Rehber HijackThis Log Paylaşımı ve Çözümleri

1543056134722.png


Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.



Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...
www.technopat.net www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

1543056459730.png


4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

1543053000396.png


5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
1543053111358.png


6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

1543053449185.png



*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

1543053710016.png

Kod'a tıklayın.

1543053809056.png


Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.
1543054420492.png
 
Son düzenleme:
Genişletmek için tıkla...
Murat5038 dedi:
Raporu eksik paylaşmışsınız.
Genişletmek için tıkla...
Düzenledim.
Murat5038 dedi:
MBAM kullanıyorsunuz zaten zararlı olmasında etken nedir?
Genişletmek için tıkla...
Java'ya güvenmiyorum. Minecraft oynarken MBAM'In exploit bulup engellemesi ve hiç tanımadığım bir bağlantının bilgisayarıma dosya göndermeye çalışması beni tedirgin etti.

Kod: 
Malwarebytes
www.malwarebytes.com

-Log Details-
Protection Event Date: 6/12/19
Protection Event Time: 10:36 PM
Log File: 58eba5c2-8d49-11e9-a313-309c23027b47.json

-Software Information-
Version: 3.7.1.2839
Components Version: 1.0.586
Update Package Version: 1.0.11018

-System Information-
OS: Windows 10 (Build 16299.492)
CPU: x64
File System: NTFS
User: System

-Blocked Website Details-
Malicious Website: 1
, , Blocked, [-1], [-1],0.0.0

-Website Data-
Category: Trojan
Domain: modstats.org
IP Address: 195.22.26.248
Port: [56928]
Type: Outbound
File: C:\Program Files\Java\jre1.8.0_211\bin\javaw.exe



(end)
 
Murat5038 dedi:
Bunu java değil kullandığın Minecraft veya modları yapıyor.
Genişletmek için tıkla...
Modları çoğu kişinin bildiği Technic Launcher'dan oynuyorum. Oldukça güvenli bir launcher fakat modların neden böyle bir davranış gösterdiğini anlayamadım. MBAM ile tarattığımda temiz çıkıyor. En sağlıklısı MBAM açık bir şekilde oynamaya devam etmek. Teşekkür ederim.
 
Dosya zararlı olmaması iletişimin ne amaçlı olduğu önemli bu da kurduğu sitenin zararlı içerdiğini söylüyor. Bazen yanlış alarm verebilir aktif korumada MBAM o yüzden bilindik AV kullanmanız daha doğru olur.
 
Sistemde acayip bir performans düşüşü yaşıyorum yardım edebilir misiniz?


Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 7 (Ultimate), 6.1.7601.24136, Service Pack: 1
Time:      13.06.2019 - 16:00 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Efe    (group: Administrator) on EFE-BILGISAYAR, FirstRun: yes

Opera:   60.0.3255.151
Internet Explorer: 11.0.9600.19002
Default: "C:\Program Files\Opera\Launcher.exe" -noautoupdate -- "%1" (Opera Internet Browser)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\PenTabletDriver\TabletDriver.exe
   1  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
   1  C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
   1  C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
   1  C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
   1  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files (x86)\netcut\services\aips.exe
   1  C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
   1  C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\Efe\Desktop\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\SysWOW64\PnkBstrA.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\atieclxx.exe
   1  C:\Windows\System32\atiesrxx.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\drivers\WTSrv.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
   1  C:\Windows\System32\sppsvc.exe
  13  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   2  C:\Windows\System32\wisptis.exe
   1  C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.yandex.com.tr/?win=357&clid=2262075-1
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2261466 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2261466 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: ::1 localhost
O1 - Hosts: 163.172.67.35 osu.ppy.sh
O1 - Hosts: 163.172.67.35 c.ppy.sh
O1 - Hosts: 163.172.67.35 c1.ppy.sh
O1 - Hosts: 163.172.67.35 c3.ppy.sh
O1 - Hosts: 163.172.67.35 c4.ppy.sh
O1 - Hosts: 163.172.67.35 c5.ppy.sh
O1 - Hosts: 163.172.67.35 c6.ppy.sh
O1 - Hosts: 163.172.67.35 c7.ppy.sh
O1 - Hosts: 163.172.67.35 ce.ppy.sh
O1 - Hosts: 163.172.67.35 a.ppy.sh
O1 - Hosts: 163.172.67.35 i.ppy.sh
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk    ->    C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe -dataPath="C:\ProgramData\SteelSeries\SteelSeries Engine 3" -dbEnv=production -auto=true
O4 - HKCU\..\Run: [Browser Manager] = C:\Users\Efe\AppData\Local\Yandex\BrowserManager\MBLauncher.exe  (file missing)
O4 - HKCU\..\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (file missing)
O4 - HKCU\..\Run: [OscarEditor] = C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe Minimum (file missing)
O4 - HKCU\..\Run: [WifiAudio] = C:\Users\Efe\Desktop\wifiaudio_windows.exe  (file missing)
O4 - HKLM\..\Run: [TabletDriver] = C:\PenTabletDriver\TabletDriver.exe -hide
O4 - MSConfig\startupreg: 07db318145681dc5e0cbb8c76a1a4fa9 [command] = C:\Users\Efe\AppData\Local\Temp\Windows Defender.exe .. (HKCU) (2018/08/01) (file missing)
O4 - MSConfig\startupreg: AdobeAAMUpdater-1.0 [command] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (HKLM) (2018/01/25) (file missing)
O4 - MSConfig\startupreg: AdobeCS6ServiceManager [command] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2018/01/25) (file missing)
O4 - MSConfig\startupreg: Discord [command] = C:\Users\Efe\AppData\Local\Discord\app-0.0.301\Discord.exe (HKCU) (2018/08/01) (file missing)
O4 - MSConfig\startupreg: IDMan [command] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (HKCU) (2018/08/01) (file missing)
O4 - MSConfig\startupreg: LogMeIn Hamachi Ui [command] = C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start (HKLM) (2018/08/01) (file missing)
O4 - MSConfig\startupreg: Spotify Web Helper [command] = C:\Users\Efe\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart (HKCU) (2018/01/25)
O4 - MSConfig\startupreg: Spotify [command] = C:\Users\Efe\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (HKCU) (2018/01/25)
O4 - MSConfig\startupreg: StartCCC [command] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun (HKLM) (2018/01/25)
O4 - MSConfig\startupreg: Steam [command] = C:\Program Files (x86)\Steam\steam.exe -silent (HKCU) (2018/01/25)
O4 - MSConfig\startupreg: SunJavaUpdateSched [command] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2018/01/25)
O4 - MSConfig\startupreg: Vivaldi Update Notifier [command] = C:\Users\Efe\AppData\Local\Vivaldi\Application\update_notifier.exe (HKCU) (2018/08/01) (file missing)
O4 - MSConfig\startupreg: ipts [command] = C:\Users\Efe\Desktop\Dosyalar\ipts\ipts.exe -h (HKCU) (2018/01/25) (file missing)
O4 - MSConfig\startupreg: uTorrent [command] = C:\Users\Efe\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (HKCU) (2018/01/25)
O4-32 - HKLM\..\Run: [AMD AVT] = C:\Windows\system32\Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4-32 - HKLM\..\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [WTClient] = C:\Windows\system32\WTClient.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (file missing)
O15 - Trusted Zone: *.localhost
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Efe\AppData\Local\MEGAsync\ShellExtX64.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Efe\AppData\Local\MEGAsync\ShellExtX64.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Efe\AppData\Local\MEGAsync\ShellExtX64.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Efe\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Efe\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Efe\AppData\Local\MEGAsync\ShellExtX32.dll (file missing)
O22 - Task (.job): Opera scheduled Autoupdate 1518108263.job - C:\Program Files\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: Arp Intelligent Protection Service - (AIPS) - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: PnkBstrA - C:\Windows\SysWOW64\PnkBstrA.exe
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: WinTab Service - (WinTabService) - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service S2: Acunetix WVS Scheduler v8 - (AcuWVSSchedulerv8) - C:\Program Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe Files (x86)\Acunetix\Web Vulnerability Scanner 8\WVSScheduler.exe (file missing)
O23 - Service S2: QMEmulatorService - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe  (file missing)
O23 - Service S2: Wallpaper Engine Service - C:\Users\Efe\Desktop\Dosyalar\Wallpaper Engine\bin\wallpaperservice32_c.exe Engine\bin\wallpaperservice32_c.exe (file missing)
O23 - Service S2: mysql57 - C:\AppServ\MySQL\bin\mysqld --defaults-file=C:\AppServ\MySQL\my.ini mysql57 (file missing)
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Visual Studio Standard Collector Service 150 - (VSStandardCollectorService150) - C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\Windows\SysWOW64\GameMon.des -service


--
End of file - Time spent: 35.7 sec. - 21874 bytes, CRC32: FFFFFFFF. Sign: 꾣�
 
Bunları fixleyin:
Kod: 
O1 - Hosts: 163.172.67.35 osu.ppy.sh
O1 - Hosts: 163.172.67.35 c.ppy.sh
O1 - Hosts: 163.172.67.35 c1.ppy.sh
O1 - Hosts: 163.172.67.35 c3.ppy.sh
O1 - Hosts: 163.172.67.35 c4.ppy.sh
O1 - Hosts: 163.172.67.35 c5.ppy.sh
O1 - Hosts: 163.172.67.35 c6.ppy.sh
O1 - Hosts: 163.172.67.35 c7.ppy.sh
O1 - Hosts: 163.172.67.35 ce.ppy.sh
O1 - Hosts: 163.172.67.35 a.ppy.sh
O1 - Hosts: 163.172.67.35 i.ppy.sh
O4 - HKCU\..\Run: [WifiAudio] = C:\Users\Efe\Desktop\wifiaudio_windows.exe  (file missing)
O4 - HKLM\..\Run: [TabletDriver] = C:\PenTabletDriver\TabletDriver.exe -hide
O4 - MSConfig\startupreg: 07db318145681dc5e0cbb8c76a1a4fa9 [command] = C:\Users\Efe\AppData\Local\Temp\Windows Defender.exe .. (HKCU) (2018/08/01) (file missing)
O4 - MSConfig\startupreg: AdobeAAMUpdater-1.0 [command] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (HKLM) (2018/01/25) (file missing)
O4 - MSConfig\startupreg: AdobeCS6ServiceManager [command] = C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin (HKLM) (2018/01/25) (file missing)
O4 - MSConfig\startupreg: ipts [command] = C:\Users\Efe\Desktop\Dosyalar\ipts\ipts.exe -h (HKCU) (2018/01/25) (file missing)
O4-32 - HKLM\..\Run: [WTClient] = C:\Windows\system32\WTClient.exe
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O23 - Service R2: Arp Intelligent Protection Service - (AIPS) - C:\Program Files (x86)\netcut\services\AIPS.exe
O23 - Service R2: WinTab Service - (WinTabService) - C:\Windows\System32\Drivers\WTSRV.EXE
O23 - Service S2: Wallpaper Engine Service - C:\Users\Efe\Desktop\Dosyalar\Wallpaper Engine\bin\wallpaperservice32_c.exe Engine\bin\wallpaperservice32_c.exe (file missing)
 
Keylogger şüphesi
Daha önce Malwarebytes Premium ile tam tarama yaptım bi' kaç şey buldu onları sildim. KasperSky ile daha sonra tarattım pek bi'şey bulmadı ama yinede emin olamadım :/
Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x32 Windows 8.1 (Pro), 6.3.9600.0, Service Pack: 0
Time:      18.06.2019 - 15:53 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    eleman-2    (group: Administrator) on ELEMAN, FirstRun: yes

Chrome:  74.0.3729.169
Firefox: 66.0.4.7063
Internet Explorer: 11.0.9600.16384
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files\Google\Update\1.3.34.11\GoogleCrashHandler.exe
   1  C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe
   1  C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe
   1  C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
   1  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
   1  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
   1  C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
   1  C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
   1  C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
   1  C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
   1  C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
   1  C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
   1  C:\Users\eleman-2\Desktop\HiJackThis.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   2  C:\Windows\System32\nvvsvc.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  11  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\taskhostex.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\WinStore\WSHost.exe
   1  C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O2 - HKLM\..\BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O3 - HKLM\..\Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner.exe /MONITOR (2019/06/14)
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\eleman-2\AppData\Local\Discord\app-0.0.305\Discord.exe (2019/05/29)
O4 - HKCU\..\StartupApproved\Run: [gtarcade] = C:\Users\eleman-2\AppData\Local\Gtarcade\app\gtarcade.exe /auto_start=1 (2019/05/09)
O4 - HKLM\..\Run: [NvBackend] = C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
O4 - HKLM\..\StartupApproved\Run: [ShadowPlay] = C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart (2019/06/14)
O4 - HKLM\..\StartupApproved\Run: [SunJavaUpdateSched] = C:\Program Files\Common Files\Java\Java Update\jusched.exe (2019/06/15)
O17 - DHCP DNS 1: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E020814-BB36-4430-BB2E-05E2B5A09A96}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0E020814-BB36-4430-BB2E-05E2B5A09A96}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O22 - Task: \Microsoft\Windows\ApplicationData\CleanupTemporaryState - C:\Windows\system32 (file missing)
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 19.0.0 - (AVP19.0.0) - C:\Program Files\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe -r
O23 - Service R2: NVIDIA Display Driver Service - (nvsvc) - C:\Windows\system32\nvvsvc.exe
O23 - Service R2: NVIDIA GeForce Experience Service - (GfExperienceService) - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service R2: NVIDIA Network Service - (NvNetworkService) - C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service R2: NVIDIA Stereoscopic 3D Driver Service - (Stereo Service) - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service R2: NVIDIA Streamer Service - (NvStreamSvc) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
O23 - Service R3: NVIDIA Streamer Network Service - (NvStreamNetworkSvc) - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: HP SI Service - (HPSIService) - C:\Windows\system32\HPSIsvc.exe
O23 - Service S3: Kaspersky Secure Connection Hizmeti 3.0.0 - (KSDE3.0.0) - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe -r
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Steam Client Service - C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService



Debug information:

- 18.06.2019 15:52:58 - CryptCATAdminCalcHashFromFileHandle - #0 LastDllError = 193 (%1 geçerli bir Win32 uygulaması değil.) TRUST_E_NOSIGNATURE: Not signed File:  C:\Windows\system32

--
End of file - Time spent: 23 sec. - 12594 bytes, CRC32: FFFFFFFF. Sign: ᙙ췛
 
Bunları fixleyin

Kod: 
O4 - HKCU\..\StartupApproved\Run: [gtarcade] = C:\Users\eleman-2\AppData\Local\Gtarcade\app\gtarcade.exe /auto_start=1 (2019/05/09)
O22 - Task: \Microsoft\Windows\ApplicationData\CleanupTemporaryState - C:\Windows\system32 (file missing)
O23 - Service S3: HP SI Service - (HPSIService) - C:\Windows\system32\HPSIsvc.exe
 
Virüs şüphesi, dün eski USB'leri temizledim.
Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Pro), 10.0.18362.175 (ReleaseId: 1903), Service Pack: 0
Time:      19.06.2019 - 15:13 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Bonexq    (group: Administrator) on DESKTOP-IMLVEVI, FirstRun: no

Chrome:  74.0.3729.169
Edge:    11.0.18362.145
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Opera\Launcher.exe" -noautoupdate -- "%1" (Opera Internet Browser)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
   1  C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
   1  C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
   1  C:\Program Files\AMD\CNext\CNext\amdow.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
   1  C:\Program Files\AMD\Performance Profile Client\RyzenMaster\AUEPRyzenMasterAC.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\c0342855.inf_amd64_e2ef814e68f7dc8c\B342717\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\c0342855.inf_amd64_e2ef814e68f7dc8c\B342717\atiesrxx.exe
   2  C:\Windows\System32\RtkAudUService64.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   4  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\schtasks.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  65  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   3  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe
   1  D:\Corsair\CORSAIR iCUE Software\Corsair.Service.CpuIdRemote64.exe
   1  D:\Corsair\CORSAIR iCUE Software\Corsair.Service.DisplayAdapter.exe
   1  D:\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
   1  D:\MSI Afterburner\MSIAfterburner.exe
   1  D:\Masaüstü\HiJackThis\HiJackThis.exe
   1  D:\RivaTuner Statistics Server\EncoderServer.exe
   1  D:\RivaTuner Statistics Server\RTSS.exe
   1  D:\RivaTuner Statistics Server\RTSSHooksLoader64.exe

O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk    ->    (lnk is corrupted)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/06/18)
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Bonexq\AppData\Local\Discord\app-0.0.305\Discord.exe (2019/06/01)
O4 - HKCU\..\StartupApproved\Run: [Steam] = D:\Steam\steam.exe -silent (2019/06/01)
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\RtkAudUService64.exe -background
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run32: [CORSAIR iCUE Software] = D:\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe --autorun (2019/06/19)
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\c0342855.inf_amd64_e2ef814e68f7dc8c\B342717\atiesrxx.exe
O23 - Service R2: AMD User Experience Program Launcher - (AUEPLauncher) - C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
O23 - Service R2: Corsair Service - (CorsairService) - D:\Corsair\CORSAIR iCUE Software\Corsair.Service.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 19.0.0 - (AVP19.0.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe -r
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\RtkAudUService64.exe
O23 - Service S2: Kaspersky Secure Connection Hizmeti 3.0.0 - (KSDE3.0.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe -r
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: klvssbridge64_19.0.0 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe


--
End of file - Time spent: 16,5 sec. - 12804 bytes, CRC32: FFFFFFFF. Sign: ꠕ
 
Kaspersky var zaten. Zararlı silinmiş gözüküyor sistemde aktif zararlı görünmüyor ancak bunları yine de performans için fixleyin:

Kod: 
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\$McRebootA5E6DEAA56$.lnk    ->    (lnk is corrupted)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/06/18)
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run32: [CORSAIR iCUE Software] = D:\Corsair\CORSAIR iCUE Software\iCUE Launcher.exe --autorun (2019/06/19)
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service S2: Kaspersky Secure Connection Hizmeti 3.0.0 - (KSDE3.0.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe -r
 

Benzer konular

taylaan
HijackThis Log Paylaşımı
Mesaj
0
Görüntüleme
548
taylaan
taylaan
Niyazi Taşcı
Android Silinmeyen Trojan Virüsü Temizleme
Mesaj
5
Görüntüleme
5.687
quarest
quarest
Egeeymen
Kaspersky silinmeyen trojan
Mesaj
2
Görüntüleme
1.001
acv
A
B
Kaspersky Security Cloud trojan buldu
2 3
Mesaj
21
Görüntüleme
3.006
Murat5038
Murat5038
2
  • Makale
Rehber  Kaspersky Virus Removal Tool ile Zararlı Yazılım Temizliği
Mesaj
7
Görüntüleme
14.538
Windows 11 Bükücü
Windows 11 Bükücü

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı