, [14991], [200000107],0.0.0

(end)

 

Sitemizde Yayımlanan İçeriklerin Artması, Daha Çok Sorun Çözümü ve İpucu Görmek İçin Katkıda Bulunabilirsiniz...
1Afo39vmUHdMPNfkxhCKaJW31ykdshxLSm

BTC: 1Afo39vmUHdMPNfkxhCKaJW31ykdshxLSm

Kimler Neler Demiş?

avatar
  Abone Ol!  
Bildir!