Sistemden RAT temizlenmiyor

H

HalseyWtr

Centipat
Katılım
15 Eylül 2022
Mesajlar
119
Merhaba değerli forum üyeleri, 2 hafta önce RAT yemiştim. Temiz bir format atıp sorunu çözmüştüm. Aradan 1 hafta geçti ve yine aynı sorunlarla karşılaşıldı. Konusunda tecrübeli hocalarımdan rica etsem birisi bakabilir mi? HiJackThis Log'unu ekleyeceğim.

Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.23

Platform:  x64 Windows 7 (Ultimate), 6.1.7601.24544, Service Pack: 1
Time:      02.10.2022 - 18:08 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    1063 MiB Free (73 %). CPU Loading: (42 %)
Elevated:  Yes
Ran by:    KARTAL    (group: Administrators) on KARTAL-PC, FirstRun: yes

Chrome:  106.0.5249.91
Internet Explorer: 11.0.9600.19597
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.7\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.7\ksdeui.exe
  22  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\HitmanPro\hmpsched.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\KARTAL\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\cmd.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  12  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wuauclt.exe
   1  C:\Windows\System32\WUDFHost.exe

O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O5 - Applet: C:\Windows\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD (empty)
O22 - Tasks: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Tasks: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft) (user missing)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft)
O22 - Tasks: BraveSoftwareUpdateTaskMachineCore{1A1A6B29-D89D-4002-B1FE-489D37037079} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA{8C303CA3-9777-4ABC-B8EC-A03A62C2C7EA} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler
O22 - Tasks: GoogleUpdateTaskMachineCore{AF4C7B2C-54AA-441B-BAB8-48B2CFCE03CF} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks: GoogleUpdateTaskMachineUA{7064C557-01DE-4B15-A1BD-80BF5C374DAC} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: HitmanPro Scheduler - (HitmanProScheduler) - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 21.3 - (AVP21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe -r
O23 - Service R2: Kaspersky VPN Secure Connection Hizmeti 5.7 - (KSDE5.7) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.7\ksde.exe -r
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.105\elevation_service.exe (file missing)
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\106.0.5249.91\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.3 - (klvssbridge64_21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe


--
End of file - Time spent: 14,6 sec. - 13188 bytes, CRC32: FFFFFFFF. Sign: ጓ唅
 
HalseyWtr dedi:
Merhaba değerli forum üyeleri, 2 hafta önce RAT yemiştim. Temiz bir format atıp sorunu çözmüştüm. Aradan 1 hafta geçti ve yine aynı sorunlarla karşılaşıldı. Konusunda tecrübeli hocalarımdan rica etsem birisi bakabilir mi? HiJackThis Log'unu ekleyeceğim.

Kod: 
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.23

Platform:  x64 Windows 7 (Ultimate), 6.1.7601.24544, Service Pack: 1
Time:      02.10.2022 - 18:08 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    1063 MiB Free (73 %). CPU Loading: (42 %)
Elevated:  Yes
Ran by:    KARTAL    (group: Administrators) on KARTAL-PC, FirstRun: yes

Chrome:  106.0.5249.91
Internet Explorer: 11.0.9600.19597
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\plugins_nms.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.7\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.7\ksdeui.exe
  22  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\HitmanPro\hmpsched.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\Windows Media Player\wmpnetwk.exe
   1  C:\Users\KARTAL\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\cmd.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\lsm.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  12  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhost.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wuauclt.exe
   1  C:\Windows\System32\WUDFHost.exe

O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O5 - Applet: C:\Windows\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WPD (empty)
O22 - Tasks: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTask - C:\Windows\system32\Wat\WatAdminSvc.exe /run (Microsoft)
O22 - Tasks: (activation) \Microsoft\Windows\Windows Activation Technologies\ValidationTaskDeadline - C:\Windows\system32\schtasks.exe /run /I /TN "\Microsoft\Windows\Windows Activation Technologies\ValidationTask"
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft) (user missing)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\compattelrunner.exe -maintenance (Microsoft)
O22 - Tasks: BraveSoftwareUpdateTaskMachineCore{1A1A6B29-D89D-4002-B1FE-489D37037079} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA{8C303CA3-9777-4ABC-B8EC-A03A62C2C7EA} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler
O22 - Tasks: GoogleUpdateTaskMachineCore{AF4C7B2C-54AA-441B-BAB8-48B2CFCE03CF} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks: GoogleUpdateTaskMachineUA{7064C557-01DE-4B15-A1BD-80BF5C374DAC} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: HitmanPro Scheduler - (HitmanProScheduler) - C:\Program Files\HitmanPro\hmpsched.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 21.3 - (AVP21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe -r
O23 - Service R2: Kaspersky VPN Secure Connection Hizmeti 5.7 - (KSDE5.7) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.7\ksde.exe -r
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\106.1.44.105\elevation_service.exe (file missing)
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\106.0.5249.91\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.3 - (klvssbridge64_21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe


--
End of file - Time spent: 14,6 sec. - 13188 bytes, CRC32: FFFFFFFF. Sign: ጓ唅
Genişletmek için tıkla...
Hocam RAT'ı nasıl yediniz? Acaba yine RAT içeren dosyayı indirmiş olabilir misiniz?
 

Benzer konular

44shell
Rat sonrası ne yapılmalı?
2
Mesaj
10
Görüntüleme
2B
44shell
44shell
yucewalden
  • Çözüldü
Çözüldü  Trojan temizlenmiyor
Mesaj
5
Görüntüleme
277
yucewalden
yucewalden
WeXiSs53
Trojan temizlenmiyor
2
Mesaj
16
Görüntüleme
1B
Mehmet Akif T
Mehmet Akif T
F
Telefonda RAT olduğu nasıl anlaşılır?
Mesaj
6
Görüntüleme
301
Fabi
F
smhozm05
Reklam virüsü temizlenmiyor
Mesaj
8
Görüntüleme
763
Murat5038
Murat5038

Yeni konular

Yeni mesajlar

Geri
Yukarı