Rehber HijackThis Log Paylaşımı ve Çözümleri

Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 7 (Pro), 6.1.7601.24511, Service Pack: 1
Time:      08.09.2019 - 11:27 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    A    (group: Administrator) on A-BILGISAYAR, FirstRun: yes

Chrome:  76.0.3809.132
Internet Explorer: 11.0.9600.19431
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
   2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\A\Desktop\Kalacaklar\HiJackThis.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\StikyNot.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  13  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskeng.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe

O2-32 - HKLM\..\BHO: ScriptInjectionPluginBrowserHelperObject - {9F904093-6E18-4536-BF5F-B03689CF00F0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll
O3-32 - HKLM\..\Toolbar: Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] = C:\Windows\System32\StikyNot.exe
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (HKCU) (2019/08/25)
O17 - DHCP DNS 1: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 20.0 - (AVP20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe -r
O23 - Service R2: Kaspersky Secure Connection Hizmeti 4.0 - (KSDE4.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe -r
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge. 20.0 - (klvssbridge64_20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe
O23 - Service S3: NVIDIA Update Service Daemon - (nvUpdatusService) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 22,2 sec. - 9418 bytes, CRC32: FFFFFFFF. Sign: ᢴ봧
Hocam kendi oluşturduğum payloadı açtım silemiyorum yardım eder misiniz?
 
Murat5038 dedi:
Anormal görünen bir şey yok. Kaspersky algılar zaten onu.
Not uygulamasını kendin açmadıysan bunu fixle:
Kod: 
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] = C:\Windows\System32\StikyNot.exe
Genişletmek için tıkla...
Ekran görüntüsünde ki virüs olabilir mi? Kaspersky ın veri tabanına nasıl bir virüsü rapor edebilirim? Bilgisayar yavaşladı algılayamadı zaten NoDistrubute sonucu 12/30 du.
 
Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Home Single Language), 10.0.18362.329 (ReleaseId: 1903), Service Pack: 0
Time:      08.09.2019 - 20:24 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Ersin    (group: Administrator) on DESKTOP-9T9HL1V, FirstRun: yes

Chrome:  76.0.3809.132
Edge:    11.0.18362.329
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   8  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
   1  C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
   1  C:\Program Files\Elantech\ETDCtrl.exe
   1  C:\Program Files\Elantech\ETDCtrlHelper.exe
   1  C:\Program Files\Elantech\ETDService.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
   1  C:\Users\Ersin\Desktop\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0346453.inf_amd64_bc963e4e92e4ff40\B346420\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0346453.inf_amd64_bc963e4e92e4ff40\B346420\atiesrxx.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\drivers\AdminService.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\schtasks.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
  64  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\explorer.exe

O4 - HKCU\..\Run: [Bloody2] = C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe Minimum
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Ersin\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2019/08/20)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/08/20)
O4 - HKCU\..\StartupApproved\Run: [Wargaming.net Game Center] = C:\ProgramData\Wargaming.net\GameCenter\wgc.exe --background '' (2019/09/03)
O4 - HKLM\..\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [Cm108BSound] = C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe /h /d (2019/08/20)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (2019/08/20)
O4 - HKLM\..\StartupApproved\Run: [Start WingMan Profiler] = C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui (2019/08/20)
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0346453.inf_amd64_bc963e4e92e4ff40\B346420\atiesrxx.exe
O23 - Service R2: AMD User Experience Program Launcher - (AUEPLauncher) - C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
O23 - Service R2: AtherosSvc - C:\Windows\System32\drivers\AdminService.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService


--
End of file - Time spent: 47,9 sec. - 11324 bytes, CRC32: FFFFFFFF. Sign: 妵
Hocam, zahmet olmazsa bakabilir misiniz?
 
EmreSploit dedi:
Kod: 
O4 - HKCU\..\Run: [Bloody2] = C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe Minimum.
Sanırım sadece bu var ama fixleme @Murat5038 bekleyelim.
Genişletmek için tıkla...
Aslında onu bugün indirmiştim. Bloody A60 mouse için driver olması gerek, ilginiz için çok teşekkürler. Bir de Murat Hocam bakabilirse sevinirim. Kötü amaçlıysa, kaldırırım hemen "bloody7.exe"yi.
 
Sıkıntı yok zararlı yazılım olarak. Heralde kulaklık için ses sürücüsünden şüphelendiniz Çin ürünü olduğu için.
Ancak Ekran kartı sürücünü doğru kurmamışa benziyorsun DDU rehberine göre anlatımı uygulayıp güncel GPU sürücünü yüklemen iyi olur. Çözemezsen yeni konu açıp sorabilirsin. Hello'nun dediği bahsettiğin gibi fare klavye yazılımı sorun yok onda.
 
Ekran kartı sürücüsünü AMD'ye güncelleme mesajı geldiğinde hızlı yükleme deyip yapıyordum pek anlamıyorum, her şey için çok teşekkür ederim allah razı olsun.
DDU ile AMD ve NVIDIA sürücüsü kaldırma rehberi diye bir başlık buldum, oraya mı bakmam gerekiyor acaba?
Pek anlamadım kusura bakmayın o sorunu düzelttiğimde performans artışı yaşanır mı?
 
Mesaj yazmak için giriş yapmalı ya da kaydolmalısınız.

Benzer konular

HijackThis Log Paylaşımı
Mesaj
0
Görüntüleme
548
taylaan
Android Silinmeyen Trojan Virüsü Temizleme
Mesaj
5
Görüntüleme
5.687
quarest
Kaspersky silinmeyen trojan
Mesaj
2
Görüntüleme
1.001
acv
A
B
Kaspersky Security Cloud trojan buldu
2 3
Mesaj
21
Görüntüleme
3.006
Murat5038
2
  • Makale
Rehber  Kaspersky Virus Removal Tool ile Zararlı Yazılım Temizliği
Mesaj
7
Görüntüleme
14.534
Windows 11 Bükücü
Menü
Giriş yap
Kaydol
Bu siteyi kullanmak için çerezler gereklidir. Siteyi kullanmaya devam etmek için çerezleri kabul etmelisiniz. Daha Fazlasını Öğren.…