Sistemde Keylogger olduğu nasıl anlaşılır?

asd1010

Hectopat
Katılım
16 Haziran 2016
Mesajlar
9
Daha fazla  
Cinsiyet
Erkek
Merhabalar,
öncelikle daha önceden keylogger'dan çok başı yanan biri olarak bilgisayarımda Kaspersky ve Zemana Antilogger yüklü, fakat ben gene de emin olmak için siz tecrübeli modlarım ve diğer tecrübeli arkadaşlar için Hijackthis raporu ile beraber HitmanPro raporunu paylaşacağım. Bilgisayarımda keylogger var mı yok mu özellikle yazarsanız çok memnun olurum,hayırlı Ramazanlar.

HijackThis Raporu:


Kod: 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 09:16:03, on 28.06.2016
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avpui.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Users\Ömer\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {C66D064F-82FE-4E1A-B06A-B2490BA48B18} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O3 - Toolbar: Kaspersky Protection toolbar - {3507FA00-ADA2-4A02-99B9-51AD26CA9120} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\IEExt\ie_plugin.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O9 - Extra button: OneNote'a Gönder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: OneNote'a G&önder - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 9 (AdvancedSystemCareService9) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Kaspersky Anti-Virus Service 16.0.0 (AVP16.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: vssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 16.0.0\x64\vssbridge64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6828 bytes



HitmanPro Raporu:


Kod: 
[code]
HitmanPro 3.7.14.265
www.hitmanpro.com

   Computer name . . . . : OMER
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : Omer\Ömer
   UAC . . . . . . . . . : Disabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2016-06-28 09:22:21
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 20s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 0
   Traces  . . . . . . . : 3

   Objects scanned . . . : 830.244
   Files scanned . . . . : 10.105
   Remnants scanned  . . : 117.367 files / 702.772 keys

Suspicious files ____________________________________________________________

   C:\Windows\SysWOW64\GameMon.des
      Size . . . . . . . : 5.691.912 bytes
      Age  . . . . . . . : 4.8 days (2016-06-23 13:19:30)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : 138ED468E443E66A9A1FF6C7FA04CA049CEC382059335AF9522B6F5F8D5FC70E
      Product  . . . . . : nProtect Game Monitor
      Publisher  . . . . : INCA Internet Co., Ltd.
      Description  . . . : nProtect Game Monitor Rev 2407
      Version  . . . . . : 2016.5.19.1
      RSA Key Size . . . : 2048
      Service  . . . . . : npggsvc
      LanguageID . . . . : 1042
      Authenticode . . . : Valid
      Fuzzy  . . . . . . : 22.0
         The file name extension of this program is not common.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
         The file is located in a folder that contains core operating system files from Windows. This is not typical for most programs and is only common to system tools, drivers and hacking utilities.
         Starts automatically as a service during system bootup.
         Program is code signed with a valid Authenticode certificate.
      Startup
         HKLM\SYSTEM\CurrentControlSet\Services\npggsvc\
      Forensic Cluster
         -1.8s C:\Windows\SysWOW64\nppt9x.vxd
         -1.6s C:\Windows\SysWOW64\npptNT2.sys
          0.0s C:\Windows\SysWOW64\GameMon.des


Cookies _____________________________________________________________________

   C:\Users\Ömer\AppData\Roaming\Microsoft\Windows\Cookies\ömer@doubleclick[2].txt
[/CODE]


Bu arada sisteminde CPU arada bir %100 olmaktadır ve HitmanPro'da şüpheli olarak çıkan GameMon.des dosyası oynadığım bir oyunun servis dosyası galiba şimdilik yoksay diyorum sizin cevabınız sonrasında değiştiririm.

@THE_MILLER konuya bekleniyorsunuz efendim.
 
Son düzenleyen: Moderatör:
Verdiğim satırları fixleyin.
Kod: 
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O20 - AppInit_DLLs: C:\PROGRA~2\KEYCRY~1\KEYCRY~3.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)

Sisteminde keylogger yok. GameMon dosyası zararlı değildir fakat gereksizdir. GameGuard yazılımını kaldırabilirsin.

System Care dahil Iobit ürünlerini önermemekteyiz. Performans sorunu yaşamanızın nedeni bu yazılım olabilir. Tüm Iobit ürünlerini kaldırın. Kaldırsanız bile etkisi düzelmeyebilmektedir.
Bu verdiğim konudaki tüm aşamaları yapın.
Temel Sistem Bakım ve Performans Optimizasyonu Yönergesi

Ayrıca sistemden en iyi performans almak için Windows 10 kullanmanız önerilir.
 
Peki çok teşekkürler dediklerinizi yaptım,şüphelenmeme gerek yok o zaman. En profesyonel keylogger bile olsa algılanırdı galiba,kolay gelsin.
 
Konuyu cevapla
Menü
Giriş yap
Kaydol
Bu siteyi kullanmak için çerezler gereklidir. Siteyi kullanmaya devam etmek için çerezleri kabul etmelisiniz. Daha Fazlasını Öğren.…