Rehber HijackThis Log Paylaşımı ve Çözümleri

EmirSbgl · 8 Aralık 2024

merhabalar, bilgisayarımda son zamanlarda bir performans düşüşü yaşıyorum. aynı zamanda bilgisayarımı açtığım gibi fan çalışıyor, görev yöneticisini açtığımda fan susuyordu. Çözüldü: Görev Yöneticisi Açılınca İşlemci Kullanımı Yüksekken Düşüyor burada belirtildiği gibi yaptım dediği program ile tarama yaptım ve şuan fan kapalı ancak başka bir sorun daha var mı bilmiyorum log'uma bakabilir misiniz ?

Paste ofCode

paste.ofcode.org

NmutluTDiyen · 11 Aralık 2024

https://paste.ofcode.org/38Qp8ctjhWmCdJcCNFrRAxu

arasıra donmalar oluyor ekran kartı kendi kendine resetleniyor son günlerde donmalar arttı yardımlarınızı bekliyorum teşekkür ederim

rat veya başka bir şey girmişte olabilir şüphem var.

Murat5038 · 12 Aralık 2024

KİRLİ14 dedi:
Temiz önyükleme nedir hocam?

Windows'ta temiz önyükleme gerçekleştirme - Microsoft Desteği

Windows'ta bir sorunu gidermek için temiz önyükleme işleminin nasıl kullanılacağını açıklar

support.microsoft.com

KİRLİ14 dedi:
Msı araçları nedir ?

MSI üretici olan yazılımları diyorum. Gereksiz kullanmadıklarınızı kaldırın.

KİRLİ14 dedi:
Çok teşekkürler bu arada

Rica ederim.

EmirSbgl dedi:
Merhaba, bilgisayarımda son zamanlarda bir performans düşüşü yaşıyorum.

Bunları fixleyin:

Kod:

O1 - Hosts: 192.168.1.5 host.docker.internal
O1 - Hosts: 192.168.1.5 gateway.docker.internal
O1 - Hosts: 127.0.0.1 kubernetes.docker.internal
O1 - Hosts.ICS: 172.26.224.1 DESKTOP-5LJMH0S.mshome.net # 2029 12 1 3 20 22 42 958

O4 - HKCU\..\StartupApproved\Run: [Docker Desktop] = C:\Program Files\Docker\Docker\Docker Desktop.exe -Autostart (sign: 'Docker Inc')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_F6D0FF8AD274179A0B48D16534E7490B] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2023/06/11) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Emirhan\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2023/06/11) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\Emirhan\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (2024/12/07) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\Emirhan\AppData\Local\Programs\Opera\opera.exe (2024/12/07) (sign: 'Opera Norway AS')
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (2024/12/08) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/06/11) (sign: 'Oracle America, Inc.')
O4 - HKU\S-1-5-18\..\RunOnce: [{D2DA930B-CB5D-4DD6-BF62-BE6C310A353D}] = "C:\Windows\SystemTemp\8cc1b2ef-5fdb-4aa6-bd6c-a89b61a67141\AWCCInstallationManager.exe" /debuglog"C:\Windows\TEMP\AWCCInstallationManager.log" /silent (file missing) (User 'LocalSystem')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - HKU\S-1-5-80-2652535364-2169709536-2857650723-2622804123-1107741775\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'SQLTELEMETRY') (sign: 'Microsoft')
O4 - HKU\S-1-5-80-3880718306-3832830129-1677859214-2598158968-1052248003\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'MSSQLSERVER') (sign: 'Microsoft')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{024a7bd7-644a-4545-970d-e7ab4a4abccb} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{024a7bd7-644a-4545-970d-e7ab4a4abccb} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1648D223-C421-4C7C-8B82-6D80D15239EC} - \console_zero (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1f14daa2-b22c-430c-95a2-40850bea7360} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1f14daa2-b22c-430c-95a2-40850bea7360} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{23E25888-1483-49D7-8056-9B95456C7EA9} - \AutoKMS (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2783e5e1-5a7b-4c3e-bb20-0da260c6fce7} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2783e5e1-5a7b-4c3e-bb20-0da260c6fce7} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2facdb36-da6f-4fee-bb9e-4b6fdba0a1f1} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2facdb36-da6f-4fee-bb9e-4b6fdba0a1f1} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3407f458-01a1-437d-a39f-31e6250886f2} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3407f458-01a1-437d-a39f-31e6250886f2} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344288ba-83da-4650-91c6-b4dead1876d3} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{344288ba-83da-4650-91c6-b4dead1876d3} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43a8569b-9e71-42e2-a39d-b30c1c14fd9c} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43a8569b-9e71-42e2-a39d-b30c1c14fd9c} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45ffa889-3fbe-48a2-a0a7-f7ae5b7420c9} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45ffa889-3fbe-48a2-a0a7-f7ae5b7420c9} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5cd5b6dd-4030-4f58-baf5-06fae1034c38} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5cd5b6dd-4030-4f58-baf5-06fae1034c38} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60375d32-d64a-42b0-b959-51e0435fc68f} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60375d32-d64a-42b0-b959-51e0435fc68f} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6582f987-e1d5-409f-bcb1-1aaddfc16c6e} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6582f987-e1d5-409f-bcb1-1aaddfc16c6e} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92a6e6d5-d114-4f47-ba4b-f19c4f0a9082} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92a6e6d5-d114-4f47-ba4b-f19c4f0a9082} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b248cb51-2ca0-4acc-8538-b8f996a58c98} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{b248cb51-2ca0-4acc-8538-b8f996a58c98} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{cfe7b593-64fa-4f9c-a797-a305e111e094} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{cfe7b593-64fa-4f9c-a797-a305e111e094} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{dc1fcc2c-7760-43cd-bd65-f41bd4c2f3bd} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{dc1fcc2c-7760-43cd-bd65-f41bd4c2f3bd} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f8b76b52-7f7a-49a1-9a20-ddd70c5d1e43} -  (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{f8b76b52-7f7a-49a1-9a20-ddd70c5d1e43} - (no key)
O22 - Tasks: \PowerToys\Autorun for Emirhan - C:\Program Files\PowerToys\PowerToys.exe (sign: 'Microsoft')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: Dell SupportAssistAgent AutoUpdate - C:\Program Files\Dell\SupportAssistAgent\bin\FrameworkAgents\SupportAssistInstaller.exe AutoUpdate (sign: 'Dell Technologies Inc.')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-2444932017-3670618795-1293170901-1001 - C:\Users\Emirhan\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: Opera scheduled assistant Autoupdate 1733511387 - C:\Users\Emirhan\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\Emirhan\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera scheduled Autoupdate 1733511382 - C:\Users\Emirhan\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')

