Alt Tab yapınca çıkan "snake" nedir?

3-4 hafta önce IDM'ye işim düşmüştü, ücretsiz deneme bitti diye cracklı aradım. O zamandan beri galiba snake diye bir şey çıkmaya başladı, Alt Tab yapınca. Sonra satın aldım ama bayağı bir şey yükledim almadan önce. Geceleri de madencilik yapıyorum, winlogson diye bir şey çıkıyor. Görev yöneticisinde bazen 2-3 tane oluyor ve her biri 3.5-4 GB RAM kullanıyor hem madencilik performansını düşürüyorlar, hem oyunlarda takılmaya neden oluyorlar, çok RAM kullandığından dolayı. Daha önce bu tür şeyler olduğunu hatırlamıyorum bu 2'si neden oluyor böyle virüs müdür? Yardımcı olursanız sevinirim.

Alt Tab ekranındaki "snake" virüs mü?
Alt Tab ekranındaki "snake" virüs mü?
Alt Tab'da gözüken "Snake" virüs mü?

Büyük ihtimal virüs. O hizmetin orijinal adı "winlogon". KVRT ve Malwarebytes ile tarama yapmanı öneririm.

Forumda böyle bir yazı gördüm :
'''Snake Ransomware, Golang fidye yazılımında tipik olarak görülmeyen şaşırtmaca içerdiği bildirilen bir Golang fidye yazılımıdır. Bu kötü amaçlı yazılım, gölge kopyaları kaldıracak ve SCADA/ICS cihazları, sanal makineler, uzaktan yönetim araçları, ağ yönetim yazılımı ve diğerleriyle ilgili süreçleri öldürecektir. Bundan sonra, Windows sistem klasörleri ve çeşitli sistem dosyaları atlanırken, cihazdaki dosyaların şifrelenmesi başlar. Şifrelenmiş dosyalara rastgele 5 karakterlik bir dize eklenir. Bleeping Computer'a göre, bu fidye yazılımının hedeflenen bir makinedeki dosyaları şifrelemesi özellikle uzun zaman alıyor. Bu fidye yazılımının tek tek iş istasyonları yerine tüm ağı hedef aldığı bildiriliyor.'''

Buda hijackThis raporu.

Malwarebytes ücretsiz versiyonu ile tarattım. 1200 küsur şey buldu karantinaya al dedim ama sorun çözüldü mü bilmiyorum. Rapor karantinadan sonra alındı.

Furkan45 dedi:

Kod:Panoya kopyala

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.10

Platform:  x64 Windows 10 (Home), 10.0.19044.2006 (ReleaseId: 2009, 21H2), Service Pack: 0
Time:      17.09.2022 - 19:49 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    mfurk    (group: Administrators) on FURKAN, FirstRun: no

