HijackThis Log Paylaşımı ve Çözümleri

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O4 - HKCU\..\StartupApproved\Run: [GogGalaxy] = E:\DOSYA KURULUMLARI\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (2021/12/03)
O4 - HKLM\..\StartupApproved\Run: [iTunesHelper] = E:\DOSYA KURULUMLARI\ITunes\iTunesHelper.exe (2020/08/11)
O22 - Task: \cFos\Registration Tasks\Open Browser - c:\program files (x86)\google\chrome\application\chrome.exe "http://www.cfosspeed.de/speed-test/speed-test_en.htm?reg-12.00.2512-asrock"
O22 - Task: AsrAPPShop - C:\Program Files (x86)\ASRock Utility\APP Shop\AsrAPPShop.exe (file missing)

Number | path.

 1 C:\program files (X86)\kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe

 1 C:\program files (X86)\kaspersky Lab\Kaspersky Security Cloud 21.3\avpui.exe

 1 C:\program files (X86)\kaspersky Lab\Kaspersky VPN 5.3\ksde.exe

 1 C:\program files (X86)\kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe

 1 C:\program Files\AMD\CNext\CNext\amdow.exe

 1 C:\program Files\AMD\CNext\CNext\AMDRSServ.exe

 1 C:\program Files\AMD\CNext\CNext\cncmd.exe

 1 C:\program Files\AMD\CNext\CNext\RadeonSoftware.exe

 1 C:\program Files\Realtek\Audio\HDA\RtkNGUI64.exe

 1 C:\program Files\WinRAR\WinRAR.exe

 1 C:\Users\user\AppData\Local\Programs\Opera GX\83.0.4254.70\opera_crashreporter.exe

 27 C:\Users\user\AppData\Local\Programs\Opera GX\opera.exe

 1 C:\Users\user\Desktop\HiJackThis\HiJackThis.exe

 1 C:\Users\user\Desktop\procexp64.exe

 1 C:\Windows\explorer.exe

 1 C:\Windows\servicing\TrustedInstaller.exe

 1 C:\Windows\System32\amdfendrsr.exe

 1 C:\Windows\System32\ApplicationFrameHost.exe

 1 C:\Windows\System32\audiodg.exe

 2 C:\Windows\System32\csrss.exe

 1 C:\Windows\System32\dasHost.exe

 1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe

 1 C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atieclxx.exe

 1 C:\Windows\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atiesrxx.exe

 1 C:\Windows\System32\dwm.exe

 2 C:\Windows\System32\fontdrvhost.exe

 1 C:\Windows\System32\lsass.exe

 4 C:\Windows\System32\RuntimeBroker.exe

 1 C:\Windows\System32\SearchFilterHost.exe

 1 C:\Windows\System32\SearchIndexer.exe

 2 C:\Windows\System32\SearchProtocolHost.exe

 1 C:\Windows\System32\services.exe

 1 C:\Windows\System32\SettingSyncHost.exe

 1 C:\Windows\System32\SgrmBroker.exe

 1 C:\Windows\System32\sihost.exe

 1 C:\Windows\System32\smss.exe

 1 C:\Windows\System32\spoolsv.exe

 1 C:\Windows\System32\sppsvc.exe

 22 C:\Windows\System32\svchost.exe

 1 C:\Windows\System32\taskhostw.exe

 1 C:\Windows\System32\vds.exe

 1 C:\Windows\System32\wbem\WMIADAP.exe

 3 C:\Windows\System32\wbem\WmiPrvSE.exe

 1 C:\Windows\System32\wininit.exe

 1 C:\Windows\System32\winlogon.exe

 1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe

 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

 1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

 1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe



R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = OyunSunucum - Online Gaming & Hosting Community

R3 - HKU\S-1-5-21-2485822969-418392885-1940115131-1014: default urlsearchhook is missing.

R4 - searchscopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex.

