Merhabalar,
Sistemde bir olaydan sonra (Oyun sırasında oyuna drop girip, seslerin gitmesi ve farenin kendi kendine hareket etmesi) internet bağlantısı kesilip, aynı sistem üzerinden ISO dosyası oluşturulup, format atılmıştır. Raporları inceleyebilir misiniz?
Sistem kullanım sırasında kardeşim, sistemdeydi, ben de şu an tam müdahale(inceleme) yapamıyorum. Neler yapması gerektiğini aktardım ve konuya ekletiyorum. Dosyalar format sonrası oluşturuldu, sizden ricam sadece bir zararlı yazılım olup olmadığı hakkında öneri sunmanız şimdiden teşekkürler. @Murat5038 @24099
Ek olarak ekleyim, bu olaylar yaşandığında sistemde Kaspersky Internet Security 2021 kuruluydu.
Sistemde bir olaydan sonra (Oyun sırasında oyuna drop girip, seslerin gitmesi ve farenin kendi kendine hareket etmesi) internet bağlantısı kesilip, aynı sistem üzerinden ISO dosyası oluşturulup, format atılmıştır. Raporları inceleyebilir misiniz?
Sistem kullanım sırasında kardeşim, sistemdeydi, ben de şu an tam müdahale(inceleme) yapamıyorum. Neler yapması gerektiğini aktardım ve konuya ekletiyorum. Dosyalar format sonrası oluşturuldu, sizden ricam sadece bir zararlı yazılım olup olmadığı hakkında öneri sunmanız şimdiden teşekkürler. @Murat5038 @24099
Desktop
MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com
Kod:
Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.10.0.6
Platform: x64 Windows 10 (Pro), 10.0.19043.1023 (ReleaseId: 2009), Service Pack: 0
Time: 08.06.2021 - 19:55 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: ApRa (group: Administrator) on DESKTOP-AEEFC9B, FirstRun: no
Chrome: 91.0.4472.77
Internet Explorer: 11.789.19041.0
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Steam\steamservice.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avp.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avpui.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\plugins_nms.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
2 C:\Program Files (x86)\Razer\Razer Services\Razer Central\CefSharp.BrowserSubprocess.exe
1 C:\Program Files (x86)\Razer\Razer Services\Razer Central\Razer Central.exe
1 C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
1 C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
1 C:\Program Files (x86)\Razer\Synapse3\UserProcess\Razer Synapse Service Process.exe
1 C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe
7 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 C:\Program Files (x86)\Steam\steam.exe
14 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11910.1002.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Users\ApRa\AppData\Local\Temp\xb2k.0\GSI.exe
1 C:\Users\ApRa\Downloads\GetSystemInfo6.2.1.13\GetSystemInfo6.2.1.13.exe
1 C:\Users\ApRa\Downloads\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
1 C:\Windows\System32\CompPkgSrv.exe
2 C:\Windows\System32\conhost.exe
1 C:\Windows\System32\CredentialEnrollmentManager.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1108979a670abe46\Display.NvContainer\NVDisplay.Container.exe
2 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
65 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
O4 - HKCU\..\Run: [Spotify] = C:\Users\ApRa\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\Run: [Synapse3] = C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized
O4 - HKLM\..\StartupApproved\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe -background (2021/06/08)
O4 - HKU\S-1-5-18\..\Run: [Synapse3] = C:\Program Files (x86)\Razer\Synapse3\WPFUI\Framework\Razer Synapse 3 Host\Razer Synapse 3.exe /StartMinimized (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [HttpAcceptLanguageOptOut] = C:\Windows\system32\REG.exe ADD "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /f /d 1 (User 'LocalSystem')
O4 - HKU\S-1-5-19\..\RunOnce: [HttpAcceptLanguageOptOut] = C:\Windows\system32\REG.exe ADD "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /f /d 1 (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [HttpAcceptLanguageOptOut] = C:\Windows\system32\REG.exe ADD "HKCU\Control Panel\International\User Profile" /v "HttpAcceptLanguageOptOut" /t REG_DWORD /f /d 1 (User 'Network service')
O17 - DHCP DNS 1: 192.168.1.1
O22 - BITS Job: (download) {0D2DB62B-3432-4BAF-AE6B-42CBEE57C9D9} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AI2Dqx-FodnxTsjr18k7goM_283/APhxnlx4NfdDxFIuh8gystE -> C:\Users\ApRa\AppData\Local\Temp\chrome_BITS_6780_957005741\APhxnlx4NfdDxFIuh8gystE
O22 - BITS Job: (download) {82A1F9F6-822F-4EA9-9EDE-918939AB46DF} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/AIZk8O7Cv2UUbxc_aaUykKI_7/ALzUVHP-vRgKCzqwbtGugSE -> C:\Users\ApRa\AppData\Local\Temp\chrome_BITS_2696_1742149326\ALzUVHP-vRgKCzqwbtGugSE
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\Windows\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\Windows\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (Microsoft)
O22 - Task: CorelUpdateHelperTaskCore - C:\Program Files (x86)\Corel\CUH\v2\CUH.exe /t
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\IntelPTTEKRecertification.exe
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_ffc75848a6342fdf\jhi_service.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 21.3 - (AVP21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\avp.exe -r
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1108979a670abe46\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1108979a670abe46\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
O23 - Service R2: Razer Central Service - (RzActionSvc) - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service R2: Razer Game Manager - (Razer Game Manager Service) - C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe
O23 - Service R2: Razer Synapse Service - C:\Program Files (x86)\Razer\Synapse3\Service\Razer Synapse Service.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d87c47469b47c3f9\RtkAudUService64.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S2: AsusUpdateCheck - C:\Windows\System32\AsusUpdateCheck.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\TPMProvisioningService.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_75ffca5eec865b4b\lib\SocketHeciServer.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.3 - (klvssbridge64_21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 21.3\x64\vssbridge64.exe
--
End of file - Time spent: 5,9 sec. - 20428 bytes, CRC32: FFFFFFFF. Sign: 柢㎷Ek olarak ekleyim, bu olaylar yaşandığında sistemde Kaspersky Internet Security 2021 kuruluydu.
Başka bir şeye gerek görmedim. Diğer diskleri zaten incelemez bu tür yazlımlar. Kaspersky ile diğer diskleri tarattıysanız sıkıntı yok.
