Görev yöneticisinde "tasketcurv" ve "taskwintuu" işlemleri

Recep Yıldırım

Recep Yıldırım

Hectopat
Katılım
10 Temmuz 2020
Mesajlar
561
Çözümler
2
Daha fazla  
Cinsiyet
Erkek
sdasfasf.PNG


Resimde gördüğünüz 2 .exe uzantılı dosyayı Malwarebytes backdoor.bot olarak algılıyor. Bunları karantinaya aldığım zaman yok olup gidiyorlar. Ancak bilgisayarı yeniden başlattığımda görev yöneticisinde yine çalıştıklarını görüyorum.

Bu dosyalar hakkında bilgisi olan var mı bunları nasıl yok edebilirim ?
 
Tarihe göre sırala Puana göre sırala
Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.14

Platform: x64 Windows 10 (Enterprise), 10.0.19043.1415 (ReleaseId: 2009, 21H1), Service Pack: 0
Time: 08.01.2022 - 13:22 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: Recep Can Yıldırım (group: Administrators) on RECEP, FirstRun: yes

Chrome: 97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
 1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 1 C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
 1 C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
 1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 1 C:\Program Files (x86)\Rampage Gaming Headset\Rampage Gaming Headset.exe
 1 C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
 1 C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
 1 C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
 10 C:\Program Files\Google\Chrome\Application\chrome.exe
 1 C:\Program Files\Riot Vanguard\vgtray.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
 1 C:\Users\Recep Can Yıldırım\Desktop\HiJackThis.exe
 1 C:\Windows\explorer.exe
 1 C:\Windows\servicing\TrustedInstaller.exe
 1 C:\Windows\System32\amdfendrsr.exe
 1 C:\Windows\System32\AudioDeviceService.exe
 2 C:\Windows\System32\csrss.exe
 1 C:\Windows\System32\ctfmon.exe
 2 C:\Windows\System32\dllhost.exe
 1 C:\Windows\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atieclxx.exe
 1 C:\Windows\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atiesrxx.exe
 1 C:\Windows\System32\dwm.exe
 2 C:\Windows\System32\fontdrvhost.exe
 1 C:\Windows\System32\lsass.exe
 1 C:\Windows\System32\MoUsoCoreWorker.exe
 2 C:\Windows\System32\RtkAudUService64.exe
 3 C:\Windows\System32\RuntimeBroker.exe
 1 C:\Windows\System32\SearchIndexer.exe
 1 C:\Windows\System32\SecurityHealthService.exe
 1 C:\Windows\System32\SecurityHealthSystray.exe
 1 C:\Windows\System32\services.exe
 1 C:\Windows\System32\SgrmBroker.exe
 1 C:\Windows\System32\sihost.exe
 1 C:\Windows\System32\smartscreen.exe
 1 C:\Windows\System32\smss.exe
 1 C:\Windows\System32\spoolsv.exe
 73 C:\Windows\System32\svchost.exe
 2 C:\Windows\System32\taskhostw.exe
 3 C:\Windows\System32\wbem\WmiPrvSE.exe
 1 C:\Windows\System32\wininit.exe
 1 C:\Windows\System32\winlogon.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
 1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1371_none_7e1bd7147c8285b0\TiWorker.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2020/12/26)
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O4-32 - HKLM\..\Run: [BCSSync] = C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4-32 - HKLM\..\Run: [Rampage Gaming Headset] = C:\Program Files (x86)\Rampage Gaming Headset\Rampage Gaming Headset.exe -boot
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avast Software (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2014669194-791579289-1044259415-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-2014669194-791579289-1044259415-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Task: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Task: AMDRyzenMasterSDKTask - C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe
O22 - Task: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Task: StartAUEP - C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartCNBM - C:\Program Files\AMD\CNext\CNext\cncmd.exe benchmark
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atiesrxx.exe
O23 - Service R2: AMD User Experience Program Data Uploader - (AUEPLauncher) - C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe
O23 - Service R2: AudioDeviceService - C:\WINDOWS\system32\AudioDeviceService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: KMService - C:\WINDOWS\system32\srvany.exe (file missing)
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe

--
End of file - Time spent: 16,8 sec. - 20114 bytes, CRC32: FFFFFFFF. Sign: �痛

Buraya tekrar kontrol yapıp attım.
 
Son düzenleyen: Moderatör:
Artı 0 Eksi

Benzer konular

looking4toprak
Görev yöneticisinde böcek
2
Mesaj
18
Görüntüleme
2.288
Murat5038
Murat5038
Daigo Tsuwabuki
Görev yöneticisinde adı ve yayıncısı bilinmeyen program
Mesaj
6
Görüntüleme
1.061
Ömer Emin
Ö
vazquezz
  • Soru
Virus görev yöneticisinde kaldırılmıyor
Mesaj
6
Görüntüleme
219
TwistyJead
TwistyJead
S
Görev yöneticisinde bilinmeyen uygulama
Mesaj
4
Görüntüleme
193
siyahekranmağduru
S
Ranchen
Görev yöneticisinde kapanmayan hizmet
Mesaj
5
Görüntüleme
531
Ranchen
Ranchen

Bu konuyu görüntüleyen kullanıcılar

Toplam: 2 (üye: 0, misafir: 2)

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı