Oyunda hile için DLL files değiştirilmesi zararı var mıdır?

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform:  x64 Windows 8.1 (Embedded Industry (Embedded)), 6.3.9600.19893, Service Pack: 0
Time:      05.01.2021 - 13:44 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Talha    (group: Administrator) on KJUBIXHUNTER, FirstRun: yes

Chrome:  87.0.4280.88
Internet Explorer: 11.0.9600.19036
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe
  32  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.52\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Elantech\ETDCtrl.exe
   1  C:\Program Files\Elantech\ETDCtrlHelper.exe
   1  C:\Program Files\Elantech\ETDService.exe
   1  C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
   1  C:\Program Files\Logitech Gaming Software\LAClient\laclient.exe
   1  C:\Program Files\Logitech Gaming Software\LCore.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\Windows Defender\MSASCui.exe
   1  C:\Program Files\Windows Defender\MpCmdRun.exe
   1  C:\Program Files\Windows Defender\MsMpEng.exe
   1  C:\Program Files\Windows Defender\NisSrv.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\Talha\Downloads\HiJackThis.exe
   1  C:\Users\Talha\Downloads\VisualBasic6-KB896559-v1-ENU (1).exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\notepad.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  13  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\taskhostex.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.yandex.com.tr/?win=411&clid=2257151-10
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?uil=ru&part={searchTerms} - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL] = https://yandex.com.tr/search/?win=411&clid=2257152-10&text={searchTerms} - Yandex
O1 - Hosts: is empty
O4 - HKCU\..\Run: [com.blitz.app] = C:\Users\Talha\AppData\Local\Blitz\Update.exe --processStart "Blitz.exe" --process-start-args "--hidden" (file missing)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2020/06/20)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2018/07/13)
O4 - HKLM\..\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\Run: [Launch LCore] = C:\Program Files\Logitech Gaming Software\LCore.exe /minimized
O4 - HKLM\..\Run: [MBCfg64] = C:\Windows\system32\MBCfg64.dll C:\Windows\system32\MBCfg64.dll,RunDLLEntry MBCfg64
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [WindowsDefender] = C:\Program Files\Windows Defender\MSASCuiL.exe  (file missing) (2018/07/13)
O4-32 - HKLM\..\Run: [Sound Blaster Cinema] = C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe /r
O4-32 - HKLM\..\Run: [UpdReg] = C:\Windows\UpdReg.EXE
O16-32 - DPF: HKLM\..\{6C269571-C6D7-4818-BCA4-32A035E8C884}\DownloadInformation: Creative Software AutoUpdate [CODEBASE] = http://files.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16-32 - DPF: HKLM\..\{D4B68B83-8710-488B-A692-D74B50BA558E}\DownloadInformation: Creative Software AutoUpdate Support Package 2 [CODEBASE] = http://files.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16-32 - DPF: HKLM\..\{F6ACF75C-C32C-447B-9BEF-46B766368D29}\DownloadInformation: Creative Software AutoUpdate Support Package [CODEBASE] = http://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37143AB8-BB03-4516-A36E-859429F596E9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{37143AB8-BB03-4516-A36E-859429F596E9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\system32\nvinitx.dll (disabled by SecureBoot)
O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\SysWOW64\nvinit.dll (disabled by SecureBoot)
O22 - Task: (telemetry) NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
O22 - Task: (telemetry) NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: (telemetry) NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: (telemetry) NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: (telemetry) NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\CompatTelRunner.exe -maintenance (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\ScheduleWepCEIP - C:\Windows\system32\WepsqmTask.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\Windows\system32\WSqmCons.exe -u (Microsoft)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: \Microsoft\Office\Office Feature Updates - C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe (Microsoft)
O22 - Task: \Microsoft\Office\Office Feature Updates Logon - C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe /onlogon (Microsoft)
O22 - Task: klcp_update - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /verysilent /update /freq=30
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Logitech Gaming Registry Service - (LogiRegistryService) - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\Windows\SysWOW64\GameMon.des -service


--
End of file - Time spent: 15,1 sec. - 21312 bytes, CRC32: FFFFFFFF. Sign: ᦭ぶ

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/5/21
Scan Time: 2:22 PM
Log File: 55ba2c6c-4f48-11eb-89d5-000000000000.json

-Software Information-
Version: 4.3.0.98
Components Version: 1.0.1130
Update Package Version: 1.0.35309
License: Trial

-System Information-
OS: Windows 8.1
CPU: x64
File System: NTFS
User: KjubiXhunter\Talha

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 241182
Threats Detected: 5
Threats Quarantined: 0
Time Elapsed: 1 min, 40 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 1
Adware.RussAd, HKU\S-1-5-21-2267927869-3042648487-1562112351-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\ibknafobnmndicojahlppolcaaibngjf, No Action By User, 8607, 585110, , , , , ,

Registry Value: 1
Adware.RussAd, HKU\S-1-5-21-2267927869-3042648487-1562112351-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ibknafobnmndicojahlppolcaaibngjf, No Action By User, 8607, 585110, , , , , ,

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Adware.RussAd, C:\USERS\TALHA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\IBKNAFOBNMNDICOJAHLPPOLCAAIBNGJF, No Action By User, 8607, 585110, 1.0.35309, , ame, , ,

File: 2
Adware.RussAd, C:\USERS\TALHA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, No Action By User, 8607, 585110, , , , , 4D009DCC97F77474908DB078142B2489, ABC1A55F5D41C2A7C24387C11D0CFEBE14BA2EA810D95EB904D961A7DF73F569
Adware.RussAd, C:\USERS\TALHA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, No Action By User, 8607, 585110, , , , , 44CC7916FA4BD8E06FC3C09F638D79CC, 11B4163D8E2A3661B9A28045E05B51D2FBD5187859E9F02FDE7DB4705B662951

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)


(end)

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.yandex.com.tr/?win=411&clid=2257151-10
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?uil=ru&part={searchTerms} - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL] = https://yandex.com.tr/search/?win=411&clid=2257152-10&text={searchTerms} - Yandex
O1 - Hosts: is empty
O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\system32\nvinitx.dll (disabled by SecureBoot)
O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\Windows\SysWOW64\nvinit.dll (disabled by SecureBoot)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\CompatTelRunner.exe -maintenance (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\ScheduleWepCEIP - C:\Windows\system32\WepsqmTask.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\Windows\system32\WSqmCons.exe -u (Microsoft)