Com Surrogate Dllhost XMRig virüsü

Murat5038 · 14 Kasım 2021

blmhkn dedi:
Sonuçlar burada bende log dosyasını incelicem bakalım nelerde sorun var yine de paylaşmak istedim buradada dediğiniz gibi yardım için teşekkürler.

Bunları fixleyin:

Kod:

O2-32 - HKLM\..\BHO: IObit Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O10 - Unknown file in Winsock LSP: C:\Windows\system32\nlansp_c.dll
O22 - Task: (disabled) \ASUS\ArmouryAIOFanServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
O22 - Task: (disabled) \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
O22 - Task: (disabled) \ASUS\ASUSUpdateTaskMachineCore1d7d74cd17bb6ea - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WindowsBackup\AutomaticBackup - C:\Windows\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (Microsoft)
O22 - Task: (disabled) GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: (disabled) NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
O22 - Task: (disabled) NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task: (disabled) NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: (disabled) Opera scheduled Autoupdate 1636672662 - C:\Users\bilim\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
O22 - Task: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler
O22 - Task: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
O22 - Task: \ASUS\NoiseCancelingEngine - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
O22 - Task: ASC_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task
O22 - Task: ASC_SkipUac_bilim - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac
O22 - Task: iTopVPN_Scheduler_bilim - C:\Program Files (x86)\iTop VPN\iTopVPN.exe /autostart
O22 - Task: iTopVPN_SkipUAC_bilim - C:\Program Files (x86)\iTop VPN\iTopVPN.exe /SkipUac
O22 - Task: iTopVPN_Update_bilim - C:\Program Files (x86)\iTop VPN\atud.exe /auto
O23 - Service R2: Chrome Uzaktan Masaüstü Hizmeti - (chromoting) - C:\Program Files (x86)\Google\Chrome Remote Desktop\96.0.4664.39\remoting_host.exe --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
O23 - Service R2: ROG Live Service - C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
O23 - Service S2: Advanced SystemCare Service 15 - (AdvancedSystemCareService15) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service S3: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc
O23 - Service S3: CAM Service - (CAMService) - C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\target\x86_64-pc-windows-msvc\release\service.exe
O26 - Tools: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath (default) = (no file)

Zararlı yok IOBİT yazılımlarını ve VPN kaldırın. Gereksiz Asus ve üretici yazılımlarını da kaldırın.

blmhkn · 14 Kasım 2021

Murat5038 dedi:

Bunları fixleyin:

Kod:

O2-32 - HKLM\..\BHO: IObit Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
O10 - Unknown file in Winsock LSP: C:\Windows\system32\nlansp_c.dll
O22 - Task: (disabled) \ASUS\ArmouryAIOFanServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AIOFanSDK\ArmouryAIOFanServer.exe
O22 - Task: (disabled) \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
O22 - Task: (disabled) \ASUS\ASUSUpdateTaskMachineCore1d7d74cd17bb6ea - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WindowsBackup\AutomaticBackup - C:\Windows\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (Microsoft)
O22 - Task: (disabled) GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: (disabled) NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
O22 - Task: (disabled) NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task: (disabled) NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: (disabled) Opera scheduled Autoupdate 1636672662 - C:\Users\bilim\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
O22 - Task: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler
O22 - Task: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
O22 - Task: \ASUS\NoiseCancelingEngine - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
O22 - Task: ASC_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task
O22 - Task: ASC_SkipUac_bilim - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac
O22 - Task: iTopVPN_Scheduler_bilim - C:\Program Files (x86)\iTop VPN\iTopVPN.exe /autostart
O22 - Task: iTopVPN_SkipUAC_bilim - C:\Program Files (x86)\iTop VPN\iTopVPN.exe /SkipUac
O22 - Task: iTopVPN_Update_bilim - C:\Program Files (x86)\iTop VPN\atud.exe /auto
O23 - Service R2: Chrome Uzaktan Masaüstü Hizmeti - (chromoting) - C:\Program Files (x86)\Google\Chrome Remote Desktop\96.0.4664.39\remoting_host.exe --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
O23 - Service R2: ROG Live Service - C:\Program Files (x86)\ASUS\ROG Live Service\ROGLiveService.exe
O23 - Service S2: Advanced SystemCare Service 15 - (AdvancedSystemCareService15) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service S3: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc
O23 - Service S3: CAM Service - (CAMService) - C:\Program Files\NZXT CAM\resources\app.asar.unpacked\node_modules\@nzxt\rust-cam\dist\target\x86_64-pc-windows-msvc\release\service.exe
O26 - Tools: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath (default) = (no file)

Zararlı yok IOBİT yazılımlarını ve VPN kaldırın. Gereksiz Asus ve üretici yazılımlarını da kaldırın.

yardımın için saol dostum bende senin yorumunla zararlı olmadıgına tamamen emin oldum asus hizmetlerini rgbleri ayarlama ve fan hızlarını ayarlamada vb işlerde kullanıyorum servis olarakta kapattım başlangıçta açılıp sistemi yormuyorlar ACS'yide servisler kapalı ihtiyacım oldugunda kulanıyorum ayda bir temizlik için disk birleştirme regedit çöp dosya temizleme işleri falan bence zararı olmaz ama illa gerek yok dersende önceden zaten kullanmıyordum eski bir xp hatırası benim için acs

Murat5038 · 15 Kasım 2021

blmhkn dedi:
ASC'yide servisler kapalı ihtiyacım oldugunda kullanıyorum ayda bir temizlik için disk birleştirme regedit çöp dosya temizleme işleri falan bence zararı olmaz ama illa gerek yok dersende önceden zaten kullanmıyordum eski bir XP hatırası benim için ASC

Kullanmayın CCleaner yeterli temizlik için veya disk temizleyici.

Com Surrogate Dllhost XMRig virüsü

Murat5038

Yottapat!

blmhkn

Hectopat

Murat5038

Yottapat!