Rehber HijackThis Log Paylaşımı ve Çözümleri

Murat5038 · 13 Ekim 2013

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.

Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...

www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.

6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

Kod'a tıklayın.

Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.

THE_MILLER · 5 Aralık 2018

CCleaner kullanmak istemiyorsanız RegSeeker deneyebilirsiniz.

HoverDesk - Download

LeonS.Kennedy · 5 Aralık 2018

THE_MILLER dedi:
CCleaner kullanmak istemiyorsanız RegSeeker deneyebilirsiniz.

HoverDesk - Download

Kullanmamak değil aslında. Artık CCleaner'i tavsiye etmediğinizi duydum. Sizin gibi uzman kişilerin vardır bir bildiği diye soruyorum

Musa B. · 5 Aralık 2018

Kod:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11

Platform:  x64 Windows 10 (Pro), 10.0.17763.134 (ReleaseId: 1809), Service Pack: 0
Time:      05.12.2018 - 21:25 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    bhcmu    (group: Administrator) on DESKTOP-D0PB5GT, FirstRun: yes

Chrome:  70.0.3538.110
Edge:    11.0.17763.134
Internet Explorer: 11.0.17763.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
   1  C:\Program Files (x86)\Common Files\Overwolf\0.119.4.24\OverwolfHelper.exe
   1  C:\Program Files (x86)\Common Files\Overwolf\0.119.4.24\OverwolfHelper64.exe
   1  C:\Program Files (x86)\Hotkey\ComboKeyTray.exe
   1  C:\Program Files (x86)\Hotkey\DiskMonitor.exe
   1  C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
   1  C:\Program Files (x86)\Hotkey\HkeyTray.exe
   1  C:\Program Files (x86)\Hotkey\HotkeyService.exe
   1  C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
   1  C:\Program Files (x86)\Intel\Thunderbolt Software\ConditionalAppStarter.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
   1  C:\Program Files (x86)\Origin\OriginWebHelperService.exe
   2  C:\Program Files (x86)\Overwolf\0.119.4.24\OverwolfBrowser.exe
   1  C:\Program Files (x86)\Overwolf\Overwolf.exe
   1  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
   1  C:\Program Files\Intel\WiFi\bin\EvtEng.exe
   1  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
   1  C:\Program Files\LGHUB\lghub_updater.exe
   1  C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
   1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeApp.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.35.76.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsStore_11810.1001.12.0_x64__8wekyb3d8bbwe\WinStore.App.exe
   1  C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxOutlook.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20106.0_x64__8wekyb3d8bbwe\HxTsr.exe
   4  C:\Users\bhcmu\AppData\Local\Discord\app-0.0.301\Discord.exe
   1  C:\Users\bhcmu\Desktop\HiJackThis.exe
   1  C:\Windows\SysWOW64\Creative.UWPRPCService.exe
   1  C:\Windows\SysWOW64\MSIService.exe
   2  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f02a6686365638a8\IntelCpHDCPSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f02a6686365638a8\IntelCpHeciSvc.exe
   1  C:\Windows\System32\PrintIsolationHost.exe
   2  C:\Windows\System32\RtkAudUService64.exe
  11  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SynTPEnh.exe
   1  C:\Windows\System32\SynTPEnhService.exe
   1  C:\Windows\System32\SynTPHelper.exe
   1  C:\Windows\System32\audiodg.exe
   4  C:\Windows\System32\backgroundTaskHost.exe
   2  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\ibtsiva.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  75  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   3  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts.ICS: 192.168.1.107 DESKTOP-D0PB5GT.mshome.net # 2023 11 2 14 14 9 2 654
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - HKLM\..\BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Microsoft\Office16\GROOVEEX.DLL
O2 - HKLM\..\BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Microsoft\Office16\OCHelper.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O4 - HKCU\..\Run: [Discord] = C:\Users\bhcmu\AppData\Local\Discord\app-0.0.301\Discord.exe --start-minimized
O4 - HKCU\..\Run: [Overwolf] = C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe -overwolfsilent
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files (x86)\Origin\Origin.exe -AutoStart (2018/10/07)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = D:\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2018/11/19)
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2018/11/24)
O4 - HKCU\..\StartupApproved\Run: [LGHUB] = C:\Program Files\LGHUB\lghub.exe --background (2018/09/26)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\bhcmu\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2018/09/12)