Chrome:  105.0.5195.127
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1 (Brave)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\arcai.com\aips.exe
   3  C:\Program Files (x86)\arcai.com\netcut_windows.exe
   1  C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler.exe
   1  C:\Program Files (x86)\BraveSoftware\Update\1.3.361.133\BraveCrashHandler64.exe
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\Common Files\Steam\SteamService.exe
   1  C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
   1  C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
   1  C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
   1  C:\Program Files (x86)\GAMEPOWER Audio 7.1\GAMEPOWER Audio 7.1.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Hotspot Shield\11.3.0\bin\cmw_srv.exe
   1  C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
   1  C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\CC_Engine_x64.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\MSI.CentralServer.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\True Color\MSI.True Color.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe
   1  C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControlEngine.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
   1  C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
   1  C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
   1  C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
   7  C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
   1  C:\Program Files (x86)\Steam\steam.exe
   1  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\Alienware\Alienware Command Center\AWCC.Background.Server.exe
   1  C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   3  C:\Program Files\LGHUB\lghub.exe
   1  C:\Program Files\LGHUB\lghub_agent.exe
   1  C:\Program Files\LGHUB\lghub_updater.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
   1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
   1  C:\Program Files\Microsoft SQL Server\MSSQL15.FURKAN\MSSQL\Binn\sqlceip.exe
   1  C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
   1  C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
   1  C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.5.0.0_x64__htrsf667h5kn2\AWCC.exe
   1  C:\Program Files\WindowsApps\DellInc.AlienwareCommandCenter_5.5.0.0_x64__htrsf667h5kn2\GameLibrary\GameLibraryAppService.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_4.66.9001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_4.66.9001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   2  C:\Windows\explorer.exe
   1  C:\Windows\runSW.exe
   1  C:\Windows\SwUSB.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\AudioDeviceService.exe
   1  C:\Windows\System32\audiodg.exe
   4  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\msiexec.exe
   1  C:\Windows\System32\rundll32.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  84  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\SysWOW64\WerFault.exe
   1  D:\İndirilenler\HiJackThis.exe
  26  E:\MSI Motherboard\Program\BraveSoftware\Brave-Browser\Application\brave.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 109.94.209.70 *.fitirl-repcks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlrepacks.in # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepacks.in # Fake FitGirl site
O1 - Hosts: 109.94.209.70 *.fitirl-repcks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitirl-repcks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.net # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlpack.site # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlpack.site # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlrepacks.co # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitirl-repcks.cc # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitirl-repcks.to # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirl-repack.com # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitirl-repcks.website # Fake FitGirl site
O1 - Hosts: 109.94.209.70 fitgirlrepack.games # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepacks.co # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitirl-repcks.cc # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitirl-repcks.to # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirl-repack.com # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitirl-repcks.website # Fake FitGirl site
O1 - Hosts: 109.94.209.70 ww9.fitirl-repcks.xyz # Fake FitGirl site
O1 - Hosts: 109.94.209.70 www.fitgirlrepack.games # Fake FitGirl site
O1 - Hosts: 109.94.209.70 *.fitirl-repcks.xyz # Fake FitGirl site
O1 - Hosts: 127.0.0.1 checkhost.local
O1 - Hosts: 109.94.209.70 fitgirl-repack.net # Fake FitGirl site
O1 - Hosts: 0.0.0.0 virustotal.com
O1 - Hosts: 0.0.0.0 www.virustotal.com
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_333\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_333\bin\ssv.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\Run: [AntiMalwareServiceExecutable] = C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe (file missing)
O4 - HKCU\..\Run: [Cortana] = C:\Program Files\WindowsApps\Microsoft.x64__8wekyb3gfdfdgd8bbwe\Cortana.exe (file missing)
O4 - HKCU\..\Run: [NvStray] = C:\Program Files\WindowsApps\Microsoft.x64__8wekyb3gfdfdgd8bbwe / file.exe (file missing)
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\Run: [WindowsDefender] = C:\Program Files\Windows Defender\MpCmdRun.exe
O4 - HKCU\..\Run: [WmiPrvSE] = C:\Windows\System32\wbem\WmiPrvSE.exe
O4 - HKCU\..\RunOnce: [Application Restart #1] = E:\MSI Motherboard\Program\BraveSoftware\Brave-Browser\Application\brave.exe --component-updater=url-source=https://go-updater.brave.com/extensions --disable-client-side-phishing-detection --disable-domain-reliability --enable-dom-distiller --lso-url=https://no-thanks.invalid --no-pings --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --profile-directory=Default --sync-url=https://sync-v2.brave.com/v2 --variations-insecure-server-url=https://variations.brave.com/seed --variations-server-url=https://variations.brave.com/seed --restore-last-session
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (file missing) (2020/11/16)
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2021/09/24)
O4 - HKCU\..\StartupApproved\Run: [LGHUB] = C:\Program Files\LGHUB\lghub.exe --background (2021/09/24)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_4C5D1B503E1C3FDCE2B71EE693D3BE65] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2022/06/23)
O4 - HKCU\..\StartupApproved\Run: [ut] = C:\Users\mfurk\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (2022/06/23)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\mfurk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk    ->    C:\Users\mfurk\AppData\Local\MEGAsync\MEGAsync.exe (2020/11/13)
O4 - HKLM\..\StartupApproved\Run32: [Wraith Prism] = C:\Program Files (x86)\AMD Wraith\Wraith Prism\Wraith Prism HID.exe (2020/11/16)
O4 - Startup: C:\Users\mfurk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GAMEPOWER Audio 7.1.lnk    ->    C:\Program Files (x86)\GAMEPOWER Audio 7.1\GAMEPOWER Audio 7.1.exe
O4 - Startup: C:\Users\mfurk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech G HUB.lnk    ->    C:\Program Files (x86)\LGHUB\lghub.exe
O4 - Startup: C:\Users\mfurk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MSI Afterburner.lnk    ->    C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
O4-32 - HKLM\..\Run: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
O4-32 - HKLM\..\Run: [GAMEPOWER Audio 7.1] = C:\Program Files (x86)\GAMEPOWER Audio 7.1\GAMEPOWER Audio 7.1.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = D:\İndirilenler
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = D:\İndirilenler
O7 - TroubleShooting: (EV) HKLM\..\Environment: [PSModulePath] = %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\Microsoft SQL Server\150\Tools\PowerShell\Modules\
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Tüm bağlantıları IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O15 - Trusted Zone: https://demok-files.sharepoint.com
O15 - Trusted Zone: https://demok-myfiles.sharepoint.com
O15 - Trusted Zone: https://ogrenciselcukedutr-files.sharepoint.com
O15 - Trusted Zone: https://ogrenciselcukedutr-myfiles.sharepoint.com
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{94e7dbba-ab28-4da1-8a85-2f26cf4ade09}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{94e7dbba-ab28-4da1-8a85-2f26cf4ade09}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Users\mfurk\AppData\Local\MEGAsync\ShellExtX64.dll
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AntiMalwareSericeExecutable (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Brave sekme (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\S-1-5-21-1787072332-1420159299-3796103693-1001\EnterpriseMgmt (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SettingSysHost (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WindowsDefenderServices (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-1787072332-1420159299-3796103693-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Brave\Brave - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave10 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave2 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave3 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave4 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave5 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave6 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave7 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave8 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \Brave\Brave9 - C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
O22 - Task: (disabled) \HardDiskSentinel\Hard Disk Sentinel_mfurk - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe /AUTORUN
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) AMDAutoUpdate - C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe
O22 - Task: (disabled) OneDrive Standalone Update Task-S-1-5-21-1787072332-1420159299-3796103693-500 - C:\Users\mfurk\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: (disabled) Opera scheduled assistant Autoupdate 1604667704 - C:\Users\mfurk\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\mfurk\AppData\Local\Programs\Opera\assistant" $(Arg0)
O22 - Task: (disabled) Optimize Push Notification Data File-S-1-5-21-1787072332-1420159299-3796103693-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\Windows\System32\wpninprc.dll
O22 - Task: (disabled) ThunderMaster - C:\Program Files\Thunder Master\ThPanel.exe /A
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: \AWCC\Update - C:\Program Files (x86)\"InstallShield Installation Information\{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}\Update\IMSilentUpdate.exe" (file missing)
O22 - Task: \MEGA\MEGAsync Update Task S-1-5-21-1787072332-1420159299-3796103693-1001 - C:\Users\mfurk\AppData\Local\MEGAsync\MEGAupdater.exe
O22 - Task: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft)
O22 - Task: \Microsoft\VisualStudio\Updates\BackgroundDownload - C:\Program Files (x86)\Microsoft Visual Studio\Installer.bcc70354cd764b8dad882f0b31cb8db1\resources\app\ServiceHub\Services\Microsoft.VisualStudio.Setup.Service\BackgroundDownload.exe (file missing)
O22 - Task: \Microsoft\Windows\EnterpriseMgmtNonCritical\6C116B0F-967D-47EB-A50F-D8506C45C00B\Queued Schedule created for queued alerts - C:\Windows\system32\deviceenroller.exe /o "6C116B0F-967D-47EB-A50F-D8506C45C00B" /c /q (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: BraveSoftwareUpdateTaskMachineCore - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c
O22 - Task: BraveSoftwareUpdateTaskMachineUA - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: MSI Task Host - Detect_Monitor - C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_Monitor
O22 - Task: MSI Task Host - DisplayID - C:\Program Files (x86)\MSI\One Dragon Center\MSI.NotifyServer.exe Detect_DisplayID
O22 - Task: MSI Task Host - LEDKeeper2_Host - C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LEDKeeper2.exe
O22 - Task: MSI Task Host - MSI.True Color - C:\Program Files (x86)\MSI\One Dragon Center\True Color\MSI.True Color.exe
O22 - Task: MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s
O22 - Task: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O22 - Task: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-2969128202-2832941958-2339465502-500 - C:\Users\mfurk\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Opera scheduled Autoupdate 1604667702 - C:\Users\mfurk\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Overwolf Updater Task - C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule
O22 - Task: SamsungMagician - C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagician.exe /AUTOHIDE (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Arp Intelligent Protection Service - (AIPS) - C:\Program Files (x86)\arcai.com\aips.exe
O23 - Service R2: AudioDeviceService - C:\Windows\system32\AudioDeviceService.exe
O23 - Service R2: AWCCService - C:\Program Files\Alienware\Alienware Command Center\AWCC.Service.exe
O23 - Service R2: AzureAttestService - C:\Windows\system32\svchost.exe -k AzureAttestService; "ServiceDll" = C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll
O23 - Service R2: Dell Client Management Service - (DellClientManagementService) - C:\Program Files (x86)\Dell\UpdateService\ServiceShell.exe
O23 - Service R2: Folder Size - (FolderSize) - C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe
O23 - Service R2: Foxit Reader Update Service - (FoxitReaderUpdateService) - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitReaderUpdateService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_4.66.9001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_4.66.9001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: Hotspot Shield Service 11.3.0 - (hshld_11.3.0) - C:\Program Files (x86)\Hotspot Shield\11.3.0\bin\cmw_srv.exe
O23 - Service R2: LGHUB Updater Service - (LGHUBUpdaterService) - C:\Program Files\LGHUB\lghub_updater.exe --run-as-service
O23 - Service R2: LightKeeperService - C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\LightKeeperService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: MSI Central Service - (MSI_Central_Service) - C:\Program Files (x86)\MSI\One Dragon Center\MSI_Central_Service.exe
O23 - Service R2: MSI Voice Control Service - (MSI_VoiceControl_Service) - C:\Program Files (x86)\MSI\One Dragon Center\VoiceControl\VoiceControl_Service.exe
O23 - Service R2: MSI_Companion_Service - C:\Program Files (x86)\MSI\One Dragon Center\Game_Summary\MSI_Companion_Service.exe
O23 - Service R2: Mystic_Light_Service - C:\Program Files (x86)\MSI\One Dragon Center\Mystic_Light\Mystic_Light_Service.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_47917a79b8c7fd22\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_47917a79b8c7fd22\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: RealtekWlanU - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RtlService.exe
O23 - Service R2: RunSwUSB - C:\Windows\runSW.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service V2 - (ss_conn_service2) - C:\Program Files\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service R2: SQL Server Browser - (SQLBrowser) - C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
O23 - Service R2: SQL Server CEIP service (FURKAN) - (SQLTELEMETRY$FURKAN) - C:\Program Files\Microsoft SQL Server\MSSQL15.FURKAN\MSSQL\Binn\sqlceip.exe -Service FURKAN
O23 - Service R2: SQL Server CEIP service (MSSQLSERVER) - (SQLTELEMETRY) - C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlceip.exe -Service
O23 - Service R2: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc
O23 - Service S2: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S2: GameInput Service - C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Realtek DHCP Service - (RTLDHCPService) - C:\Program Files (x86)\Realtek\USB Wireless LAN Utility\RTLDHCP.exe
O23 - Service S2: rsAssistant - C:\Program Files\RAVAntivirus\rsAssistant.exe Files\RAVAntivirus\rsAssistant.exe (file missing)
O23 - Service S2: SamsungMagicianSVC - C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe (file missing)
O23 - Service S2: SQL Server (FURKAN) - (MSSQL$FURKAN) - C:\Program Files\Microsoft SQL Server\MSSQL15.FURKAN\MSSQL\Binn\sqlservr.exe -sFURKAN (file missing)
O23 - Service S2: SQL Server (MSSQLSERVER) - (MSSQLSERVER) - C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\sqlservr.exe -sMSSQLSERVER (file missing)
O23 - Service S2: SQL Server Agent (FURKAN) - (SQLAgent$FURKAN) - C:\Program Files\Microsoft SQL Server\MSSQL15.FURKAN\MSSQL\Binn\SQLAGENT.EXE -i FURKAN (file missing)
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\105.1.43.93\elevation_service.exe (file missing)
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe -start
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\105.0.5195.127\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: MagicianSVC - C:\Program Files (x86)\Samsung\Samsung Magician\SamsungMagicianSVC.exe (file missing)
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service
O23 - Service S3: Overwolf Updater Windows SCM - (OverwolfUpdater) - C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom SCM
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: SAMSUNG Mobile USB Connectivity Launcher - (ss_conn_launcher_service) - C:\Windows\System32\Samsung\EasySetup\ss_conn_launcher.exe
O23 - Service S3: SQL Server Agent (MSSQLSERVER) - (SQLSERVERAGENT) - C:\Program Files\Microsoft SQL Server\MSSQL15.MSSQLSERVER\MSSQL\Binn\SQLAGENT.EXE -i MSSQLSERVER (file missing)
O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
O23 - Service S3: Visual Studio Standard Collector Service 150 - (VSStandardCollectorService150) - E:\MSI Motherboard\Program\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe


--
End of file - Time spent: 8,3 sec. - 62458 bytes, CRC32: FFFFFFFF. Sign: ⣪쭭

Buda hijackThis raporu.

Malwarebytes ücretsiz versiyonu ile tarattım. 1200 küsur şey buldu karantinaya al dedim ama sorun çözüldü mü bilmiyorum. Rapor karantinadan sonra alındı.

Genişletmek için tıkla...

Bence bir de Kaspersky ile taratabilirsin son olarak.