R4 - searchscopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: = Yandex{searchTerms}&clid=2233630 - Yandex. O1 - hosts. Ics: 127.0.0.1 localhost. O1 - hosts. Ics: 1 localhost. O1 - hosts. Ics: 5.95 apathecheats.com O1 - hosts. Ics: 45.158. 15.95 www.apathecheats.com O1 - hosts. Ics: 45.158. 15.95 apathecheats.net O1 - hosts. Ics: 45.158. 15.95 www.apathecheats.net O1 - hosts. Ics: 45.158. 15.95 apathecheats.org O1 - hosts. Ics: 45.158. 15.95 www.apathecheats.org O1 - hosts. Ics: 45.158. 15.95 download.theapathe.com O1 - hosts. Ics: 45.158. 15.95 hileliadam.co O1 - hosts. Ics: 45.158. 15.95 www.hilenbizde.com O1 - hosts. Ics: 45.158. 15.95 hilenbizde.com O1 - hosts. Ics: 45.158. 15.95 zulahile.com O1 - hosts. Ics: 45.158. 15.95 www.mrsnapz.net O1 - hosts. Ics: 45.158. 15.95 mrsnapz.net O1 - hosts. Ics: 45.158. 15.95 www.badeshan.com O1 - hosts. Ics: 45.158. 15.95 www.thefrm.net O1 - hosts. Ics: 45.158. 15.95 www.plathelper.net O1 - hosts. Ics: 45.158. 15.95 www.thefrmonline.com O1 - hosts. Ics: 45.158. 15.95 www.hileliadam.com O1 - hosts. Ics: 45.158. 15.95 www.hilelikafa.com O1 - hosts. Ics: 45.158. 15.95 www.gamehileleri.com O1 - hosts. Ics: 45.158. 15.95 www.hilemekani.com O1 - hosts. Ics: 45.158. 15.95 www.frmbull.com O1 - hosts. Ics: 45.158. 15.95 www.turkfrm.net O1 - hosts. Ics: 45.158. 15.95 www.hilesarayi.com O1 - hosts. Ics: 45.158. 15.95 utilcheat.com O1 - hosts. Ics: 45.158. 15.95 goldhile.net O1 - hosts. Ics: 45.158. 15.95 thefrmonline.com O1 - hosts. Ics: 45.158. 15.95 thefrm.net O1 - hosts. Ics: 45.158. 15.95 pro-hile.com O1 - hosts. Ics: 45.158. 15.95 pro-hile.net O1 - hosts. Ics: 45.158. 15.95 zeusfrm.org O1 - hosts. Ics: 45.158. 15.95 hileliadam.com O1 - hosts. Ics: 45.158. 15.95 hilelikafa.com O1 - hosts. Ics: 45.158. 15.95 gamehileleri.com O1 - hosts. Ics: 45.158. 15.95 hilemekani.com O1 - hosts. Ics: 45.158. 15.95 frmbull.com O1 - hosts. Ics: 45.158. 15.95 plathelper.net O1 - hosts. Ics: 45.158. 15.95 yenilmezfrm.net O1 - hosts. Ics: 45.158. 15.95 www.mrsnapz.net O1 - hosts. Ics: 45.158. 15.95 mrsnapz.net O1 - hosts. Ics: 45.158. 15.95 www. Mrsnapznet. Us. O1 - hosts. Ics: 45.158. 15.95 www.hileuzmani.com O1 - hosts. Ics: 45.158. 15.95 hileuzmani.com O1 - hosts. Ics: 45.158. 15.95 unitatis.net O1 - hosts. Ics: 45.158. 15.95 www.unitatis.net O1 - hosts. Ics: 45.158. 15.95 charon6.com O1 - hosts. Ics: 45.158. 15.95 www.charon6.com O1 - hosts. Ics: 45.158. 15.95 mail.charon6.com O1 - hosts. Ics: 45.158. 15.95 pentasharp.com O1 - hosts. Ics: 45.158. 15.95 www.pentasharp.com O1 - hosts. Ics: 45.158. 15.95 ultrahilem.com O1 - hosts. Ics: 45.158. 15.95 www.ultrahilem.com O1 - hosts. Ics: 45.158. 15.95 kral-hile.com O1 - hosts. Ics: 45.158. 15.95 www.kral-hile.com O1 - hosts. Ics: 212.64.214.252 05412.net O1 - hosts. Ics: 212.64.214.252 www.05412.net O1 - hosts. Ics: 212.64.214.252 everaim. Xyz. O1 - hosts. Ics: 212.64.214.252 www. Everaim. Xyz. O1 - hosts. Ics: 212.64.214.252 www. Exxen. Support. O1 - hosts. Ics: 212.64.214.252 exxen. Support. O1 - hosts. Ics: 212.64.214.252 blogspot.l.googleusercontent.com O1 - hosts. Ics: 212.64.214.252 www.blogspot.l.googleusercontent.com O1 - hosts. Ics: 212.64.214.252 seeessddassdasd.blogspot.com O1 - hosts. Ics: 212.64.214.252 www.seeessddassdasd.blogspot.com O1 - hosts. Ics: 45.158. 15.95 hoxelizm.com O1 - hosts. Ics: 45.158. 15.95 www.hoxelizm.com O1 - hosts. Ics: 45.158. 15.95 cheatsturkey.net O1 - hosts. Ics: 45.158. 15.95 cheatsturkey.com O1 - hosts. Ics: 45.158. 15.95 cheatsturkey.org O1 - hosts. Ics: 45.158. 15.95 www.cheatsturkey.net O1 - hosts. Ics: 45.158. 15.95 www.cheatsturkey.com O1 - hosts. Ics: 45.158. 15.95 www.cheatsturkey.org O1 - hosts. Ics: 212.64.214.252 blast-hack. Online. O1 - hosts. Ics: 212.64.214.252 www. Blast-hack. Online. O1 - hosts. Ics: 45.158. 15.95 unixcheats.com O1 - hosts. Ics: 45.158. 15.95 www.unixcheats.com O1 - hosts. Ics: 45.158. 15.95 unixcheats.net O1 - hosts. Ics: 45.158. 15.95 www.unixcheats.net O1 - hosts. Ics: 45.158. 15.9 O2 - HKLM\..\BHO: Java(tm) plug-ın 2 ssv helper - {DBC80044-A445-435B-BC74-9C25C1C588A9} - C:\program Files\Java\jre1.8.0_321\bin\jp2ssv.dll O2 - HKLM\..\BHO: Java(tm) plug-ın ssv helper - {761497BB-D6F0-462C-B6EB-D4daf1D92D43} - C:\program Files\Java\jre1.8.0_321\bin\ssv.dll O4 - HKCU\..\Run: [Opera Browser Assistant] = C:\Users\user\AppData\Local\Programs\Opera\assistant\browser_assistant.exe O4 - HKCU\..\Run: [Opera GX Browser Assistant] = C:\Users\user\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe O4 - HKCU\..\StartupApproved\Run: [ipts] = C:\Users\user\Desktop\Yeni klasör\ipts.exe -h (file missing) (2021/10/30) O4 - HKCU\..\StartupApproved\Run: [Steam] = D:\Steam\steam.exe -silent (2021/05/11) O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google\OneNote 2007 ekran kırpıcı ve başlatıcı. Lnk -> C:\program files (X86)\microsoft Office\Office12\ONENOTEM.EXE /tsr (2021/11/03) O4 - HKLM\..\Run: [RTHDVCPL] = C:\program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\program Files\Common Files\Wondershare\Wondershare helper Compact\WSHelper.exe (file missing) (2021/04/07) O4 - HKLM\..\StartupApproved\Run32: [Discord] = C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkınstall (2021/07/28) O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\program files (X86)\common Files\Java\Java Update\jusched.exe (2021/05/11) O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\program files (X86)\common Files\Wondershare\Wondershare helper Compact\WSHelper.exe (2021/04/07) O4 - HKU\S-1-5-18\..\Run: [GoogleDriveFS] = C:\program Files\Google\Drive file Stream\54.0.3.0\GoogleDriveFS.exe --startup_mode (file missing) (user 'localsystem') O4 - HKU\S-1-5-19\..\Run: [GoogleDriveFS] = C:\program Files\Google\Drive file Stream\54.0.3.0\GoogleDriveFS.exe --startup_mode (file missing) (user 'local service') O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\program Files\Windows Mail\wab.exe /upgrade (user 'local service') O4 - HKU\S-1-5-20\..\Run: [GoogleDriveFS] = C:\program Files\Google\Drive file Stream\54.0.3.0\GoogleDriveFS.exe --startup_mode (file missing) (user 'network service') O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\program Files\Windows Mail\wab.exe /upgrade (user 'network service') O4 - HKU\S-1-5-21-2485822969-418392885-1940115131-1014\..\Run: [Opera GX Browser Assistant] = C:\Users\anl_u\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (user 'anil karki') O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\program files (X86)\microsoft Office\Office12\GrooveMonitor.exe O7 - knownfolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell folders, startup = C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google O7 - knownfolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell folders, startup = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google O7 - troubleshooting: (ev) HKU\S-1-5-21-2485822969-418392885-1940115131-1014\..\Environment: [TEMP] = (not exist) O7 - troubleshooting: (ev) HKU\S-1-5-21-2485822969-418392885-1940115131-1014\..\Environment: [TMP] = (not exist) O17 - DHCP DNS 1: 192.168.1.1 O21 - HKLM\..\ShellIconOverlayIdentifiers\ mega (pending): (no name) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - (no file) O21 - HKLM\..\ShellIconOverlayIdentifiers\ mega (synced): (no name) - {05B38830-F4E9-4329-978b-1DDR28605D202} - (no file) O21 - HKLM\..\ShellIconOverlayIdentifiers\ mega (syncing): (no name) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - (no file) O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - groove gfs stub execution hook - C:\program files (X86)\microsoft Office\Office12\GrooveShellExtensions.dll (disabled) O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\program files (X86)\microsoft Office\Office12\GrooveShellExtensions.dll O22 - bıts job: (download) {386177D9-29D7-4957-B78a-33AD95152997} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/97.0.1/update/win64/tr/firefox-97.0-97.0.1.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar O22 - bıts job: (download) {5E0655F7-B010-4A25-940F-0981C4FAd60D} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/insvgwbvfcm4727ldhaxkroq7u_2771/jflookgnkcckhobaglndicnbbgbonegd_2771_all_adxelikapyugbhji3y7xhxhjkwgq.crx3 -> C:\WINDOWS\TEMP\chrome_BITS_7844_220971552\jflookgnkcckhobaglndicnbbgbonegd_2771_all_adxelikapyugbhji3y7xhxhjkwgq.crx3 O22 - bıts job: Fix all (including legit) O22 - task (.job): (disabled) (not scheduled) Intel PTT ek recertification. Job - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe O22 - task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Agent activation runtime (empty) O22 - task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MEGA (empty) O22 - task: (disabled) (Update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /runonac engagedrebootreminder (Microsoft) O22 - task: (disabled) (Update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /runonbattery engagedrebootreminder (Microsoft) O22 - task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule maintenance work - C:\WINDOWS\system32\usoclient.exe startmaintenancework (Microsoft) O22 - task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule wake to work - C:\WINDOWS\system32\usoclient.exe startwork (Microsoft) O22 - task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft) O22 - task: \Mozilla\Firefox background Update 308046B0af4a39cb - C:\program Files\Mozilla Firefox\firefox.exe --moz_log Sync, prependheader, timestamp, append, maxsize: 1, dump: 5 --moz_log_fıle C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate. O22 - task: \Mozilla\Firefox default browser agent 308046B0af4a39cb - C:\program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0af4a39cb" O22 - task: Intel PTT ek recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe O22 - task: Kaspersky_upgrade_launcher_{278ADC42-419D-4547-A6CA-5B74BE0Ad901} - C:\program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitupgrade O22 - task: Modifylinkupdate - C:\program Files\AMD\CIM\Bin64\InstallManagerApp.exe -updatecurrentuser O22 - task: Opera GX scheduled autoupdate 1613489382 - C:\Users\user\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(arg0) O22 - task: Opera GX scheduled autoupdate 1613991751 - C:\Users\o_ekl\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(arg0) O22 - task: Opera GX scheduled autoupdate 1630684277 - C:\Users\anl_u\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(arg0) O22 - task: Opera scheduled assistant autoupdate 1631572094 - C:\Users\user\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name = assistant --component-path="C:\Users\user\AppData\Local\Programs\Opera\assistant" $(arg0) O22 - task: Opera scheduled autoupdate 1631572090 - C:\Users\user\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(arg0) O22 - task: Startcn - C:\program Files\AMD\CNext\CNext\cncmd.exe startwithdelay. O22 - task: Startdvr - C:\program Files\AMD\CNext\CNext\RSServCmd.exe O23 - service r2: AMD crash Defender service - C:\WINDOWS\System32\amdfendrsr.exe O23 - service r2: AMD external events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0376944.inf_amd64_7a28758ed8b2ac21\B376966\atiesrxx.exe O23 - service r2: Intel(r) dynamic application loader host ınterface service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe O23 - service r2: Kaspersky Anti-Virüs hizmeti 21.3 - (avp21.3) - C:\program files (X86)\kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe -r O23 - service r2: Kaspersky VPN secure connection hizmeti 5.3 - (ksde5.3) - C:\program files (X86)\kaspersky Lab\Kaspersky VPN 5.3\ksde.exe -r O23 - service S2: Intel(r) TPM provisioning service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe O23 - service S3: Intel(r) capability licensing service tcp IP ınterface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe O23 - service S3: Kaspersky volume Shadow copy service bridge 21.3 - (klvssbridge64_21.3) - C:\program files (X86)\kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe O23 - service S3: Mozilla maintenance service - (mozillamaintenance) - C:\program files (X86)\mozilla maintenance Service\maintenanceservice.exe O23 - service S3: Rockstar Game library service - (Rockstar service) - C:\program Files\Rockstar Games\Launcher\RockstarService.exe (file missing) O23 - service S3: Steam Client service - C:\program files (X86)\common Files\Steam\steamservice.exe /runasservice O23 - service S3: Twitch service - (twitchservice) - C:\program Files\Common Files\Twitch\TwitchService.exe -- End of file - time spent: 6,4 sec. - 35368 bytes, CRC32: Ffffffff. Sign: 膂⻖

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = OyunSunucum - Online Gaming & Hosting Community
R3 - HKU\S-1-5-21-2485822969-418392885-1940115131-1014: default urlsearchhook is missing.

O4 - HKCU\..\Run: [OneDrive] = C:\Users\ceoab\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4-32 - HKLM\..\Run: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Desktop = C:\Users\ceoab\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, My Pictures = C:\Users\ceoab\Pictures
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Personal = C:\Users\ceoab\Documents
O10 - Unknown file in Winsock LSP: C:\Windows\system32\nlansp_c.dll
O22 - Task: Feature Manager - C:\Program Files (x86)\Feature Manager\Feature_Manager.exe
O22 - Task: OmApSvcBroker - C:\Program Files (x86)\Feature Manager\OmApSvcBroker.exe
O22 - Task: OneDrive Reporting Task-S-1-5-21-1340785609-3455622099-763304044-1001 - C:\Users\ceoab\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting

O22 - BITS Job: (download) {39F9B575-52CD-4A2C-98AD-0D754DCE1BA8} - http://emupdate.avcdn.net/files/emupdate/pong.txt -> C:\Windows\TEMP\509354e1-0beb-4bc5-9c75-1e5866476ce8
O22 - BITS Job: (download) {3B54EC8F-EE92-4AE7-8D2A-E81191048274} - https://ccleaner.tools.avcdn.net/tools/ccleaner/update/patches.ini -> C:\Windows\TEMP\5037b8c1-f31e-4fd0-a451-49110f5d19f6
O22 - BITS Job: (download) {652014A5-574C-4ADC-BA94-4E06912E6B6F} - http://emupdate.avcdn.net/files/emupdate/pong.txt -> C:\Windows\TEMP\79e239b2-aedb-4fe8-b655-8c37b537ffce
O22 - BITS Job: (download) {D587B8EC-1ECA-4D75-82EC-8F9600312D53} - http://emupdate.avcdn.net/files/emupdate/pong.txt -> C:\Windows\TEMP\03a9d100-12b5-416a-b210-ec1f93521818
O22 - BITS Job: Fix all (including legit)
O22 - Task: (damaged) AsusSystemAnalysis_754F3273-0563-4F20-B12F-826510B07474 - C:\WINDOWS\System32\DriverStore\FileRepository\asussci2.inf_amd64_8c13dfd9a3013c06\ASUSSystemAnalysis\AsusSystemAnalysis.exe -j0 (user missing)

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 12:35:51, on 5.03.2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.19041.1202)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
C:\Users\ender\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=625119&clocalename=tr-TR
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.30\BHO\ie_to_edge_bho.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKLM\..\Run: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_0DE835067A76FFC63B13426D15EBE5E4] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'Local Service')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: CCBService.lnk = C:\Program Files\Chaos Group\Chaos Cosmos\cbservice.exe
O8 - Extra context menu item: Microsoft Excel'e Gö&nder - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Araştır - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD Crash Defender Service - Unknown owner - C:\Windows\System32\amdfendrsr.exe (file missing)
O23 - Service: AMD External Events Utility - AMD - C:\Windows\System32\DriverStore\FileRepository\u0376255.inf_amd64_b67dbc7531b4ea7c\B376137\atiesrxx.exe
O23 - Service: Kaspersky Anti-Virus Hizmeti 21.3 (AVP21.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\avp.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_5cf20 - Unknown owner - C:\Windows\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\99.0.4844.51\elevation_service.exe
O23 - Service: Google Güncelleme Hizmeti (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Güncelleme Hizmeti (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Volume Shadow Copy Service Bridge 21.3 (klvssbridge64_21.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 21.3\x64\vssbridge64.exe
O23 - Service: Kaspersky VPN Secure Connection Hizmeti 5.3 (KSDE5.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VRLService - Unknown owner - C:\Program Files\Chaos Group\VRLService\OLS\vrol.exe
O23 - Service: V-Ray Swarm (vrswrm-service) - Unknown owner - C:\Program Files\Chaos Group\V-Ray\Swarm 1.4\register-service.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8855 bytes