Weil
Hectopat
Daha fazla
- Cinsiyet
- Erkek
Arkadaşlar ben virüslerden pek anlamıyorum ama buraya detaylarını yazsam bıraksam ne yaptıklarını söyleyebilir misiniz? (hepsini sildim)
Malwarebytes.
www.malwarebytes.com
-Log details-
Scan date: 6/24/22
Scan time: 4:13 pm.
Log file: 75F52C30-F3BF-11EC-BF76-C86000C2AC51.JSON
-Software ınformation-
Version: 4.5.10.200
Components version: 1.0.1702
Update package version: 1.0.56431
License: Expired.
-System ınformation-
OS: Windows 10 (Build 19043.1766)
CPU: X64.
FILE_SYSTEM: NTFS.
User: Ramazan\Taha
-Scan summary-
Scan type: Threat scan.
Scan ınitiated by: Manual.
Result: Completed.
Objects scanned: 390720.
Threats detected: 21.
Threats quarantined: 0
Time elapsed: 31min, 21 sec.
-Scan options-
Memory: Enabled.
Startup: Enabled.
Filesystem: Enabled.
Archives: Enabled.
Rootkits: Disabled.
Heuristics: Enabled.
PUP: Detect.
Pum: Detect.
-Scan details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry key: 0
(No malicious items detected)
Registry Value: 2
Hijack.ShellA.Gen, HKU\S-1-5-21-3864794157-38443501-2021218406-1002\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, no Action by user, 5884, 187664, 1.0.56431, ame,
Malware. AI. 4161839904, HKU\S-1-5-21-3864794157-38443501-2021218406-1002\SOFTWARE\MICROSOFT\WINDOWS\currentversıon\run|runtime Explorer, no Action by user, 1000000, -133127392,
Registry data: 0
(No malicious items detected)
Data stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 19.
Malware. AI. 4161839904, C:\USERS\TAHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Microsoft startup. Lnk, no Action by user, 1000000, -133127392, 6B430D2A7a3C048215AB8168775538e6, 8784330E1E78D40949ade8D8DA700D50DE82E7A4FD215F59F5e8fDF24F01D4F0
Malware. AI. 4161839904, C:\WINDOWS\IMF\WINDOWS SERVICES.EXE, no Action by user, 1000000, -133127392, 1.0.56431, 8647A81D87997A7BF810A320, dds, 01829120, AD0CE1302147fbdfecaEC58480Eb9CF9, 2C339B52b82E73B4698A0110CDFE310C00C5C69078E9e1bd6FA1308652BF82a3
Malware. AI. 4265939639, C:\USERS\TAHA\APPDATA\ROAMING\KRNL\KRNL.DLL, no Action by user, 1000000, -29027657, 1.0.56431, 1E3BA0209069C44EFE4512b7, dds, 01829120, 9E2036038FD66313A622246A3C9e2b49, 2afae7cCE7984F82E438005ef9F4F759CBC7aec0dd7CC2A82B253CE68DFD8089
Trojan. Injector. Msıl. Generic, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-
2021218406-1002\$REPSXTB\KRNLSS.EXE, no Action by user, 10793, 1051812, 1.0.56431, ame, 3B26E9F4768E695A004F9b3D41A1BB18, 45CF955A5C297aead5beb7aEB826F2Ff7EC75E54A06D30969E191318DC1210a1
Riskware. Agent, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RI7R16U.EXE, no Action by user, 3781, 1051449, 1.0.56431, ame, 8bCF631A1E054E61A64E0F08B4436415, D8b2b5cef4DA65C98C75D21DB8F0a2C3ED075F3C1a8C9D0eDD3481A46aba7917
Malware. AI. 4275082616, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RQ6AL2K\KRNL.DLL, no Action by user, 1000000, -19884680, 1.0.56431, FE33B8CDd0bfa0b8fed09578, dds, 01829120, 44303EBF3ef8e7EF63DCFDd27A31560D, 67B006A77419CF7fd2E10DE2F38C772914C9E5702428A46284C300C73F016639
Trojan. Injector. Msıl. Generic, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RSDDP21\KRNLSS.EXE, no Action by user, 10793, 1051812, 1.0.56431, ame, 3B26E9F4768E695A004F9b3D41A1BB18, 45CF955A5C297aead5beb7aEB826F2Ff7EC75E54A06D30969E191318DC1210a1
Adware. Installunion, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$REO30Y6.EXE, no Action by user, 749, 971435, 1.0.56431, ame, D95304D22479D196942a8E188113884C, CC8884209D49144B756C86A3A65385307C06415776863eeEC0746438ff8D3e36
Riskware. Agent, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$REPSXTB\KRNL_BOOTSTRAPPER.EXE, no Action by user, 3781, 1051449, 1.0.56431, ame, 8bCF631A1E054E61A64E0F08B4436415, D8b2b5cef4DA65C98C75D21DB8F0a2C3ED075F3C1a8C9D0eDD3481A46aba7917
Malware. AI. 628167513, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RZ4ZEHH.EXE, no Action by user, 1000000, 628167513, 1.0.56431, 08b3D77F548C6b5F25711359, dds, 01829120, FA925B8Ce50B80A5F0E461585B09b578, 7F1C6377962dbEF12CE91C1F3576D9590053CEc69D0F6E613A0Be8e7F5030FCe
Riskware. Dllınjector, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RQ6AL2K\KRNLSS.EXE, no Action by user, 6908, 923896, 1.0.56431, ame, b1BBC709A59AF5442CE41df6C898D4CC, 088F351A85A64B88FAF31298557B9C74BCF9e9A386BF4AF67EEB2B123CEE2ce8
PUP. Optional. Offercore, C:\USERS\TAHA\DOWNLOADS\DRVING Simulator autofarm - lınkvertıse downloader. ZIP, no Action by user, 536, 983817, 1.0.56431, ame, 009C13D766b2D60C7BAAF526727C087b, 1211C2AE6D35EC904e0E90B06419CC11CAC83EE4042D1C8FE36BAC053fb092C6
Adware. Installunion, C:\USERS\TAHA\DESKTOP\EVON exploıt V3_09617.EXE, no Action by user, 749, 971435, 1.0.56431, ame, D95304D22479D196942a8E188113884C, CC8884209D49144B756C86A3A65385307C06415776863eeEC0746438ff8D3e36
Adware. Installunion, C:\USERS\TAHA\APPDATA\LOCAL\TEMP\SCOPED_DIR7384_2026635366\EVON exploıt V3_09617.EXE, no Action by user, 749, 971435, 1.0.56431, ame, D95304D22479D196942a8E188113884C, CC8884209D49144B756C86A3A65385307C06415776863eeEC0746438ff8D3e36
PUP. Optional. Offercore, C:\USERS\TAHA\DOWNLOADS\DRIVING Simulator - lınkvertıse downloader. ZIP, no Action by user, 536, 983817, 1.0.56431, ame, B66D2826270313FB6754BA683C57162a, 5A133E7EAB00DCF34D88B822a0F127C32D5FD12760268DA40D65842A74BA4289
Riskware. Openbullet, C:\USERS\TAHA\DOWNLOADS\OPENBULLET 1.4.4[ANOMALY].RAR, no Action by user, 8186, 1019636, 1.0.56431, 8C6ca8B674494060FD674ECC, dds, 01829120, 962185CF304D545E61E5037444b8D5FE, 01DF80D4F674430880A671A4DB8AD171A4F6C6BB3390E6137998D2951E085BE1
Malware. AI. 4070522205, C:\USERS\TAHA\DOWNLOADS\SETUP.ZIP, no Action by user, 1000000, -224445091, 1.0.56431, A58495DA5B393B22F29F3D5D, dds, 01829120, 730dFB65104501240DC44552A97F1fa6, F03deaEF368EE3a9B82E053ecb7cb3e6b0adCA50C4D8a9F5E41582C228e89D96
Trojan. Injector. Msıl. Generic, C:\USERS\TAHA\DOCUMENTS\KRNL\KRNLSS.EXE, no Action by user, 10793, 1051812, 1.0.56431, ame, 3B26E9F4768E695A004F9b3D41A1BB18, 45CF955A5C297aead5beb7aEB826F2Ff7EC75E54A06D30969E191318DC1210a1
PUP. Optional. Offercore, C:\USERS\TAHA\DOWNLOADS\COMPRESSED\DRIVING Simulator scrıpt - lınkvertıse downloader. ZIP, no Action by user, 536, 983817, 1.0.56431, ame, 595537EA821edbCF8240190D699C3C4C, B45C05AFED351D89F8AEF4369D23a85D9C8413DFbffBE955D2A73FF3598DB7C3
Physical sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(End)
Malwarebytes.
www.malwarebytes.com
-Log details-
Scan date: 6/24/22
Scan time: 4:13 pm.