NmutluTDiyen dedi:
RAT veya başka bir şey girmişte olabilir şüphem var.

Bunları fixleyin:

Kod:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = hxxp://OEM17win10.msn.com/?pc=NMTE
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = hxxps://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{BEFC8FF1-894D-45CC-B4DC-0907F8FFAAEB}: [URL] = hxxp://vvv.bing.com/search?q={searchTerms}&form=PRNAM1&src=PRNAM1&pc=NMTE - Bing
F2 - HKLM\..\WinLogon: [UserInit] =
O1 - Hosts: ::1 localhost
O1 - Hosts.ICS: 213.142.149.29 lolhile.com
O1 - Hosts.ICS: 213.142.149.29 ui.memoryhackers.org
O1 - Hosts.ICS: 213.142.149.29 memoryhackers.org
O1 - Hosts.ICS: 213.142.149.29 memoryhackers.net
O1 - Hosts.ICS: 213.142.149.29 memorydownloader.net
O1 - Hosts.ICS: 213.142.149.29 realitycheats.com
O1 - Hosts.ICS: 213.142.149.29 linkisalt.net
O1 - Hosts.ICS: 213.142.149.29 realui.app
O1 - Hosts.ICS: 213.142.149.29 kisalt.xyz
O1 - Hosts.ICS: 213.142.149.29 m2fish.com
O1 - Hosts.ICS: 213.142.149.29 atcsys.net
O1 - Hosts.ICS: 213.142.149.29 dijitaldusunceler.com
O1 - Hosts.ICS: 213.142.149.29 dekortab.com
O1 - Hosts.ICS: 213.142.149.29 medipediform.com
O1 - Hosts.ICS: 213.142.149.29 hibakusha.pw
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\131.0.6778.109\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_CE8D16779E6069DBA15AFBA75C134D9A] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_367DF429D5D15E44A54B418BAF3C3AFE] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O22 - BITS Job: (download) {5990A940-B900-4CB2-881C-2854274F742D} - hxxp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/actowbfrfuy4gdfzcntyh5itjanq_20241128.702116459.14/obedbbhbpmojnkanicioggnmelmoomoc_20241128.702116459.14_all_TR500000_ackkiq5kuuoafofdzi3u2dfzh7fa.crx3 -> C:\Users\burak\AppData\Local\Temp\chrome_BITS_2264_324110116\obedbbhbpmojnkanicioggnmelmoomoc_20241128.702116459.14_all_TR500000_ackkiq5kuuoafofdzi3u2dfzh7fa.crx3
O22 - BITS Job: (download) {A28CFFDA-9468-409D-B3DF-D66955179E76} - hxxp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acy5mdne3lup4k7xyd5szdvx6hqa_477/lmelglejhemejginpboagddgdfbepgmp_477_all_ZZ_acd5zgdfvdiu3zilux46fn7rljva.crx3 -> C:\Users\burak\AppData\Local\Temp\chrome_BITS_15244_987009839\lmelglejhemejginpboagddgdfbepgmp_477_all_ZZ_acd5zgdfvdiu3zilux46fn7rljva.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MEGA (empty)
O22 - Tasks: \ControlCenter\ControlCenter - C:\Program Files (x86)\CASPER EXCALIBUR\EXCALIBUR CONTROL CENTER\ControlCenter.exe /1 (sign: 'QUANTA COMPUTER INC.')
O22 - Tasks: Hartford - C:\WINDOWS\system32\wscript.exe //B "C:\Users\burak\AppData\Local\HubTech Solutions Inc\DataHubPro.js" (sign: 'Microsoft')
O22 - Tasks: TR_FastScan_AtLogon - C:\Program Files (x86)\Trojan Remover\Trjscan.exe (sign: 'Microsoft')
O22 - Tasks: TR_FastScan_Daily_burak - C:\Program Files (x86)\Trojan Remover\Trjscan.exe /silent (sign: 'Microsoft')
O22 - Tasks: TR_Updater - C:\Program Files (x86)\Trojan Remover\Trupd.exe /silent (sign: 'Simply Super Software')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process -WindowStyle Hidden task.bat" (sign: 'Microsoft')
O23 - Driver S1: zpdumxcu - C:\WINDOWS\system32\drivers\zpdumxcu.sys (file missing) (+safe mode)

Trojan Remover yazılımını kaldırın. Kaspersky yüklü zaten.
Revo kullanmayın.

