Rehber HijackThis Log Paylaşımı ve Çözümleri

1543056134722.png


Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.



Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...
www.technopat.net www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

1543056459730.png


4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

1543053000396.png


5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
1543053111358.png


6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

1543053449185.png



*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

1543053710016.png

Kod'a tıklayın.

1543053809056.png


Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.
1543054420492.png
 
Son düzenleme:
Genişletmek için tıkla...
Konuyla alakasız ancak SystemLookup yerine daha detaylı, hijackthis.de benzeri bu logları kontrol edeceğimiz site veya yazılım mevcut mudur? hijackthis.de erişime kapatılmış. Gerçi bu tarz yardımcı sitelere gerek duymuyorum fazla ama şüpheli bir şey gördüğümde kullanıcıdan dosyayı paylaşmasını istemek yerine dosyayı kontrol etmek daha güvenilir hissettiriyor.
@Murat5038
 
ilkansmsrl dedi:
hxoutlook.exe'nin zararlı olma ihtimali var mı ?
Genişletmek için tıkla...
Hayır yok, MS üreticisi.
102035 dedi:
bu logları kontrol edeceğimiz site veya yazılım mevcut mudur?
Genişletmek için tıkla...
Logları sitelerden kontrol etmiyoruz. En azından ben etmiyorum :) Bilgim dahilinde onarılacakları belirtiyorum.
102035 dedi:
kullanıcıdan dosyayı paylaşmasını istemek yerine dosyayı kontrol etmek daha güvenilir hissettiriyor.
Genişletmek için tıkla...
Dosyayı isimle Google aramasıyla bulabilirsiniz genel bir adı yoksa dosya isteyip veya VT raporuyla kontrol edebilirsiniz.
Alternatif zararlı tanımlama yazılımlarını rehberlerimi biliyor olman lazım onları alternatif olarak arada kullandırıyorum kişilere.
 
Murat5038 dedi:
Logları sitelerden kontrol etmiyoruz. En azından ben etmiyorum :) Bilgim dahilinde onarılacakları belirtiyorum.
Genişletmek için tıkla...
Ben henüz yeni Hijackthis'in mantığını anladığımdan, bazı satırları kontrol etme gereksinimi duyuyorum emin olmak için. Halen doğru olduğuna emin olduğum halde satırları fixletirken tedirgin oluyorum istemsizce.
Murat5038 dedi:
Alternatif zararlı tanımlama yazılımlarını rehberlerimi biliyor olman lazım onları alternatif olarak arada kullandırıyorum kişilere.
Genişletmek için tıkla...
Biliyorum, dediğim gibi demek istediğim o değildi. Yanlış ifade etmişim kendimi. :)

Orada asıl demek istediğim bu tür sitelerin databaseine bakıp süreci hızlandırmakla ilgiliydi. Zira kullanıcı bazen nasıl upload edeceğini anlamıyor, bazı işlemleri nasıl yapacağını bilmiyor. Bu da yaklaşık olarak yarım saat, kırk beş dakikalık yanıt gecikmelerine sebep oluyor. :)

Bana verilen, indirdiğim dosyayı Kaspersky Advisor, virustotal üzerinden kontrol ediyorum. Gereken durumlarda Hybrid Analysis veya kendi sanal makinem üzerinden genelde dinamik olarak analiz ediyorum. Regshot, Process Hacker, Capture Bat, Autoruns gibi çeşitli yazılımlarla.
 
Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Home Single Language), 10.0.18362.535 (ReleaseId: 1903), Service Pack: 0
Time:      05.01.2020 - 14:20 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    süleyman    (group: Administrator) on LAPTOP-7T6C30UQ, FirstRun: no

Chrome:  79.0.3945.88
Edge:    11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\CyberLink\PowerDVD14\PDVD14Serv.exe
  10  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.CompanionApp.exe
   3  C:\Program Files (x86)\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
   1  C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc_P2G8.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
   1  C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
   1  C:\Program Files\CONEXANT\SAII\CxUtilSvc.exe
   1  C:\Program Files\CONEXANT\SAII\SmartAudio.exe
   1  C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
   1  C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
   1  C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe
   1  C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
   1  C:\Program Files\Lenovo\ImController\PluginHost\Lenovo.Modern.ImController.PluginHost.SettingsApp.exe
   1  C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
   1  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
   1  C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
   1  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
   1  C:\Users\süleyman\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
   1  C:\Users\süleyman\AppData\Local\Microsoft\OneDrive\OneDrive.exe
   1  C:\Users\süleyman\Desktop\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\CxAudMsg64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxEM.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SASrv.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\Taskmgr.exe
   2  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   3  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\ibtsiva.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  78  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://lenovo17win10.msn.com/?pc=LCTE
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: is empty
O4 - HKCU\..\Run: [OneDrive] = C:\Users\süleyman\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2018/09/06)
O4 - HKLM\..\Run: [DAX2_APP] = C:\Program Files\Dolby\Dolby DAX2\DAX2_APP\DolbyDAX2TrayIcon.exe -Hide
O4 - HKLM\..\Run: [ForteConfig] = C:\Program Files\Conexant\ForteConfig\fmapp.exe
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [ShadowPlay] = C:\Windows\system32\nvspcap64.dll C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
O4 - HKLM\..\Run: [cAudioFilterAgent] = C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
O4 - HKLM\..\StartupApproved\Run: [LenovoUtility] = C:\Program Files\Lenovo\LenovoUtility\utility.exe (2019/07/26)
O4 - HKLM\..\StartupApproved\Run: [SmartAudio] = C:\Program Files\CONEXANT\SAII\SACpl.exe /t /delay:30 (2018/09/06)
O17 - DHCP DNS 1: 178.233.140.110
O17 - DHCP DNS 2: 46.197.15.60
O17 - DHCP DNS 3: 176.240.150.250
O18 - HKLM\Software\Classes\Protocols\Handler\sacore: [CLSID] = {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll
O23 - Service R2: Conexant Audio Message Service - (CxAudMsg) - C:\WINDOWS\system32\CxAudMsg64.exe
O23 - Service R2: Conexant SmartAudio service - (SAService) - C:\WINDOWS\system32\SAsrv.exe
O23 - Service R2: CxUtilSvc - C:\Program Files\Conexant\SAII\CxUtilSvc.exe
O23 - Service R2: Dolby DAX2 API Service - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\system32\ibtsiva.exe
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\igfxCUIService.exe
O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugin"
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: System Interface Foundation Service - (ImControllerService) - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_1a33d2f73651d989\IntelCpHeciSvc.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe


--
End of file - Time spent: 31,9 sec. - 21006 bytes, CRC32: FFFFFFFF. Sign: 㫤뷕

%100 disk sorunu ve kasma var sorun nedir sizce?
 
Performans düşüşü yaşıyorum sorun nedir acaba ?

Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Pro), 10.0.18362.535 (ReleaseId: 1903), Service Pack: 0
Time:      05.01.2020 - 14:27 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Yavuz    (group: Administrator) on DESKTOP-30563B6, FirstRun: yes

Edge:    11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Users\Yavuz\AppData\Local\Programs\Opera GX\Launcher.exe" -noautoupdate -- "%1" (Opera GX Internet Browser)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files\GIGABYTE\SmartSwitch\GSBSVR.exe
   1  C:\Program Files\GIGABYTE\SmartSwitch\GSmartSwitch.exe
   1  C:\Program Files\Logitech Gaming Software\ArxApplets\Discord\logitechg_discord.exe
   1  C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
   1  C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
   1  C:\Program Files\Logitech Gaming Software\LCore.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingApp_1912.1001.6.0_x64__8wekyb3d8bbwe\app\XboxAppServices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsStore_11911.1001.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19111.85.0_x64__8wekyb3d8bbwe\YourPhone.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
   1  C:\Users\Yavuz\Desktop\HiJackThis.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   6  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   2  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\pacjsworker.exe
   2  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  76  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\explorer.exe

O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 redshell.io.
O1 - Hosts: 127.0.0.1 api.redshell.io.
O1 - Hosts: 127.0.0.1 treasuredata.com.
O1 - Hosts: 127.0.0.1 api.treasuredata.com.
O1 - Hosts: 127.0.0.1 in.treasuredata.com.
O1 - Hosts: 0.0.0.0 redshell.io.
O1 - Hosts: 0.0.0.0 api.redshell.io.
O1 - Hosts: 0.0.0.0 treasuredata.com.
O1 - Hosts: 0.0.0.0 in.treasuredata.com.
O1 - Hosts: 0.0.0.0 api.treasuredata.com
O4 - HKCU\..\Run: [Web Companion] = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (file missing)
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Yavuz\AppData\Local\Discord\app-0.0.305\Discord.exe (2019/10/29)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2019/11/24)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Yavuz\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2019/10/29)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\Yavuz\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2019/10/29)
O4 - HKCU\..\StartupApproved\Run: [Steam] = D:\steam\steam.exe -silent (2019/10/29)
O4 - HKCU\..\StartupApproved\Run: [uTorrent] = C:\Users\Yavuz\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (2019/11/24)
O4 - HKLM\..\Run: [Launch LCore] = C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [UrbanVPN] = C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe /checknow -minuseractions -startappfirst -restartapp "C:\Program Files\UrbanVPN\bin\urbanvpn-gui.exe" (file missing) (2019/11/24)
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O17 - DHCP DNS 1: 192.168.1.1
O23 - Service R2: GamingServices - C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: GamingServicesNet - C:\Program Files\WindowsApps\Microsoft.GamingServices_1.35.26001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: GigabyteStartButtonService - C:\Program Files\GIGABYTE\SmartSwitch\GSBSVR.exe
O23 - Service R2: Logitech Gaming Registry Service - (LogiRegistryService) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: UrbanVPNServiceInteractive - C:\Program Files\UrbanVPN\bin\urbanvpnserv.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: UrbanVPNUpdater - C:\Program Files\UrbanVPN\UrbanVPNUpdater.exe /runservice


--
End of file - Time spent: 18,1 sec. - 16424 bytes, CRC32: FFFFFFFF. Sign: ⶈ㆖
 
Bilgisayarda birşeyler cidden yanlış gidiyormuş gibi geliyor.

Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Home), 10.0.18363.535 (ReleaseId: 1909), Service Pack: 0
Time:      05.01.2020 - 23:33 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    FarukMan    (group: Administrator) on XIAOMIGINEER, FirstRun: no

Chrome:  79.0.3945.88
Edge:    11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
   1  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
   1  C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\Common Files\Steam\SteamService.exe
  10  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Nox\bin\nox_adb.exe
   1  C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.4\Lightshot.exe
   1  C:\Program Files (x86)\Steam\Steam.exe
   7  C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
   1  C:\Program Files\Bitdefender Agent\DiscoverySrv.exe
   1  C:\Program Files\Bitdefender Agent\ProductAgentService.exe
   1  C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
   1  C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
   3  C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
   1  C:\Program Files\Bitdefender\Bitdefender Security\bdwtxag.exe
   1  C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
   1  C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
   3  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeApp.exe
   1  C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
   1  C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
   1  C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBar.exe
   1  C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_3.36.6003.0_x64__8wekyb3d8bbwe\GameBarFT.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19112.113.0_x64__8wekyb3d8bbwe\YourPhone.exe
   1  C:\Users\Ömer Faruk\AppData\Local\Microsoft\OneDrive\OneDrive.exe
   1  C:\Users\Ömer Faruk\Desktop\HiJackThis.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\SysWOW64\esif_uf.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\ICEsoundService64.exe
  10  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\SystemSettingsBroker.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   3  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\drivers\AdminService.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  86  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\Temp\DPTF\esif_assist_64.exe
   1  C:\Windows\explorer.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2261465 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2261465 - Yandex
O2 - HKLM\..\BHO: Bitdefender Cüzdanı - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll
O2 - HKLM\..\BHO: Bitdefender Trackers Blocking - {159ff5d5-55f1-4d2f-b706-767a55f77abb} - C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll
O2-32 - HKLM\..\BHO: Bitdefender Cüzdanı - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll
O2-32 - HKLM\..\BHO: Bitdefender Trackers Blocking - {159ff5d5-55f1-4d2f-b706-767a55f77abb} - C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll
O3 - HKLM\..\Toolbar: Bitdefender Cüzdanı - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll
O3-32 - HKLM\..\Toolbar: Bitdefender Cüzdanı - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Ömer Faruk\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4-32 - HKLM\..\Run: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O9 - Button: HKLM\..\{159ff5d5-55f1-4d2f-b706-767a55f77abb}: Bitdefender Anti-tracker - C:\Program Files\Bitdefender\Bitdefender Security\bdtbie.dll
O9-32 - Button: HKLM\..\{159ff5d5-55f1-4d2f-b706-767a55f77abb}: Bitdefender Anti-tracker - C:\Program Files\Bitdefender\Bitdefender Security\antispam32\bdtbie.dll
O17 - DHCP DNS 1: 208.67.222.222 (Well-known DNS: Cisco OpenDNS)
O17 - DHCP DNS 2: 208.67.220.220 (Well-known DNS: Cisco OpenDNS)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C98CD17-3A69-4864-BD36-4EE9A153602B}: [NameServer] = 208.67.220.220 (Well-known DNS: Cisco OpenDNS)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C98CD17-3A69-4864-BD36-4EE9A153602B}: [NameServer] = 208.67.222.222 (Well-known DNS: Cisco OpenDNS)
O22 - Task (.job): (Ready) update-S-1-5-21-2031535808-1963324558-1869793640-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task (.job): (Ready) update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O23 - Service R2: AtherosSvc - C:\WINDOWS\System32\drivers\AdminService.exe
O23 - Service R2: Bitdefender Auxiliary Service - (BDAuxSrv) - C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe "settings/services/configs/bdauxsrv_config.json"
O23 - Service R2: Bitdefender Cihaz Yönetim Servisi - (DevMgmt Servisi) - C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
O23 - Service R2: Bitdefender Desktop Update Service - (UPDATESRV) - C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe /service
O23 - Service R2: Bitdefender Protected Service - (BDProtSrv) - C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe "settings\services\configs\bdprotsrv_config.json"
O23 - Service R2: Bitdefender RedLine Service - (bdredline) - C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
O23 - Service R2: Bitdefender Virus Shield - (VSSERV) - C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe "settings/services/configs/bdshieldsrv_config.json"
O23 - Service R2: ESIF Upper Framework Service - (esifsvc) - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service R2: ICEsound Service - (ICEsoundService) - C:\WINDOWS\system32\ICEsoundService64.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: ProductAgentService - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\WINDOWS\system32\EasyAntiCheat.exe  (file missing)
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe


--
End of file - Time spent: 23,5 sec. - 22644 bytes, CRC32: FFFFFFFF. Sign: ᙘ櫓
Yardımcı olabilirmisiniz?
 
Murat5038 dedi:
Burada sol altta sürümü takip edebilirsin şu an sonu 535 ile biten sürüm çıkmış ortalama 1 ay sonra tekrar güncellenecek o zaman yaparsın.
Genişletmek için tıkla...

@Murat5038 Merhaba hocam. Yaklaşık 1 ay önce sonu 535 ile biten sürüm tekrar güncellenecek demiştiniz. Bende bekledim. Şuan benim kullandığım 1903 sürümü. Dediğiniz sayfada: 10 Aralık 2019—KB4530684 (İS Derlemesi 18362.535 ve 18363.535) sol alt en üste bu sürüm çıkmış.
1 ay sonra tekrar güncellenecek dediğiniz sürüm bu mu?


Benim Windows uptade sayfamda: İsteğe bağlı güncelleştirmelerde Windows 10, sürüm 1909 özellik güncelleştirmesi hala duruyor.

Bu isteğe bağlı güncelleştirmeyi şimdi yapayım mı?
Ayrıca Windows update - Gelişmiş seçenek ayarlarımın böyle mi olması lazım? Ben hiç kurcalamadım.

Adsız.png
 

Benzer konular

taylaan
HijackThis Log Paylaşımı
Mesaj
0
Görüntüleme
543
taylaan
taylaan
Niyazi Taşcı
Android Silinmeyen Trojan Virüsü Temizleme
Mesaj
5
Görüntüleme
5.684
quarest
quarest
Egeeymen
Kaspersky silinmeyen trojan
Mesaj
2
Görüntüleme
999
acv
A
B
Kaspersky Security Cloud trojan buldu
2 3
Mesaj
21
Görüntüleme
3.002
Murat5038
Murat5038
2
  • Makale
Rehber  Kaspersky Virus Removal Tool ile Zararlı Yazılım Temizliği
Mesaj
7
Görüntüleme
14.510
Windows 11 Bükücü
Windows 11 Bükücü

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı