Rehber HijackThis Log Paylaşımı ve Çözümleri

EmreSploit · 8 Eylül 2019

Kod:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 7 (Pro), 6.1.7601.24511, Service Pack: 1
Time:      08.09.2019 - 11:27 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    A    (group: Administrator) on A-BILGISAYAR, FirstRun: yes

Chrome:  76.0.3809.132
Internet Explorer: 11.0.9600.19431
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
   2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\A\Desktop\Kalacaklar\HiJackThis.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\StikyNot.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  13  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskeng.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe

O2-32 - HKLM\..\BHO: ScriptInjectionPluginBrowserHelperObject - {9F904093-6E18-4536-BF5F-B03689CF00F0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll
O3-32 - HKLM\..\Toolbar: Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\IEExt\ie_plugin.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] = C:\Windows\System32\StikyNot.exe
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (HKCU) (2019/08/25)
O17 - DHCP DNS 1: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{4E0D783D-8830-4712-BC91-FCF72F5FC649}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 20.0 - (AVP20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe -r
O23 - Service R2: Kaspersky Secure Connection Hizmeti 4.0 - (KSDE4.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe -r
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge. 20.0 - (klvssbridge64_20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe
O23 - Service S3: NVIDIA Update Service Daemon - (nvUpdatusService) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 22,2 sec. - 9418 bytes, CRC32: FFFFFFFF. Sign: ᢴ봧

Hocam kendi oluşturduğum payloadı açtım silemiyorum yardım eder misiniz?

Murat5038 · 8 Eylül 2019

Anormal görünen bir şey yok. Kaspersky algılar zaten onu.
Not uygulamasını kendin açmadıysan bunu fixle:

Kod:

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] = C:\Windows\System32\StikyNot.exe

EmreSploit · 8 Eylül 2019

Murat5038 dedi:
Anormal görünen bir şey yok. Kaspersky algılar zaten onu.
Not uygulamasını kendin açmadıysan bunu fixle:

Kod:

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] = C:\Windows\System32\StikyNot.exe

Ekran görüntüsünde ki virüs olabilir mi? Kaspersky ın veri tabanına nasıl bir virüsü rapor edebilirim? Bilgisayar yavaşladı algılayamadı zaten NoDistrubute sonucu 12/30 du.

Murat5038 · 8 Eylül 2019

Kali dosyası indiriyorsunuz zararlı tabi. Payton shell dosyası içeriğini görüğü için zararlı diyor.

Ersina · 8 Eylül 2019

Kod:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Home Single Language), 10.0.18362.329 (ReleaseId: 1903), Service Pack: 0
Time:      08.09.2019 - 20:24 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Ersin    (group: Administrator) on DESKTOP-9T9HL1V, FirstRun: yes

Chrome:  76.0.3809.132
Edge:    11.0.18362.329
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   8  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.34.11\GoogleCrashHandler64.exe
   1  C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPUF.exe
   1  C:\Program Files\Elantech\ETDCtrl.exe
   1  C:\Program Files\Elantech\ETDCtrlHelper.exe
   1  C:\Program Files\Elantech\ETDService.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1907.4-0\NisSrv.exe
   1  C:\Users\Ersin\Desktop\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0346453.inf_amd64_bc963e4e92e4ff40\B346420\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0346453.inf_amd64_bc963e4e92e4ff40\B346420\atiesrxx.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\drivers\AdminService.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\schtasks.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
  64  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\explorer.exe

O4 - HKCU\..\Run: [Bloody2] = C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe Minimum
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Ersin\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2019/08/20)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/08/20)
O4 - HKCU\..\StartupApproved\Run: [Wargaming.net Game Center] = C:\ProgramData\Wargaming.net\GameCenter\wgc.exe --background '' (2019/09/03)
O4 - HKLM\..\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [Cm108BSound] = C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe /h /d (2019/08/20)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (2019/08/20)
O4 - HKLM\..\StartupApproved\Run: [Start WingMan Profiler] = C:\Program Files\Logitech\Gaming Software\LWEMon.exe /noui (2019/08/20)
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0346453.inf_amd64_bc963e4e92e4ff40\B346420\atiesrxx.exe
O23 - Service R2: AMD User Experience Program Launcher - (AUEPLauncher) - C:\Program Files\AMD\Performance Profile Client\AUEPLauncher.exe
O23 - Service R2: AtherosSvc - C:\Windows\System32\drivers\AdminService.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.132\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService


--
End of file - Time spent: 47,9 sec. - 11324 bytes, CRC32: FFFFFFFF. Sign: 妵

Hocam, zahmet olmazsa bakabilir misiniz?

EmreSploit · 8 Eylül 2019

Kod:

O4 - HKCU\..\Run: [Bloody2] = C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe Minimum

Sanırım sadece bu var ama fixleme @Murat5038 bekleyelim.

Ersina · 8 Eylül 2019

EmreSploit dedi:
Kod:

O4 - HKCU\..\Run: [Bloody2] = C:\Program Files (x86)\Bloody7\Bloody7\Bloody7.exe Minimum.

Sanırım sadece bu var ama fixleme @Murat5038 bekleyelim.

Aslında onu bugün indirmiştim. Bloody A60 mouse için driver olması gerek, ilginiz için çok teşekkürler. Bir de Murat Hocam bakabilirse sevinirim. Kötü amaçlıysa, kaldırırım hemen "bloody7.exe"yi.

EmreSploit · 8 Eylül 2019

Ersina dedi:
Aslında onu bugün indirmiştim. Bloody A60 mouse için driver olması gerek, ilginiz için çok teşekkürler. Bir de Murat Hocam bakabilirse sevinirim. Kötü amaçlıysa, kaldırırım hemen "bloody7.exe"yi.

Emin değilim, o yüzden beklemek daha iyi olacaktır. Görürse cevap verir.

Murat5038 · 9 Eylül 2019

Sıkıntı yok zararlı yazılım olarak. Heralde kulaklık için ses sürücüsünden şüphelendiniz Çin ürünü olduğu için.
Ancak Ekran kartı sürücünü doğru kurmamışa benziyorsun DDU rehberine göre anlatımı uygulayıp güncel GPU sürücünü yüklemen iyi olur. Çözemezsen yeni konu açıp sorabilirsin. Hello'nun dediği bahsettiğin gibi fare klavye yazılımı sorun yok onda.

Ersina · 9 Eylül 2019

Ekran kartı sürücüsünü AMD'ye güncelleme mesajı geldiğinde hızlı yükleme deyip yapıyordum pek anlamıyorum, her şey için çok teşekkür ederim allah razı olsun.
DDU ile AMD ve NVIDIA sürücüsü kaldırma rehberi diye bir başlık buldum, oraya mı bakmam gerekiyor acaba?
Pek anlamadım kusura bakmayın o sorunu düzelttiğimde performans artışı yaşanır mı?

Rehber HijackThis Log Paylaşımı ve Çözümleri

Ayrıntılı düzenleme

HiJackThis

EmreSploit

Hectopat

Murat5038

Yottapat!

EmreSploit

Hectopat

Murat5038

Yottapat!

Ersina

Megapat

EmreSploit

Hectopat

Ersina

Megapat

EmreSploit

Hectopat

Murat5038

Yottapat!

Ersina

Megapat

Benzer konular

Technopat Haberler

Yeni konular

Yeni mesajlar

Gizliliğinize önem veriyoruz