Log file: 75F52C30-F3BF-11EC-BF76-C86000C2AC51.JSON
-Software ınformation-
Version: 4.5.10.200
Components version: 1.0.1702
Update package version: 1.0.56431
License: Expired.
-System ınformation-
OS: Windows 10 (Build 19043.1766)
CPU: X64.
FILE_SYSTEM: NTFS.
User: Ramazan\Taha
-Scan summary-
Scan type: Threat scan.
Scan ınitiated by: Manual.
Result: Completed.
Objects scanned: 390720.
Threats detected: 21.
Threats quarantined: 0
Time elapsed: 31min, 21 sec.
-Scan options-
Memory: Enabled.
Startup: Enabled.
Filesystem: Enabled.
Archives: Enabled.
Rootkits: Disabled.
Heuristics: Enabled.
PUP: Detect.
Pum: Detect.
-Scan details-
Process: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registry key: 0
(No malicious items detected)
Registry Value: 2
Hijack.ShellA.Gen, HKU\S-1-5-21-3864794157-38443501-2021218406-1002\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|SHELL, no Action by user, 5884, 187664, 1.0.56431, ame,
Malware. AI. 4161839904, HKU\S-1-5-21-3864794157-38443501-2021218406-1002\SOFTWARE\MICROSOFT\WINDOWS\currentversıon\run|runtime Explorer, no Action by user, 1000000, -133127392,
Registry data: 0
(No malicious items detected)
Data stream: 0
(No malicious items detected)
Folder: 0
(No malicious items detected)
File: 19.
Malware. AI. 4161839904, C:\USERS\TAHA\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\STARTUP\Microsoft startup. Lnk, no Action by user, 1000000, -133127392, 6B430D2A7a3C048215AB8168775538e6, 8784330E1E78D40949ade8D8DA700D50DE82E7A4FD215F59F5e8fDF24F01D4F0
Malware. AI. 4161839904, C:\WINDOWS\IMF\WINDOWS SERVICES.EXE, no Action by user, 1000000, -133127392, 1.0.56431, 8647A81D87997A7BF810A320, dds, 01829120, AD0CE1302147fbdfecaEC58480Eb9CF9, 2C339B52b82E73B4698A0110CDFE310C00C5C69078E9e1bd6FA1308652BF82a3
Malware. AI. 4265939639, C:\USERS\TAHA\APPDATA\ROAMING\KRNL\KRNL.DLL, no Action by user, 1000000, -29027657, 1.0.56431, 1E3BA0209069C44EFE4512b7, dds, 01829120, 9E2036038FD66313A622246A3C9e2b49, 2afae7cCE7984F82E438005ef9F4F759CBC7aec0dd7CC2A82B253CE68DFD8089
Trojan. Injector. Msıl. Generic, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-
2021218406-1002\$REPSXTB\KRNLSS.EXE, no Action by user, 10793, 1051812, 1.0.56431, ame, 3B26E9F4768E695A004F9b3D41A1BB18, 45CF955A5C297aead5beb7aEB826F2Ff7EC75E54A06D30969E191318DC1210a1
Riskware. Agent, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RI7R16U.EXE, no Action by user, 3781, 1051449, 1.0.56431, ame, 8bCF631A1E054E61A64E0F08B4436415, D8b2b5cef4DA65C98C75D21DB8F0a2C3ED075F3C1a8C9D0eDD3481A46aba7917
Malware. AI. 4275082616, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RQ6AL2K\KRNL.DLL, no Action by user, 1000000, -19884680, 1.0.56431, FE33B8CDd0bfa0b8fed09578, dds, 01829120, 44303EBF3ef8e7EF63DCFDd27A31560D, 67B006A77419CF7fd2E10DE2F38C772914C9E5702428A46284C300C73F016639
Trojan. Injector. Msıl. Generic, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RSDDP21\KRNLSS.EXE, no Action by user, 10793, 1051812, 1.0.56431, ame, 3B26E9F4768E695A004F9b3D41A1BB18, 45CF955A5C297aead5beb7aEB826F2Ff7EC75E54A06D30969E191318DC1210a1
Adware. Installunion, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$REO30Y6.EXE, no Action by user, 749, 971435, 1.0.56431, ame, D95304D22479D196942a8E188113884C, CC8884209D49144B756C86A3A65385307C06415776863eeEC0746438ff8D3e36
Riskware. Agent, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$REPSXTB\KRNL_BOOTSTRAPPER.EXE, no Action by user, 3781, 1051449, 1.0.56431, ame, 8bCF631A1E054E61A64E0F08B4436415, D8b2b5cef4DA65C98C75D21DB8F0a2C3ED075F3C1a8C9D0eDD3481A46aba7917
Malware. AI. 628167513, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RZ4ZEHH.EXE, no Action by user, 1000000, 628167513, 1.0.56431, 08b3D77F548C6b5F25711359, dds, 01829120, FA925B8Ce50B80A5F0E461585B09b578, 7F1C6377962dbEF12CE91C1F3576D9590053CEc69D0F6E613A0Be8e7F5030FCe
Riskware. Dllınjector, C:\$RECYCLE.BIN\S-1-5-21-3864794157-38443501-2021218406-1002\$RQ6AL2K\KRNLSS.EXE, no Action by user, 6908, 923896, 1.0.56431, ame, b1BBC709A59AF5442CE41df6C898D4CC, 088F351A85A64B88FAF31298557B9C74BCF9e9A386BF4AF67EEB2B123CEE2ce8
PUP. Optional. Offercore, C:\USERS\TAHA\DOWNLOADS\DRVING Simulator autofarm - lınkvertıse downloader. ZIP, no Action by user, 536, 983817, 1.0.56431, ame, 009C13D766b2D60C7BAAF526727C087b, 1211C2AE6D35EC904e0E90B06419CC11CAC83EE4042D1C8FE36BAC053fb092C6
Adware. Installunion, C:\USERS\TAHA\DESKTOP\EVON exploıt V3_09617.EXE, no Action by user, 749, 971435, 1.0.56431, ame, D95304D22479D196942a8E188113884C, CC8884209D49144B756C86A3A65385307C06415776863eeEC0746438ff8D3e36
Adware. Installunion, C:\USERS\TAHA\APPDATA\LOCAL\TEMP\SCOPED_DIR7384_2026635366\EVON exploıt V3_09617.EXE, no Action by user, 749, 971435, 1.0.56431, ame, D95304D22479D196942a8E188113884C, CC8884209D49144B756C86A3A65385307C06415776863eeEC0746438ff8D3e36
PUP. Optional. Offercore, C:\USERS\TAHA\DOWNLOADS\DRIVING Simulator - lınkvertıse downloader. ZIP, no Action by user, 536, 983817, 1.0.56431, ame, B66D2826270313FB6754BA683C57162a, 5A133E7EAB00DCF34D88B822a0F127C32D5FD12760268DA40D65842A74BA4289
Riskware. Openbullet, C:\USERS\TAHA\DOWNLOADS\OPENBULLET 1.4.4[ANOMALY].RAR, no Action by user, 8186, 1019636, 1.0.56431, 8C6ca8B674494060FD674ECC, dds, 01829120, 962185CF304D545E61E5037444b8D5FE, 01DF80D4F674430880A671A4DB8AD171A4F6C6BB3390E6137998D2951E085BE1
Malware. AI. 4070522205, C:\USERS\TAHA\DOWNLOADS\SETUP.ZIP, no Action by user, 1000000, -224445091, 1.0.56431, A58495DA5B393B22F29F3D5D, dds, 01829120, 730dFB65104501240DC44552A97F1fa6, F03deaEF368EE3a9B82E053ecb7cb3e6b0adCA50C4D8a9F5E41582C228e89D96
Trojan. Injector. Msıl. Generic, C:\USERS\TAHA\DOCUMENTS\KRNL\KRNLSS.EXE, no Action by user, 10793, 1051812, 1.0.56431, ame, 3B26E9F4768E695A004F9b3D41A1BB18, 45CF955A5C297aead5beb7aEB826F2Ff7EC75E54A06D30969E191318DC1210a1
PUP. Optional. Offercore, C:\USERS\TAHA\DOWNLOADS\COMPRESSED\DRIVING Simulator scrıpt - lınkvertıse downloader. ZIP, no Action by user, 536, 983817, 1.0.56431, ame, 595537EA821edbCF8240190D699C3C4C, B45C05AFED351D89F8AEF4369D23a85D9C8413DFbffBE955D2A73FF3598DB7C3
Physical sector: 0
(No malicious items detected)
WMI: 0
(No malicious items detected)
(End)
Son düzenleme: