Rehber HijackThis Log Paylaşımı ve Çözümleri

1543056134722.png


Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.



Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...
www.technopat.net www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

1543056459730.png


4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

1543053000396.png


5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
1543053111358.png


6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

1543053449185.png



*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

1543053710016.png

Kod'a tıklayın.

1543053809056.png


Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.
1543054420492.png
 
Son düzenleme:
Genişletmek için tıkla...
Arrandale0 dedi:
Bir sorun olmadığına gör "backups" klasörünü silmeli miyim?
Genişletmek için tıkla...
Sorund evam etmiyorsa zararlı da gözükmediği için size kalmış. Disk temizleme aracını çalıştırın Windows'un onunla da temizlik yapın.
 
Hocam merhaba umarım kod kısmını yanlış yapmamışımdır. Ben Başlangıçta "Setuplauncher" nedir? konusunu açmıştım sizin dediğinizi biraz geç yaptım kusura bakmayın müsait olamadım. Yani bunu atmamın nedeni malware şüphesidir.
Not: 1.5 yıl önce CMD ile KMS etkinleştirmiştim sonra buradaki rehbere göre CMD'ye kod yazarak sildim sanırım. Ayrıca 1 yıla yakın bir süredir Kaspersky Security Cloud kullanmaktayım. Şimdiden teşekkür ederim.


[CODE title="Raporlar"]Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 01:47:54, on 19.07.2021
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.0001)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\GlassWire\GWIdlMon.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\GlassWire\GlassWire.exe
C:\Program Files (x86)\Rampage Audio7.1\Rampage Audio7.1.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
C:\Users\İbrahim Zorbey\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\91.0.864.70\BHO\ie_to_edge_bho.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [Rampage Audio7.1] "C:\Program Files (x86)\Rampage Audio7.1\Rampage Audio7.1.exe" -boot
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [Ultimate KB-R96] "C:\Program Files\RampageKeyboard\Ultimate KB-R96.exe" /startup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\İbrahim Zorbey\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\İbrahim Zorbey\AppData\Local\Discord\Update.exe --processStart Discord.exe
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [FACEIT] "C:\Users\İbrahim Zorbey\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
O4 - HKCU\..\Run: [Opera GX Browser Assistant] C:\Users\İbrahim Zorbey\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
O4 - HKCU\..\Run: [EnlistedLauncher] "C:\Users\İbrahim Zorbey\AppData\Local\Enlisted\launcher.exe"
O4 - HKCU\..\Run: [LGHUB] "C:\Program Files\LGHUB\lghub.exe" --background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{d654b0b8-5bba-4e2b-a314-6d3596a90679}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AudioDeviceService - Unknown owner - C:\Windows\system32\AudioDeviceService.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Hizmeti 21.3 (AVP21.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_6d43d - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: EasyAntiCheat - Epic Games, Inc - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Epic Online Services (EpicOnlineServices) - Epic Games, Inc. - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service: FACEITService - Unknown owner - C:\Program Files\FACEIT AC\faceitservice.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA FrameView SDK service (FvSvc) - NVIDIA - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
O23 - Service: GlassWire Control Service (GlassWire) - SecureMix LLC - C:\Program Files (x86)\GlassWire\GWCtlSrv.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\91.0.4472.164\elevation_service.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro Scheduler (HitmanProScheduler) - SurfRight B.V. - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Volume Shadow Copy Service Bridge 21.3 (klvssbridge64_21.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe
O23 - Service: Kaspersky VPN Secure Connection Hizmeti 5.3 (KSDE5.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
O23 - Service: LGHUB Updater Service (LGHUBUpdaterService) - Logitech, Inc. - C:\Program Files\LGHUB\lghub_updater.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_4a746d937e6a7240\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: Rockstar Game Library Service (Rockstar Service) - Rockstar Games - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: Uncheater for BattleGroundsLite_SE (uncheater_bgl) - Wellbia.com Co., Ltd. - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: vgc - Riot Games, Inc. - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11313 bytes[/CODE]
 
Bunları fixleyin:
Kod: 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [Rampage Audio7.1] "C:\Program Files (x86)\Rampage Audio7.1\Rampage Audio7.1.exe" -boot
O4 - HKLM\..\Run: [Ultimate KB-R96] "C:\Program Files\RampageKeyboard\Ultimate KB-R96.exe" /startup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\İbrahim Zorbey\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\İbrahim Zorbey\AppData\Local\Discord\Update.exe --processStart Discord.exe
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [FACEIT] "C:\Users\İbrahim Zorbey\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
O4 - HKCU\..\Run: [Opera GX Browser Assistant] C:\Users\İbrahim Zorbey\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
O4 - HKCU\..\Run: [EnlistedLauncher] "C:\Users\İbrahim Zorbey\AppData\Local\Enlisted\launcher.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
 
Murat5038 dedi:
Bunları fixleyin:
Kod: 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [Rampage Audio7.1] "C:\Program Files (x86)\Rampage Audio7.1\Rampage Audio7.1.exe" -boot
O4 - HKLM\..\Run: [Ultimate KB-R96] "C:\Program Files\RampageKeyboard\Ultimate KB-R96.exe" /startup
O4 - HKCU\..\Run: [OneDrive] "C:\Users\İbrahim Zorbey\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\İbrahim Zorbey\AppData\Local\Discord\Update.exe --processStart Discord.exe
O4 - HKCU\..\Run: [EpicGamesLauncher] "C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe" -silent
O4 - HKCU\..\Run: [FACEIT] "C:\Users\İbrahim Zorbey\AppData\Local\FACEITApp\update.exe" --processStart "FACEIT.exe"
O4 - HKCU\..\Run: [Opera GX Browser Assistant] C:\Users\İbrahim Zorbey\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [GlassWire] "C:\Program Files (x86)\GlassWire\glasswire.exe" -hide
O4 - HKCU\..\Run: [EnlistedLauncher] "C:\Users\İbrahim Zorbey\AppData\Local\Enlisted\launcher.exe"
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
Genişletmek için tıkla...

Hocam Allah razı olasun teşekkür ederim :)
@Murat5038 Hocam kusura bakmayın biraz rahatsız ettim ama sadece merakımdan soruyorum. Bu fix checkedler neden böyle acaba. Dosya eksikliği falan mı dicem ama bilinen dosyalara da yapıyoruz bunu. Kısacası acaba fix checked ne işe yarıyor acaba ve büyük firmalar buna karşı bir yenilik getirmiyor mu.
 
Son düzenleme:
Bilgisayarımı abim kullanıyordu. Ekrana +18 kızlar çıkıyordu. Unlocker ile temizlemiş. Benim elime pc geçti cmd açılıp kapanıyor yeni sekmede reklam açılıyordu. Malwarebytes ile temizledim sorun çözüldü. Şimdide kamera çalışmıyor. En son kız arkadaşımla konuşmuştum. Sorun yoktu. Aygıt yöneticisinde kamera görünmüyor. Bilgisayarımda virüs var. Sorunu çözerseniz sevinirim.

Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform:  x64 Windows 8.1 (Home Single Language), 6.3.9600.18654, Service Pack: 0
Time:      22.07.2021 - 12:28 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Can    (group: Administrator) on CAN, FirstRun: yes

Firefox: 67.0.0.7075
Internet Explorer: 11.0.9600.18123
Default: "C:\Users\Can_2\AppData\Local\Programs\Opera\Launcher.exe" -noautoupdate -- "%1" (Opera Internet Browser)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
   1  C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplmv.exe
   1  C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Pub\PubPlatform.exe
   1  C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
   1  C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
   1  C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
   1  C:\Program Files\Windows Defender\MsMpEng.exe
   1  C:\Users\Can_2\Desktop\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  12  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostex.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.18384_none_fa1d93c39b41b41a\TiWorker.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = https://www.msn.com/?ocid=iehp
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}: [SuggestionsURL,SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - (no name)
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2261466 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2261466 - Yandex
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{59E9C8B1-74FD-4CB6-A815-9E96102F97BD}: [URL] = http://www.google.com/search?hl=tr&q={searchTerms} - Google
O1 - Hosts: 127.0.0.1 idnet.ua-corp.com
O1 - Hosts: 127.0.0.1 idnet.ua-corp.com
O1 - Hosts: 127.0.0.1 bandicam.com
O1 - Hosts: 127.0.0.1 cert.bandicam.com
O1 - Hosts: 127.0.0.1 ssl.bandicam.com
O1 - Hosts: 127.0.0.1 52.79.86.85
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/02/26)
O4 - HKCU\..\StartupApproved\Run: [DAEMON Tools Lite Automount] = C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun (2019/11/29)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2019/11/29)
O4 - HKCU\..\StartupApproved\Run: [Free Download Manager] = C:\Program Files\Softdeluxe\Free Download Manager\fdm.exe --hidden (2021/01/30)
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\Can_2\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (2020/08/20)
O4 - HKLM\..\StartupApproved\Run32: [AdobeCS6ServiceManager] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (2016/03/29)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2015/11/06)
O4 - HKLM\..\StartupApproved\Run32: [SwitchBoard] = C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (2016/03/29)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2016/03/29)
O4 - HKLM\..\StartupApproved\Run: [Seagull Drivers V3] = C:\Program Files\Seagull\Printer Drivers\Common\Seagull_DriverStartup.exe startup (2021/01/30)
O4 - HKLM\..\StartupApproved\Run: [WindowsDefender] = C:\Program Files\Windows Defender\MSASCuiL.exe  (file missing) (2017/05/31)
O4 - HKU\.DEFAULT\..\Run: [KSS] = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe autorun (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Download all links with IDM: (default) = C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Download with IDM: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O15 - Trusted Zone: *.localhost
O17 - DHCP DNS 1: 4.2.2.5 (Well-known DNS: Verizon / Level 3 Communications)
O17 - DHCP DNS 2: 4.2.2.6 (Well-known DNS: Verizon / Level 3 Communications)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E685196-55E9-41F1-B17A-7850E9E8DB72}: [NameServer] = 4.2.2.5 (Well-known DNS: Verizon / Level 3 Communications)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2E685196-55E9-41F1-B17A-7850E9E8DB72}: [NameServer] = 4.2.2.6 (Well-known DNS: Verizon / Level 3 Communications)
O21 - HKLM\..\ShellIconOverlayIdentifiers\            IDM Shell Extension: IDM Shell Extension - {CDC95B92-E27C-4745-A8C5-64A52A78855D} - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe C:\Windows\system32\invagent.dll,RunUpdate (Microsoft)
O22 - Task: Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 - C:\Program Files\Bitdefender Agent\WatchDog.exe repair (file missing)
O22 - Task: BlueStacksHelper - C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe -sr
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Scheduler.exe /scheduler
O22 - Task: Driver Booster SkipUAC (Can) - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\DriverBooster.exe /skipuac
O22 - Task: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\AutoUpdate.exe /auto
O22 - Task: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe
O22 - Task: Opera scheduled Autoupdate 1557003672 - C:\Users\Can_2\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1582724585 - C:\Users\Can_2\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Can_2\AppData\Local\Programs\Opera\assistant" $(Arg0)
O22 - Task: Synaptics TouchPad Enhancements - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - C:\Windows\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - C:\Windows\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshConfig (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshContent (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Windows\..\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe  -run
O23 - Service R3: Disc Soft Lite Bus Service - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: SwitchBoard - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\Windows\SysWOW64\GameMon.des -service



Debug information:

- 22.07.2021 12:28:11 - modMain2_CheckO25Item - #429 (ActiveX component can't create object) LastDllError = 0 Stady: 0

--
End of file - Time spent: 33,7 sec. - 20730 bytes, CRC32: FFFFFFFF. Sign: 边
 
Noodleyiyenkel dedi:
Bilgisayarımda virüs var. Sorunu çözerseniz sevinirim.
Genişletmek için tıkla...
Zararlı gözükmüyor. Çok fazla AV ve güvenlik yazılımı kullanmışssınız. Ayrıca sürücü bulucu kullanmışssınız o yüzden sorunlar yaşıyorsunuz. Zararlı kamerayı silmez.
Gereksiz AV ve güvenlik yazılımlarını kaldırın bunları da fixleyin kaldırdıktan sonra:
Kod: 
O4 - HKU\.DEFAULT\..\Run: [KSS] = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe autorun (file missing)
O4 - HKU\.DEFAULT\..\Run: [KSS] = O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe C:\Windows\system32\invagent.dll,RunUpdate (Microsoft)
O22 - Task: Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 - C:\Program Files\Bitdefender Agent\WatchDog.exe repair (file missing)
O22 - Task: BlueStacksHelper - C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe -sr
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Scheduler.exe /scheduler
O22 - Task: Driver Booster SkipUAC (Can) - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\DriverBooster.exe /skipuac
O22 - Task: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\AutoUpdate.exe /auto
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - C:\Windows\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - C:\Windows\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshConfig (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshContent (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
 
Murat5038 dedi:
Zararlı gözükmüyor. Çok fazla AV ve güvenlik yazılımı kullanmışssınız. Ayrıca sürücü bulucu kullanmışssınız o yüzden sorunlar yaşıyorsunuz. Zararlı kamerayı silmez.
Gereksiz AV ve güvenlik yazılımlarını kaldırın bunları da fixleyin kaldırdıktan sonra:
Kod: 
O4 - HKU\.DEFAULT\..\Run: [KSS] = C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan\kss.exe autorun (file missing)
O4 - HKU\.DEFAULT\..\Run: [KSS] = O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe C:\Windows\system32\invagent.dll,RunUpdate (Microsoft)
O22 - Task: Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 - C:\Program Files\Bitdefender Agent\WatchDog.exe repair (file missing)
O22 - Task: BlueStacksHelper - C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe -sr
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\Scheduler.exe /scheduler
O22 - Task: Driver Booster SkipUAC (Can) - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\DriverBooster.exe /skipuac
O22 - Task: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\8.2.0\AutoUpdate.exe /auto
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime - C:\Windows\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeReminderTime (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime - C:\Windows\system32\GWX\GWXUXWorker.exe /ScheduleUpgradeTime (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshConfig (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXConfigManager.exe /RefreshContent (file missing)
O22 - Task: \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B - C:\Windows\system32\GWX\GWXDetector.exe (file missing)
Genişletmek için tıkla...
Antivirüs kullanmıyorum ama log da öyle gözüküyor.

1627033377020.png



Bunları nasıl kaldıracağım. Kaldır diyorum. Denetim masasına atıyor.
 

Benzer konular

taylaan
HijackThis Log Paylaşımı
Mesaj
0
Görüntüleme
548
taylaan
taylaan
Niyazi Taşcı
Android Silinmeyen Trojan Virüsü Temizleme
Mesaj
5
Görüntüleme
5.687
quarest
quarest
Egeeymen
Kaspersky silinmeyen trojan
Mesaj
2
Görüntüleme
1.001
acv
A
B
Kaspersky Security Cloud trojan buldu
2 3
Mesaj
21
Görüntüleme
3.006
Murat5038
Murat5038
2
  • Makale
Rehber  Kaspersky Virus Removal Tool ile Zararlı Yazılım Temizliği
Mesaj
7
Görüntüleme
14.538
Windows 11 Bükücü
Windows 11 Bükücü

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı