ilkansmsrl
Centipat
- Katılım
- 2 Ocak 2020
- Mesajlar
- 9
Hijackthis logu oluşturun.
HijackThis Log Paylaşımı ve Çözümleri
Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...www.technopat.net
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Home Single Language), 10.0.18363.535 (ReleaseId: 1909), Service Pack: 0
Time: 03.01.2020 - 00:35 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: SelenityTeknoloji (group: Administrator) on DESKTOP-3NAU8E1, FirstRun: yes
Chrome: 79.0.3945.88
Edge: 11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.5.245.0\AvastBrowserCrashHandler64.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
2 C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\WindowsApps\AppleInc.iTunes_12103.1.43048.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11912.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19112.111.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxOutlook.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.12228.20356.0_x64__8wekyb3d8bbwe\HxTsr.exe
4 C:\Users\SelenityTeknoloji\AppData\Local\Discord\app-0.0.305\Discord.exe
1 C:\Users\SelenityTeknoloji\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\SelenityTeknoloji\Desktop\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\SysWOW64\esif_uf.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxEM.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\WirelessKB850NotificationService.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
80 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\Temp\DPTF\esif_assist_64.exe
1 C:\Windows\explorer.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O4 - HKCU\..\Run: [AvastBrowserAutoLaunch_F0943149F0094006DAF9A30C5001C908] = C:\Program Files (x86)\AVAST Software\Browser\Application\AvastBrowser.exe --check-run=src=logon --onboarding-at-startup
O4 - HKCU\..\Run: [Discord] = C:\Users\SelenityTeknoloji\AppData\Local\Discord\app-0.0.305\Discord.exe
O4 - HKCU\..\Run: [OneDrive] = C:\Users\SelenityTeknoloji\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/08/13)
O4 - HKCU\..\StartupApproved\Run: [iCloudDrive] = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe (file missing) (2020/01/02)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [VBoxTray] = C:\Windows\System32\VBoxTray.exe
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui (file missing) (2020/01/02)
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O17 - DHCP DNS 1: 192.168.2.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: ESIF Upper Framework Service - (esifsvc) - C:\WINDOWS\SysWOW64\esif_uf.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Microsoft Office Tıkla-Çalıştır Hizmeti - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: MySQL80 - C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe --defaults-file="C:\ProgramData\MySQL\MySQL Server 8.0\my.ini" MySQL80
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: Wireless Keyboard 850 Notification Service - (WirelessKB850NotificationService) - C:\WINDOWS\System32\WirelessKB850NotificationService.exe
O23 - Service S2: Avast Browser Güncelleme Hizmeti (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver (file missing)
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Avast Browser Güncelleme Hizmeti (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc
O23 - Service S3: Avast Secure Browser Elevation Service - (AvastSecureBrowserElevationService) - C:\Program Files (x86)\AVAST Software\Browser\Application\77.2.2154.121\elevation_service.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.88\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHDCPSvc.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_463164d40c3d26ce\IntelCpHeciSvc.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Visual Studio Standard Collector Service 150 - (VSStandardCollectorService150) - C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe
--
End of file - Time spent: 20,3 sec. - 21556 bytes, CRC32: FFFFFFFF. Sign: 䂎夦
selam , 3 gün önce kredi kartı bilgilerim çalındı , bende bu bilgisayarımdan çalındığına dair şüphelerim var yardımcı olurmusun ? farbarBu şekilde ağ paketlerini analiz ile bulunur ama uğraştırıcı olduğundan sistemine bir güvenlik yazılımı kurup taratman zaman kaybetmemek açısından daha mantıklı. Ama temiz çıkarsa yine de şüphe edersen Farbar Recovery Scan Tool raporu paylaşırsanız inceleyebiliriz.
C:\Windows\RtkBtManServ.exe
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O17 - DHCP DNS 1: 192.168.2.1
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
Avast'ı kaldırın, onun yerine başka bir güvenlik yazılımı yükleyin. (Avastı kaldırırdıktan sonra bilgisayarınızı yeniden başlatın, yeni güvenlik yazılımını kurduktan sonra tekrar yeniden başlatın.)
Herhangi bir zararlı görünmüyor.
Sadece şu dosyayı Drive'a upload edebilir misiniz?
Kod:C:\Windows\RtkBtManServ.exe
Verdiğim satırları fixleyin: (Hijackthis'de)
Daha sonra bilgisayarınızı yeniden başlatın. Bilgisayarınızda internet bağlantısıyla ilgili sıkıntı oluştuysa bildirin.Kod:R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex O17 - DHCP DNS 1: 192.168.2.1 O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file) R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
Malwarebytes ile sisteminizi taratın, tarama sonucunu log olarak paylaşın.
Farbar logunu kontrol edeceğim birazdan.
Dosya orijinalmiş, sıkıntı yok.
Malwarebytes Ad-Ware bulmuş. Tarama motorunu değiştiren tiplerden, bunun kredi kartı bilgilerini çalacak kadar sıkıntı yaratacağını sanmıyorum. Avast ayakta uyuyordu herhalde o sırada...
Bundan sonrasını @Murat5038 ve @24099 'a bırakıyorum. Yarına birkaç işim var, o sırada onlar senle ilgilenir diye düşünüyorum. Şu an dinlenmem lazım, olmadı yarın onlardan önce konuya bakma fırsatım olursa yine ilgilenirim senle.
Zaten tüm istenilen raporları verdin, ikisi de bilgili kişiler. İnceleyip ne yapman gerektiğini söylerler.