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (2018/10/07)
O4 - HKLM\..\StartupApproved\Run32: [DSATray] = C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe (2018/11/24)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2018/09/26)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2018/09/12)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2018/09/12)
O4 - HKLM\..\StartupApproved\Run: [IAStorIcon] = C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60 (2018/09/12)
O4 - HKLM\..\StartupApproved\Run: [Launch LCore] = C:\Program Files\Logitech Gaming Software\LCore.exe /minimized (2018/11/24)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2018/09/12)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Tüm bağlantıları IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Button: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49}: OneNote'a Gönder - D:\Microsoft\Office16\ONBttnIE.dll
O9 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: Skype Kurumsal Tıkla ve Konuş - D:\Microsoft\Office16\OCHelper.dll
O9 - Button: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: OneNote Bağlantılı &Notları - D:\Microsoft\Office16\ONBttnIELinkedNotes.dll
O9 - Tools menu item: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49}: OneNote'a G&önder - D:\Microsoft\Office16\ONBttnIE.dll
O9 - Tools menu item: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: Skype Kurumsal Tıkla ve Konuş - D:\Microsoft\Office16\OCHelper.dll
O9 - Tools menu item: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: OneNote Bağlantılı &Notları - D:\Microsoft\Office16\ONBttnIELinkedNotes.dll
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\            IDM Shell Extension: IDM Shell Extension - {CDC95B92-E27C-4745-A8C5-64A52A78855D} - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: HotKey Clipboard Service - (HKClipSvc) - C:\Program Files (x86)\Hotkey\Driver\x64\HKClipSvc.exe
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\system32\ibtsiva.exe
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f02a6686365638a8\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) Extreme Tuning Utility Service - (XTU3SERVICE) - C:\Program Files (x86)\Intel\Intel(R) Extreme Tuning Utility\XtuService.exe
O23 - Service R2: Intel(R) PROSet/Wireless Event Log - (EvtEng) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service R2: Intel(R) PROSet/Wireless Registry Service - (RegSrvc) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service R2: Intel(R) PROSet/Wireless Zero Configuration Service - (ZeroConfigService) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
O23 - Service R2: LGHUB Updater Service - (LGHUBUpdaterService) - C:\Program Files\LGHUB\lghub_updater.exe --run-as-service
O23 - Service R2: Logitech Gaming Registry Service - (LogiRegistryService) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service R2: Micro Star SCM - C:\Windows\SysWOW64\MSIService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service R2: PowerBiosServer - C:\Program Files (x86)\Hotkey\HotkeyService.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe
O23 - Service R2: SynTPEnhService - C:\WINDOWS\System32\SynTPEnhService.exe
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: UWP RPC Service - (UWPService) - C:\WINDOWS\SysWOW64\Creative.UWPRPCService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_f02a6686365638a8\IntelCpHeciSvc.exe
O23 - Service S2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service S2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6ae0ddbb4a38e23c\igfxCUIService.exe  (file missing)
O23 - Service S2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service S2: Intel(R) Rapid Storage Technology - (IAStorDataMgrSvc) - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service S2: Intel® SGX AESM - (AESMService) - C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service S3: Overwolf Updater Windows SCM - (OverwolfUpdater) - C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe /RunningFrom SCM
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Thunderbolt(TM) Service - (ThunderboltService) - C:\Program Files (x86)\Intel\Thunderbolt Software\tbtsvc.exe
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"
O23 - Service S3: Wireless PAN DHCP Server - (MyWiFiDHCPDNS) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe


--
End of file - Time spent: 16,9 sec. - 35102 bytes, CRC32: FFFFFFFF. Sign: 뤣依

THE_MILLER · 5 Aralık 2018

@LeonS.Kennedy ,

Avast!'ın gizlilik ilkelerinden dolayı CCleaner'ı pek tavsiye etmiyorum ama yine de kullanışlı bir uygulama.

@Musa B. ,

Aktif bir zararlı yok, performans için verdiğim satırları işaretleyip fixleyin.

Kod:

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts.ICS: 192.168.1.107 DESKTOP-D0PB5GT.mshome.net # 2023 11 2 14 14 9 2 654
O2 - HKLM\..\BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Microsoft\Office16\GROOVEEX.DLL
O2 - HKLM\..\BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Microsoft\Office16\OCHelper.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = D:\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2018/11/19)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\bhcmu\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2018/09/12)
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (2018/10/07)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2018/09/26)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2018/09/12)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2018/09/12)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O9 - Button: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49}: OneNote'a Gönder - D:\Microsoft\Office16\ONBttnIE.dll
O9 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: Skype Kurumsal Tıkla ve Konuş - D:\Microsoft\Office16\OCHelper.dll
O9 - Button: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: OneNote Bağlantılı &Notları - D:\Microsoft\Office16\ONBttnIELinkedNotes.dll
O9 - Tools menu item: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49}: OneNote'a G&önder - D:\Microsoft\Office16\ONBttnIE.dll
O9 - Tools menu item: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: Skype Kurumsal Tıkla ve Konuş - D:\Microsoft\Office16\OCHelper.dll
O9 - Tools menu item: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: OneNote Bağlantılı &Notları - D:\Microsoft\Office16\ONBttnIELinkedNotes.dll
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

Musa B. · 5 Aralık 2018

THE_MILLER dedi:

@LeonS.Kennedy ,

Avast!'ın gizlilik ilkelerinden dolayı CCleaner'ı pek tavsiye etmiyorum ama yine de kullanışlı bir uygulama.

@Musa B. ,

Aktif bir zararlı yok, performans için verdiğim satırları işaretleyip fixleyin.

Kod:

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts.ICS: 192.168.1.107 DESKTOP-D0PB5GT.mshome.net # 2023 11 2 14 14 9 2 654
O2 - HKLM\..\BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - D:\Microsoft\Office16\GROOVEEX.DLL
O2 - HKLM\..\BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - D:\Microsoft\Office16\OCHelper.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = D:\Epic Games\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2018/11/19)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\bhcmu\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2018/09/12)
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (2018/10/07)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2018/09/26)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2018/09/12)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2018/09/12)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O9 - Button: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49}: OneNote'a Gönder - D:\Microsoft\Office16\ONBttnIE.dll
O9 - Button: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: Skype Kurumsal Tıkla ve Konuş - D:\Microsoft\Office16\OCHelper.dll
O9 - Button: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: OneNote Bağlantılı &Notları - D:\Microsoft\Office16\ONBttnIELinkedNotes.dll
O9 - Tools menu item: HKLM\..\{2670000A-7350-4f3c-8081-5663EE0C6C49}: OneNote'a G&önder - D:\Microsoft\Office16\ONBttnIE.dll
O9 - Tools menu item: HKLM\..\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}: Skype Kurumsal Tıkla ve Konuş - D:\Microsoft\Office16\OCHelper.dll
O9 - Tools menu item: HKLM\..\{789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}: OneNote Bağlantılı &Notları - D:\Microsoft\Office16\ONBttnIELinkedNotes.dll
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

Bana vakit ayırdığınız için teşekkürler, hayırlı akşamlar

Lerasen · 6 Aralık 2018

Kod:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11

Platform:  x64 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time:      06.12.2018 - 13:48 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Sezgin    (group: Administrator) on CASPER, FirstRun: yes

Chrome:  71.0.3578.80
Internet Explorer: 11.0.9600.17840
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
   1  C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
   1  C:\Program Files (x86)\cmcm\Clean Master\cmcore.exe
   1  C:\Program Files (x86)\cmcm\Clean Master\cmtray.exe
   1  C:\Program Files\AVAST Software\Avast\AvastSvc.exe
   1  C:\Program Files\AVAST Software\Avast\AvastUI.exe
   1  C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\ESET\ESET Smart Security\egui.exe
   1  C:\Program Files\ESET\ESET Smart Security\ekrn.exe
   1  C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
   1  C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
   1  C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
   1  C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
   1  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
   1  C:\Users\Sezgin\AppData\Roaming\Octoshape\Octoshape Streaming Services\InfiniteMediaAcceleration.exe
   1  C:\Users\Sezgin\Desktop\HiJackThis.exe
   1  C:\Windows\SysWOW64\srvany.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SysUefiHost\uefihost.exe
   1  C:\Windows\System32\audiodg.exe
   3  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
   1  C:\Windows\System32\sppsvc.exe
  11  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\syshost.exe
   2  C:\Windows\System32\taskeng.exe
   2  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\vnchost.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\kmsem\KMService.exe
   1  D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://v9-tp.com/?s=78350871&p=434153504552&g=E36D8FAE25F9CE5B95145E92C233636C
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\A7854900D33101B48B3DD1041F5E4F66: [SuggestionsURL_JSON] = http://suggest.yandex.com.tr/suggest-ff.cgi?uil=tr&part={searchTerms} - Yandex.Görsel
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\A7854900D33101B48B3DD1041F5E4F66: [URL] = http://gorsel.yandex.com.tr/yandsearch?win=289&clid=2084486&text={searchTerms} - Yandex.Görsel
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\BC2D9565E85878505D2371BEBB644FA4: [SuggestionsURL_JSON] = http://suggest.yandex.com.tr/suggest-ff.cgi?uil=tr&part={searchTerms} - Yandex.Video
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\BC2D9565E85878505D2371BEBB644FA4: [URL] = http://video.yandex.com.tr/#search?win=289&clid=2084486&text={searchTerms} - Yandex.Video
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\F17E29FB18CCE631A2F9625D90C54413: [URL] = http://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=289&clid=2084486&text={searchTerms} - Yandex.Haberler
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [SuggestionsURL_JSON] = http://suggest.yandex.com.tr/suggest-ff.cgi?uil=tr&part={searchTerms} - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL] = http://yandex.com.tr/yandsearch?win=289&clid=2084486&text={searchTerms} - Yandex
O1 - Hosts: 127.0.0.1 license.piriform.com
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll
O2 - HKLM\..\BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2-32 - HKLM\..\BHO: True Key Helper - {0F4B8786-5502-4803-8EBC-F652A1153BB6} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll
O3 - HKLM\..\Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie64.dll
O3-32 - HKLM\..\Toolbar: True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\McAfee\TrueKey\MSIE\truekey_ie.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk    ->    C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk    ->    C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true
O4 - HKCU\..\Run: [CCleaner Monitoring] = C:\Program Files\CCleaner\ccleaner64.exe /MONITOR
O4 - HKCU\..\Run: [CCleaner] = C:\Program Files\CCleaner\ccleaner64.exe /AUTO
O4 - HKCU\..\Run: [Octoshape Streaming Services] = C:\Users\Sezgin\AppData\Roaming\Octoshape\Octoshape Streaming Services\InfiniteMediaAcceleration.exe -inv:bootrun
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Smart Security\ecmds.exe /launch /hide
O4 - MSConfig\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Mediatek Wireless Utility.lnk [backup] => C:\Program Files (x86)\MediatekWiFi\Common\RaUI.exe -s (2018/01/13)
O4 - MSConfig\startupreg: HotKeysCmds [command] = C:\Windows\system32\hkcmd.exe (HKLM) (2018/01/13)
O4 - MSConfig\startupreg: ShadowPlay [command] = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart (HKLM) (2018/01/13)
O4 - MSConfig\startupreg: cmsc [command] = c:\program files (x86)\cmcm\Clean Master\cmtray.exe -autorun (HKLM) (2018/01/13)
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [cmsc] = c:\program files (x86)\cmcm\Clean Master\cmtray.exe -autorun
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel - present
O15 - Trusted Zone: http://help.eset.com
O17 - DHCP DNS 1: 195.175.39.50
O17 - DHCP DNS 2: 195.175.39.49
O17 - DHCP DNS 3: 192.168.1.1
O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\system32\nvinitx.dll
O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\SysWOW64\nvinit.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShA64.dll
O22 - Task (.job): (Not scheduled) CCleanerClean.job - C:\Program Files\CCleaner\ccleaner64.exe /AUTO
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Clean Master Core Service - (cmcore) - c:\program files (x86)\cmcm\Clean Master\cmcore.exe /service cmcore
O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service R2: KMService - C:\Windows\SysWow64\srvany.exe
O23 - Service R2: Management System - (ManagementSystem) - C:\Windows\system32\syshost.exe
O23 - Service R2: McAfee True Key - (TrueKey) - C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.Service.exe
O23 - Service R2: McAfee True Key Scheduler - (TrueKeyScheduler) - C:\Program Files\McAfee\TrueKey\McTkSchedulerService.exe
O23 - Service R2: MediatekRegistryWriter - C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry.exe
O23 - Service R2: MediatekRegistryWriter64 - C:\Program Files (x86)\MediatekWiFi\Common\RaRegistry64.exe
O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
O23 - Service R2: QMEmulatorService - D:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
O23 - Service R2: Remote Desktop Service - (VncServer) - C:\Windows\system32\vnchost.exe
O23 - Service R2: TrueKeyServiceHelper - C:\Program Files\McAfee\TrueKey\McAfee.TrueKey.ServiceHelper.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Service Installer TrueKey - (InstallerService) - C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe Files\TrueKey\Mcafee.TrueKey.InstallerService.exe -runtimeupdated -originalversion 4.14.102.0 (file missing)
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: BlueStacks Log Rotator Service - (BstHdLogRotatorSvc) - C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.80\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: McAfee Security Scan Component Host Service - (McComponentHostService) - C:\Program Files\McAfee Security Scan\3.11.812\McCHSvc.exe
O23 - Service S3: Microsoft SharePoint Workspace Audit Service - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE /auditservice
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe


--
End of file - Time spent: 23,6 sec. - 25970 bytes, CRC32: FFFFFFFF. Sign: *鴣

LeonS.Kennedy · 6 Aralık 2018

Kod:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11

Platform:  x64 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time:      06.12.2018 - 15:51 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    win7    (group: Administrator) on WIN7-BILGISAYAR, FirstRun: yes

Chrome:  65.0.3325.181
Internet Explorer: 9.0.8112.16421
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\HiJackThis.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\hkcmd.exe
   1  C:\Windows\System32\igfxpers.exe
   1  C:\Windows\System32\igfxtray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  10  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe

O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKLM\..\Run: [HotKeysCmds] = C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - User Startup: C:\Users\win7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DK.bat
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Tüm bağlantıları IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O21 - HKLM\..\ShellIconOverlayIdentifiers\            IDM Shell Extension: IDM Shell Extension - {CDC95B92-E27C-4745-A8C5-64A52A78855D} - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll


--
End of file - Time spent: 21,7 sec. - 5274 bytes, CRC32: FFFFFFFF. Sign: ⑜

Malware, Virüs vs. olduğu şüphesindeyim. Başlangıç'ta "wiwi" diye bir uygulama çalıştı; Çalışmayı Durdurdu filan dedi hatta.

THE_MILLER · 6 Aralık 2018

@Screand ,

Sisteminde Avast!, Eset ve McAfee aktif gözükmekte. Kendi kaldırma araçları bunları kaldırman lazım. Bu üç uygulama sistem kararsızlıklarına neden olur. Sisteminde aktivatör aracı da aktif. KEndisi zararlı olduğu gibi sistem performansını da ciddi olarak etkiler. Ayrıca güvenlik konusunda eksikleri olan bir sistem olan Windows 7 kullanmaktasınız.

Tavsiyem temiz kurulumla Windows 10 kurmanızdan yanadır. Windows 10 Türkçe İndirme ve Kurulum

@LeonS.Kennedy ,

Bu tür durumlarda ekran görüntüsü alabilirsen iyi olur. Kullandığın yazılımlardaki hatalar da olabilir.

Downloads - SurfRight Bu adresten Hitman Pro indirip, uygulamayı çalıştırın. Taratmadan önce options(settings) dan, lisans kısmına girip 30 günlük deneme sürümünü aktif edin. Ardından tarama yapıp bulduklarını silin. Zararlı varsa temizleyecektir.

Hata yine alırsanız ekran görüntüsü ve dosya konumunu görev yöneticisinden bularak gösteriniz.

Lerasen · 6 Aralık 2018

THE_MILLER dedi:
@Screand ,

Sisteminde Avast!, Eset ve McAfee aktif gözükmekte. Kendi kaldırma araçları bunları kaldırman lazım. Bu üç uygulama sistem kararsızlıklarına neden olur. Sisteminde aktivatör aracı da aktif. KEndisi zararlı olduğu gibi sistem performansını da ciddi olarak etkiler. Ayrıca güvenlik konusunda eksikleri olan bir sistem olan Windows 7 kullanmaktasınız.

Tavsiyem temiz kurulumla Windows 10 kurmanızdan yanadır. Windows 10 Türkçe İndirme ve Kurulum

@LeonS.Kennedy ,

Bu tür durumlarda ekran görüntüsü alabilirsen iyi olur. Kullandığın yazılımlardaki hatalar da olabilir.

Downloads - SurfRight Bu adresten Hitman Pro indirip, uygulamayı çalıştırın. Taratmadan önce options(settings) dan, lisans kısmına girip 30 günlük deneme sürümünü aktif edin. Ardından tarama yapıp bulduklarını silin. Zararlı varsa temizleyecektir.

Hata yine alırsanız ekran görüntüsü ve dosya konumunu görev yöneticisinden bularak gösteriniz.

Herhangi bir durum yok muymuş? Hacklendiğine dair şüphem veya virüs şüphem vardı, temiz mi çıktı? Windows 10 kuracağım. Bu arada aktivatör aracını nasıl kapatabilirim veya bu bir virüs mü?

THE_MILLER · 6 Aralık 2018

@Silinen üye ,

Herhangi bir durum var. Vnchost.exe, srvany.exe, Kmservice.exe gibi dosyalar zararlı. Aktivatör araçları için iyi niyetli bir çalışma yapıyor diyemem. Bu tür zararlıların RAT serverı olup olmadığını dosya analizi veya ağ paketleri incelemesi ile anlaşılabilir.

Tavsiyem belirttiğim gibi temiz Windows 10 kurmanız. Korsan aktivatör araçları kullanmamanız.

Rehber HijackThis Log Paylaşımı ve Çözümleri

Ayrıntılı düzenleme

HiJackThis

THE_MILLER

Petapat

LeonS.Kennedy

Kilopat

Musa B.

Kilopat

THE_MILLER

Petapat

Musa B.

Kilopat

Lerasen

Decapat

LeonS.Kennedy

Kilopat

THE_MILLER

Petapat

Lerasen

Decapat

THE_MILLER

Petapat

Benzer konular