DNS ayarlarını otomatik yapın.
Bunları sırsıyla CMD yazın:

Kod:

ipconfig /release
ipconfig /renew
ipconfig /flushdns

DeepHunter · 21 Aralık 2024

Öncelikle bizlere böyle fedakarca bir yardımda bulunup, zaman ayırdığınız için teşekkür ederim. Chrome tarayıcısı kullanıyorum ve sürekli şifrelerime ulaşan birilerinin olduğunu düşünüyorum. Kayıtlı sitelerden mail adresime şifre güncelleme yada yenileme linkleri geliyor '' Dakikada 4-5 adet'' Loglardan umarım birşeylere ulaşabiliriz.

Kod:

Logfile of HiJackThis+ (Plus) build 2024-11-10 Alpha v.3.4.0.12

Platform:  x64 Windows 10 (Home), 10.0.19045.5247 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      21.12.2024 - 10:40 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    10540 MiB Free. Loading RAM (35 %), CPU (1 %)
Elevated:  Yes
Ran by:    Ege Eren    (group: Administrators; type: Local) on DESKTOP-RE2OVJF, FirstRun: yes

Chrome:  131.0.6778.205
Internet Explorer: 11.0.19041.4355
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: Off)

Running processes:
Number | Path
   1  C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe
   1  C:\Program Files (x86)\Brother\iPrint&Scan\UsbAppControl\USBAppControl.exe
   1  C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl\WorkflowAppControl.exe
   1  C:\Program Files (x86)\Browny02\BrYNSvc.exe
   1  C:\Program Files (x86)\Internet Download Manager\IDMan.exe
   1  C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
   1  C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
   4  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avpui.exe
   1  C:\Program Files (x86)\Kofax\PaperPort\PDFProFiltSrvPP.exe
   1  C:\Program Files (x86)\Mirillis\Action!\ActionLauncher.exe
   1  C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Google\Drive File Stream\101.0.3.0\crashpad_handler.exe
   7  C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe
   1  C:\Program Files\Rainlendar2\Rainlendar2.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24112.110.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.252.442.0_x64__zpdnekdrzrea0\SpotifyWidgetProvider.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
   1  C:\Users\Ege Eren\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   2  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dasHost.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_f46d117f8b927113\ipfsvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
   1  C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_f1b47696babae655\x64\OmenCap\OmenCap.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9fa91fd364c14a3c\IntelCpHDCPSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd2e51a3073bf127\AS\IAS\IntelAudioService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_c493e10bcfd25250\ipf_helper.exe
   1  C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_c493e10bcfd25250\ipf_uf.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_7cee395598d7f1af\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\MoUsoCoreWorker.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  79  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   3  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe

O1 - Hosts: 127.0.0.1 mirillis.com
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll (sign: 'IObit CO., LTD')
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O2-32 - HKLM\..\BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Kofax\PDF Viewer 7\Bin\PlusIEContextMenu.dll (sign: 'Zeon Corporation')
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe --startup_mode (sign: 'Google LLC')
O4 - HKCU\..\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (sign: 'Tonec Inc.')
O4 - HKCU\..\Run: [Rainlendar2] = C:\Program Files\Rainlendar2\Rainlendar2.exe (not signed - no company - 7662B5F99C63F2DC195130F30D5D4AA62659351A)
O4 - HKLM\..\StartupApproved\Run32: [IndexSearch] = C:\Program Files (x86)\Kofax\PaperPort\IndexSearch.exe (sign: 'Kofax, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [PaperPort PTD] = C:\Program Files (x86)\Kofax\PaperPort\pptd40nt.exe (sign: 'Kofax, Inc.')
O4 - HKU\S-1-5-18\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe --startup_mode (User 'LocalSystem') (sign: 'Google LLC')
O4 - HKU\S-1-5-19\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe --startup_mode (User 'Local service') (sign: 'Google LLC')
O4 - HKU\S-1-5-20\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\101.0.3.0\GoogleDriveFS.exe --startup_mode (User 'Network service') (sign: 'Google LLC')
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Brother iPSMonitor.lnk    ->    C:\Program Files (x86)\Brother\iPrint&Scan\IPSMONITOR\iPSMonitor.exe --Startup (not signed - iPSMonitor - 201DB933492A52237AA3A5A8CCE92ED9C1197327)
O4-32 - HKLM\..\Run: [I19B] = C:\Windows\twain_32\Brimi19b\Common\TwDsUiLaunch.exe (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (sign: 'Kilonova LLC')
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 0
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (not signed - no company - 1A49C5F7A98580F8002AC1D6115AB39CB753975B)
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\PDF Viewer 7 ile Aç: (default) = C:\Program Files (x86)\Kofax\PDF Viewer 7\Bin\PlusIEContextMenu.dll (sign: 'Zeon Corporation')
O15 - Trusted Zone: hxxps://4no7h-files.sharepoint.com
O15 - Trusted Zone: hxxps://adbz-files.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (sign: 'Adobe Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Google\Drive File Stream\101.0.3.0\drivefsext.dll (sign: 'Google LLC')
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Google\Drive File Stream\101.0.3.0\x86\drivefsext.dll (sign: 'Google LLC')
O22 - Task (.job): (Not scheduled) update-S-1-5-21-558626871-841166075-3276843811-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (sign: 'OOO Lightshot')
O22 - Task (.job): (Not scheduled) update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (sign: 'OOO Lightshot')
O22 - Tasks: (disabled) \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Wsc Startup event listener created by enrollment client - C:\Windows\system32\deviceenroller.exe /s "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /WscStartupAlert (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{EAECE12D-073B-4592-A64D-1B54CB3B04CD} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Microsoft\Office\Office Serviceability Manager - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\officesvcmgr.exe /checkin (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipESU - C:\Windows\system32\clipesu.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\OS Edition Upgrade event listener created by enrollment client - C:\Windows\system32\deviceenroller.exe /s "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /OsEditionUpgradeAlert /SID "S-1-5-21-558626871-841166075-3276843811-1001" (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Passport for Work alert created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /PFW (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Provisioning initiated session - C:\Windows\system32\deviceenroller.exe /c /ProvInitiatedSession /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\PushLaunch - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /z (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\PushRenewal - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /y (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Refresh schedule created by Declared Configuration to refresh any settings changed on the device - C:\Windows\system32\deviceenroller.exe /c /DeclaredConfigurationRefresh /o 9465BB34-975D-4D4D-A43E-3ADEDB56F399 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule #1 created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule #2 created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule #3 created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /b (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule created by enrollment client for renewal of certificate warning - C:\Windows\system32\deviceenroller.exe /c /r /d 9465BB34-975D-4D4D-A43E-3ADEDB56F399 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule to run OMADMClient by client - C:\Windows\system32\omadmclient.exe /serverid "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /lookuptype 1 /initiator 0 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule to run OMADMClient by server - C:\Windows\system32\omadmclient.exe /serverid "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /lookuptype 1 /initiator 1 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Win10 S Mode event listener created by enrollment client - C:\Windows\system32\deviceenroller.exe /s "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /Win10SModeAlert /SID "S-1-5-21-558626871-841166075-3276843811-1001" (sign: 'Microsoft')
O22 - Tasks: ActionLauncher_Ege Eren - C:\Program Files (x86)\Mirillis\Action!\ActionLauncher.exe 5 (sign: 'Mirillis Sp. z o.o.')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (sign: 'Now.gg, INC')
O22 - Tasks: Driver Booster SkipUAC (Ege Eren) - C:\Program Files (x86)\IObit\Driver Booster\12.1.0\DriverBooster.exe /skipuac (sign: 'IObit CO., LTD')
O22 - Tasks: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\12.1.0\AutoUpdate.exe /auto (sign: 'IObit CO., LTD')
O22 - Tasks: IObit XM2024Sale (One-time) - C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\xmsale.exe /rpop (sign: 'IObit CO., LTD')
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe /waitUpgrade (sign: 'AO Kaspersky Lab')
O22 - Tasks: klcp_update - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /verysilent /update /freq=30 (not signed - no company - 31C72A30C5B4C88EC545F7734FCA4EAC0ED60A09)
O22 - Tasks: Launch Adobe CCXProcess - C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O22 - Tasks: Opera scheduled Autoupdate 1730485553 - C:\Users\Ege Eren\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Uninstaller_SkipUac_Ege_Eren - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer (sign: 'IObit CO., LTD')
O22 - Tasks: update-S-1-5-21-558626871-841166075-3276843811-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (sign: 'OOO Lightshot')
O22 - Tasks: update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (sign: 'OOO Lightshot')
O22 - Tasks: Wise Turbo Checker.job - C:\Program Files (x86)\Wise\Wise Care 365\WiseTurbo.exe (sign: 'Lespeed Technology Co., Ltd')
O23 - Service R2: @oem59.inf,%ServiceDisplayName%;Intel(R) Innovation Platform Framework Service - (ipfsvc) - C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_c493e10bcfd25250\ipf_uf.exe (sign: 'Intel Corporation')
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\UsbAppControl\USBAppControl.exe (not signed - no company - 48C11CAB78C8BA6E24D1EB4E03D97766A789AE7C)
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl\WorkflowAppControl.exe (not signed - no company - 8B8A36EBAC161832F9414AE4CFFCA2E64E89A3B7)
O23 - Service R2: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe (not signed - Brother Industries, Ltd. - 1FAFB994ECA8A5A86AA016C0131CD6519D7DA553)
O23 - Service R2: HP App Helper HSA Service - (HPAppHelperCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP Diagnostics HSA Service - (HPDiagsCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP Insights Analytics - (HpTouchpointAnalyticsService) - C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe (sign: 'HP Inc.')
O23 - Service R2: HP Network HSA Service - (HPNetworkCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP Omen HSA Service - (HPOmenCap) - C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_f1b47696babae655\x64\OmenCap\OmenCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP System Info HSA Service - (HPSysInfoCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe (sign: 'HP Inc.')
O23 - Service R2: Intel(R) Audio Service - (IntelAudioService) - C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd2e51a3073bf127\AS\IAS\IntelAudioService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9fa91fd364c14a3c\IntelCpHDCPSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Tuning Technology Telemetry Service - (dptftcs) - C:\Windows\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_f46d117f8b927113\ipfsvc.exe (invalid sign: CERT_E_CHAINING - Intel Corporation - 328BABA9E334CF3E33B5FC2E1DD1EB9CBBF00A6B)
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe (sign: 'IObit CO., LTD')
O23 - Service R2: Kaspersky Hizmeti 21.19 - (AVP21.19) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24090.11-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_7cee395598d7f1af\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_7cee395598d7f1af\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Kofax\PaperPort\PDFProFiltSrvPP.exe (sign: 'Kofax, Inc.')
O23 - Service S2: Google Güncelleyici Dahili Hizmeti (GoogleUpdaterInternalService132.0.6833.0) - (GoogleUpdaterInternalService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: Google Güncelleyici Hizmeti (GoogleUpdaterService132.0.6833.0) - (GoogleUpdaterService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Intel(R) Platform License Manager Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe (sign: 'Intel Corporation')
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe (sign: 'BattlEye Innovations e.K.')
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\131.0.6778.205\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.19 - (klvssbridge64_21.19) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: Wise Boot Assistant - (WiseBootAssistant) - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe (sign: 'Lespeed Technology Co., Ltd')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\Windows\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-19_arkmon - C:\Windows\System32\Drivers\klupd_K4W-21-19_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-19_klbg - C:\Windows\System32\Drivers\klupd_K4W-21-19_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\Windows\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-19 - (KLIF.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-19 - (klpd.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-19 - (klflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-19 - (klbackupdisk.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-19 - (klbackupflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-19 - (klkbdflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-19 - (klpnpflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-19 - (klgse.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-19 - (klhk.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-19 - C:\Windows\system32\DRIVERS\K4W-21-19\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-19 - C:\Windows\system32\DRIVERS\K4W-21-19\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-19 - C:\Windows\system32\DRIVERS\K4W-21-19\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R2: BlueStacks Hypervisor_nxt - (BlueStacksDrv_nxt) - C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys (sign: 'Microsoft' - Bluestack System Inc.)
O23 - Driver R2: googledrivefs31626 - C:\Program Files\Google\Drive File Stream\Drivers\31626\googledrivefs31626.sys (sign: 'Microsoft' - Google, Inc.)
O23 - Driver R2: IDMWFP - C:\Windows\System32\drivers\idmwfp.sys (sign: 'Microsoft' - Tonec Inc.)
O23 - Driver R3: ETDSMBus - C:\Windows\System32\drivers\ETDSMBus.sys (+safe mode) (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: HP Application Driver - (HPCustomCapDriver) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys (sign: 'Microsoft' - HP Inc.)
O23 - Driver R3: HP Omen Driver - (HPOmenCustomCapDriver) - C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_326f2e1d16385daf\x64\hpomencustomcapdriver.sys (+safe mode) (sign: 'HP Inc.')
O23 - Driver R3: igfxn - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_9fa91fd364c14a3c\igdkmdn64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) GNA Scoring Accelerator service - (IntelGNA) - C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_8e2f374849f1eba9\gna.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) HID Event Filter - (HidEventFilter) - C:\Windows\System32\DriverStore\FileRepository\hideventfilter.inf_amd64_a68fcfefc5a69554\HidEventFilter.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_0f5b7bb40dc5cf1b\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2_ADL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_6f8ae740d22247ce\iaLPSS2_GPIO2_ADL.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C_ADL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_563fbcd35feb69a6\iaLPSS2_I2C_ADL.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology BUS - (IntcAudioBus) - C:\Windows\System32\DriverStore\FileRepository\intcaudiobus.inf_amd64_7d48d2606277f739\IntcAudioBus.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology for Bluetooth® Audio - (IntcBTAu) - C:\Windows\System32\DriverStore\FileRepository\intcbtau.inf_amd64_eb318dbb0738fe3a\IntcBTAu.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology for Digital Microphones - (IntcDMic) - C:\Windows\System32\DriverStore\FileRepository\intcdmic.inf_amd64_52e6cb32c45d5b35\IntcDMic.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology OED - (IntcOED) - C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_dd2e51a3073bf127\IntcOED.sys (sign: 'Intel Corporation')
O23 - Driver R3: ipf_cpu - C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_c493e10bcfd25250\ipf_cpu.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: ipf_lf - C:\Windows\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_c493e10bcfd25250\ipf_lf.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: IUFileFilter - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUFileFilter.sys (sign: 'Microsoft' - IObit)
O23 - Driver R3: IUProcessFilter - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IUProcessFilter.sys (sign: 'IObit Information Technology')
O23 - Driver R3: IURegistryFilter - C:\Program Files (x86)\IObit\IObit Uninstaller\drivers\win10_amd64\IURegistryFilter.sys (sign: 'Microsoft' - IObit)
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-19 - (klmouflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-19 - C:\ProgramData\Kaspersky Lab\AVP21.19\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-19_klark - C:\Windows\System32\Drivers\klupd_K4W-21-19_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-19_mark - C:\Windows\System32\Drivers\klupd_K4W-21-19_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: Mediatek PCI LE Extensible Wireless LAN Card Driver - (mtkwlex) - C:\Windows\System32\DriverStore\FileRepository\mtkwl6ex.inf_amd64_d96220d92628de31\mtkwl6ex.sys (+safe mode) (sign: 'MEDIATEK INC.')
O23 - Driver R3: MTK BT Filter Driver - (MTKBTFilterx64) - C:\Windows\System32\DriverStore\FileRepository\mtkbtfilter.inf_amd64_4e18fe2e122d5d00\mtkbtfilterx.sys (sign: 'MEDIATEK INC.')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nvhmi.inf_amd64_7cee395598d7f1af\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVPCF Service - (nvpcf) - C:\Windows\System32\drivers\nvpcf.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Realtek PCIE Card Reader - PER - (RTSPER) - C:\Windows\System32\drivers\RtsPer.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Virtual Gamepad Emulation Service - (ViGEmBus) - C:\Windows\System32\DriverStore\FileRepository\vigembus.inf_amd64_8a927fc43d8a7838\x64\ViGEmBus.sys (sign: 'HP Inc.')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: WiseDelfile - C:\Windows\WiseDelfile64.sys (sign: 'Microsoft' - WiseCleaner.com)
O23 - Driver S3: WiseHDInfo - C:\Windows\WiseHDInfo64.dll (sign: 'Beijing Lang Xingda Network Technology Co., Ltd')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klim6'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klwtp.K4W-21-19'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'mtkwlex'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rt640x64'


--
End of file - Time spent: 13,8 sec. - 68228 bytes, CRC32: FFFFFFFF. Sign: ๢䟩

Paste ofCode

WarlegenD · 1 Ocak 2025

Merhabalar, öncelikle yeni yıllar ve emekleriniz ve vaktiniz için de ayrı teşekkür ederim. Benim sorunuma gelirsek görselde attığım uygulamaları bir kaç ay önce start up menüsünde fark ettim. Dosaya konumuna gidilmiyordu, online da arattığımda da bir sey bulamıyordum. Şüphelenmeye başladım şimdi üzerine düşmek istedim. Umarım loglardan bir şeyler elde edebilirsiniz.

Kod:

Logfile of HiJackThis+ (Plus) build 2024-12-25 Alpha v.3.4.0.14

Platform:  x64 Windows 10 (Pro), 10.0.19045.5247 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      01.01.2025 - 19:55 (UTC+03:00)
Language:  OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Memory:    25013 MiB Free. Loading RAM (25 %), CPU (16 %)
Elevated:  Yes
Ran by:    Berkin    (group: Administrators; type: Local) on DESKTOP-18FFVSM, FirstRun: yes

Chrome:  131.0.6778.205
Firefox: 115.0.3.8607
Internet Explorer: 11.0.19041.4355
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: Off) (Code Integrity: On)

Running processes:
Number | Path
   1  C:\Gaomon Tablet\x64\TabletDriverCore.exe
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avpui.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.19\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.19\ksdeui.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
  46  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\Google\Play Games Services\24.12.129.0\Service\data\windows.assets\crashpad_handler.exe
   1  C:\Program Files\Google\Play Games Services\24.12.129.0\Service\GooglePlayGamesServices.exe
   1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
   2  C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
   1  C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
   1  C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2450.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_26.95.25001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_26.95.25001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24112.110.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WSL\wslservice.exe
   1  C:\Users\Berkin\Desktop\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\servicing\TrustedInstaller.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adf5a840df867035\Display.NvContainer\NVDisplay.Container.exe
   2  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\IPROSetMonitor.exe
   1  C:\Windows\System32\LsaIso.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   1  C:\Windows\System32\rundll32.exe
   7  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   2  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  94  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\Taskmgr.exe
   1  C:\Windows\System32\wbem\WMIADAP.exe
   3  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   2  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.5071_none_7e3c4e707c6a2679\TiWorker.exe
   1  D:\Oyunlar\Origin\OriginWebHelperService.exe
   1  D:\Oyunlar\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe

O1 - Hosts: 127.0.0.1 keystone.mwbsys.com
O1 - Hosts.ICS: 172.27.16.1 DESKTOP-18FFVSM.mshome.net # 2028 6 5 2 13 32 23 798
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (file missing)
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (file missing)
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\131.0.6778.205\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [TabletDriver] = C:\Gaomon Tablet\x64\TabletDriverCore.exe (sign: 'GUANZHOU GAOMON ELECTRONIC TECHNOLOGY CO.,LTD .')
O4 - HKCU\..\Run: [WallpaperEngine] = D:\Oyunlar\SteamLibrary\steamapps\common\wallpaper_engine\wallpaper64.exe -silent (sign: 'Skutta Software GmbH')
O4 - HKCU\..\StartupApproved\Run: [AF_counter_2139460] = 3 (file missing) (2024/12/04)
O4 - HKCU\..\StartupApproved\Run: [AF_uuid_2139460] = 29a8f2ca-673c-4493-be4b-36376ee9d90f (file missing) (2024/12/04)
O4 - HKCU\..\StartupApproved\Run: [com.blitz.app] = C:\Users\Berkin\AppData\Local\Programs\Blitz\Blitz.exe --autostart (2023/03/21) (sign: 'Swift Media Entertainment, Inc.')
O4 - HKCU\..\StartupApproved\Run: [com.cron.electron] = C:\Users\Berkin\AppData\Local\Programs\cron-web\Notion Calendar.exe --process-start-args --from-login (2024/12/04) (not signed - Notion Labs, Inc. - D230A06B863F2EC53B74FD4604724EF36A7672A6)
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Berkin\AppData\Local\Discord\Update.exe --processStart Discord.exe (2020/11/07) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [electron.app.Notion] = C:\Users\Berkin\AppData\Local\Programs\Notion\Notion.exe --open-at-login (not signed - Notion Labs, Inc - A02CE11E2468D7A2A5309F7A18EAB8793FDB6CA5)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = D:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2020/12/21) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [GogGalaxy] = C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (2022/11/18) (sign: 'GOG Sp. z o.o.')
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (file missing) (2023/03/21)
O4 - HKCU\..\StartupApproved\Run: [JetBrains Toolbox] = C:\Users\Berkin\AppData\Local\JetBrains\Toolbox\bin\jetbrains-toolbox.exe --minimize (sign: 'JetBrains s.r.o.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_D0477188D4A2B215D42344DC167730D2] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2023/03/21) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Berkin\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2020/11/19) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\Berkin\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (2021/09/14) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [Overwolf] = D:\Programlar\Overwolf\OverwolfLauncher.exe -overwolfsilent (2020/12/24) (sign: 'Overwolf Ltd')
O4 - HKCU\..\StartupApproved\Run: [ProtonVPN] = D:\Proton Technologies\ProtonVPN\ProtonVPN.exe (file missing) (2023/03/21)
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = D:\Oyunlar\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2023/06/19) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2020/11/07) (sign: 'Valve Corp.')
O4 - HKCU\..\StartupApproved\Run: [UIDriver] = C:\Gaomon Tablet\Gaomon Tablet.exe huion-hklm (sign: 'GUANZHOU GAOMON ELECTRONIC TECHNOLOGY CO.,LTD .')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true (sign: 'SteelSeries ApS')
O4 - HKLM\..\StartupApproved\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (2023/06/19) (sign: 'Riot Games, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (sign: 'Kilonova LLC')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (file missing)
O17 - DHCP DNS 1: 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - DHCP DNS 2: 1.0.0.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{97101ef7-75e9-4291-8eb0-a9906b30035e}: [NameServer] = 1.0.0.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{97101ef7-75e9-4291-8eb0-a9906b30035e}: [NameServer] = 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O22 - Task (.job): (Not scheduled) update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (sign: 'OOO Lightshot')
O22 - Task (.job): MATLAB R2020b Startup Accelerator.job - D:\Programlar\MATLAB\R2020b\bin\win64\MATLABStartupAccelerator.exe (not signed - no company - BD3B6F6486DE11A6A51FA3BB5F4FB45957105825)
O22 - Task (.job): update-S-1-5-21-2404667770-1117600877-3542829236-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (sign: 'OOO Lightshot')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AVAST Software (empty)
O22 - Tasks: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\Windows\system32\MusNotification.exe /RunOnAC Reboot (sign: 'Microsoft')
O22 - Tasks: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\Windows\system32\MusNotification.exe /RunOnBattery Reboot (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-2404667770-1117600877-3542829236-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) MATLAB R2020b Startup Accelerator - D:\Programlar\MATLAB\R2020b\bin\win64\MATLABStartupAccelerator.exe (not signed - no company - BD3B6F6486DE11A6A51FA3BB5F4FB45957105825)
O22 - Tasks: (disabled) NvBroadcast_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\NVIDIA Broadcast UI.exe -minimized (sign: 'NVIDIA Corporation')
O22 - Tasks: (disabled) OneDrive Reporting Task-S-1-5-21-2404667770-1117600877-3542829236-1001 - C:\Users\Berkin\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: (disabled) Opera scheduled assistant Autoupdate 1620033587 - C:\Users\Berkin\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\Berkin\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Tasks: (disabled) Optimize Push Notification Data File-S-1-5-21-2404667770-1117600877-3542829236-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\Windows\System32\wpninprc.dll (file missing)
O22 - Tasks: (disabled) Overwolf Updater Task - C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom Schedule (sign: 'Overwolf Ltd')
O22 - Tasks: (disabled) update-S-1-5-21-2404667770-1117600877-3542829236-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (sign: 'OOO Lightshot')
O22 - Tasks: (disabled) update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (sign: 'OOO Lightshot')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{BC790D0E-F41E-4C25-90B6-2D61F3433358} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Microsoft\Windows\Clip\ClipESU - C:\Windows\system32\clipesu.exe (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: Google Play Games Notifier - E:\Play Games\Google\Play Games\Bootstrapper.exe /bg (sign: 'Google LLC')
O22 - Tasks: MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: Opera scheduled Autoupdate 1620033580 - C:\Users\Berkin\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_26.95.25001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_26.95.25001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: Google Play Games Services (24.12.129.0) - (GooglePlayGamesServices-24.12.129.0) - C:\Program Files\Google\Play Games Services\24.12.129.0\Service\GooglePlayGamesServices.exe (sign: 'Google LLC')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) PROSet Monitoring Service - C:\Windows\system32\IProsetMonitor.exe (sign: 'ND_Apps')
O23 - Service R2: Kaspersky Hizmeti 21.19 - (AVP21.19) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: Kaspersky VPN Secure Connection Hizmeti 5.19 - (KSDE5.19) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.19\ksde.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: NVIDIA Broadcast LocalSystem Container - (NvBroadcast.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\NvBroadcast.Container.exe -s NvBroadcast.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvBroadcast.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvBroadcast.NvContainer\plugins\LocalSystem" -r -p 30000  (sign: 'Nvidia Corporation')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adf5a840df867035\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adf5a840df867035\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -ert (sign: 'NVIDIA Corporation')
O23 - Service R2: Origin Web Helper Service - D:\Oyunlar\Origin\OriginWebHelperService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_550508a90a3c9a47\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: WSL Service - (WSLService) - C:\Program Files\WSL\wslservice.exe (sign: 'Microsoft')
O23 - Service S2: Google Updater Internal Service (GoogleUpdaterInternalService132.0.6833.0) - (GoogleUpdaterInternalService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: Google Updater Service (GoogleUpdaterService132.0.6833.0) - (GoogleUpdaterService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\TPMProvisioningService.exe (sign: 'Intel Corporation')
O23 - Service S2: Windows Subsystem for Linux - (WslInstaller) - C:\Program Files\WindowsApps\MicrosoftCorporationII.WindowsSubsystemForLinux_2.3.26.0_x64__8wekyb3d8bbwe\wslinstaller.exe (sign: 'Microsoft')
O23 - Service S3: AntiCheatExpert Protection - C:\Program Files\AntiCheatExpert\ACE-Service64.exe -autorun (sign: 'ACEVILLE PTE LTD')
O23 - Service S3: AntiCheatExpert Service - C:\Program Files\AntiCheatExpert\SGuard\x64\SGuardSvc64.exe -autorun (sign: 'ACEVILLE PTE LTD')
O23 - Service S3: Battle.net Update Helper Svc - (battlenet_helpersvc) - C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe (sign: 'Blizzard Entertainment, Inc.')
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe (sign: 'BattlEye Innovations e.K.')
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: EQU8_39 - C:\ProgramData\EQU8\KovaaK's\bin\anticheat.x64.equ8.exe (sign: 'Int3 Software AB')
O23 - Service S3: FACEITService - C:\Program Files\FACEIT AC\faceitservice.exe (sign: 'FACE IT LIMITED')
O23 - Service S3: GalaxyClientService - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe (sign: 'GOG Sp. z o.o.')
O23 - Service S3: GalaxyCommunication - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe (sign: 'GOG Sp. z o.o.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\131.0.6778.205\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe (sign: 'Intel Corporation')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.19 - (klvssbridge64_21.19) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: Microsoft Defender Core Service - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.24050.7-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: Origin Client Service - D:\Oyunlar\Origin\OriginClientService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Overwolf Updater Windows SCM - (OverwolfUpdater) - C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe /RunningFrom SCM (sign: 'Overwolf Ltd')
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (file missing)
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: SteelSeries GG Update Service Proxy - (SteelSeriesGGUpdateServiceProxy) - C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe (sign: 'SteelSeries ApS')
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe (sign: 'Wellbia.com Co., Ltd.')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe (sign: 'Oracle Corporation')
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe (sign: 'KRAFTON, Inc.')
O23 - Driver R: (no name) - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\Windows\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: FACEIT - C:\Windows\System32\Drivers\FACEIT.sys (sign: 'Microsoft' - no company)
O23 - Driver R0: klupd_K4W-21-19_arkmon - C:\Windows\System32\Drivers\klupd_K4W-21-19_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-19_klbg - C:\Windows\System32\Drivers\klupd_K4W-21-19_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: GHAXM - (googlehaxm) - C:\Windows\system32\drivers\GoogleHaxm.sys (sign: 'Microsoft' - Google)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\Windows\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-19 - (klif.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-19 - (klpd.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-19 - (klflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-19 - (klbackupdisk.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-19 - (klbackupflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-19 - (klkbdflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-19 - (klpnpflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-19 - (klgse.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-19 - (KLHK.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-19 - C:\Windows\system32\DRIVERS\K4W-21-19\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-19 - C:\Windows\system32\DRIVERS\K4W-21-19\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-19 - C:\Windows\system32\DRIVERS\K4W-21-19\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R1: VirtualBox NDIS6 Bridged Networking Service - (VBoxNetLwf) - C:\Windows\system32\DRIVERS\VBoxNetLwf.sys (+safe mode) (sign: 'Oracle Corporation')
O23 - Driver R1: VirtualBox Service - (VBoxSup) - C:\Windows\system32\DRIVERS\VBoxSup.sys (sign: 'Oracle Corporation')
O23 - Driver R1: VirtualBox USB Monitor Service - (VBoxUSBMon) - C:\Windows\system32\DRIVERS\VBoxUSBMon.sys (sign: 'Oracle Corporation')
O23 - Driver R2: IDMWFP - C:\Windows\system32\DRIVERS\idmwfp.sys (sign: 'Tonec Inc.')
O23 - Driver R3: GAOMON HID - (vmulti) - C:\Windows\System32\drivers\vmulti.sys (sign: 'Microsoft' - Windows (R) Win 7 DDK provider)
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_6557ea4289534d04\x64\TeeDriverW10x64.sys (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Driver R3: Intel(R) PRO/1000 PCI Express Network Connection Driver D - (e1dexpress) - C:\Windows\System32\DriverStore\FileRepository\e1d68x64.inf_amd64_26255692c8b1c6b6\e1d68x64.sys (+safe mode) (sign: 'INTELEPGSW2022')
O23 - Driver R3: Intel(R) Watchdog Timer Driver (Intel(R) WDT) - (ICCWDT) - C:\Windows\System32\drivers\ICCWDT.sys (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-19 - (klmouflt.K4W-21-19) - C:\Windows\system32\DRIVERS\K4W-21-19\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: Kaspersky VPN - (kltun) - C:\Windows\system32\DRIVERS\kltun.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-19 - C:\ProgramData\Kaspersky Lab\AVP21.19\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-19_klark - C:\Windows\System32\Drivers\klupd_K4W-21-19_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-19_mark - C:\Windows\System32\Drivers\klupd_K4W-21-19_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: NVIDIA Broadcast - (nvrtxvad_WaveExtensible) - C:\Windows\system32\drivers\nvrtxvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_adf5a840df867035\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Realtek Bluetooth Filter Driver - (RtkBtFilter) - C:\Windows\System32\drivers\RtkBtfilter.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SteelSeries Device Factory Service - (ssdevfactory) - C:\Windows\System32\drivers\ssdevfactory.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries Sonar Driver - (SteelSeries_Sonar_VAD) - C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_7a086649438f4409\SteelSeries-Sonar-VAD.sys (sign: 'SteelSeries ApS')
O23 - Driver R3: VirtualBox NDIS 6.0 Miniport Service - (VBoxNetAdp) - C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys (+safe mode) (sign: 'Oracle Corporation')
O23 - Driver S1: Android Emulator Hypervisor Driver Service - (gvm) - C:\Windows\system32\DRIVERS\gvm.sys (sign: 'Google LLC')
O23 - Driver S3: @oem61.inf,%LGBusEnum.SVCDESC%;Logitech G HUB Virtual Bus Enumerator Driver - (logi_joy_bus_enum) - C:\Windows\system32\drivers\logi_joy_bus_enum.sys (sign: 'Logitech Inc')
O23 - Driver S3: @oem61.inf,%LGJoyXlCore.SVCDESC%;Logitech G HUB Translation Layer Driver - (logi_joy_xlcore) - C:\Windows\system32\drivers\logi_joy_xlcore.sys (sign: 'Logitech Inc')
O23 - Driver S3: ACE-BASE - C:\Windows\system32\drivers\ACE-BASE.sys (sign: 'Microsoft' - ANTICHEATEXPERT.COM)
O23 - Driver S3: ace-game - C:\Windows\System32\drivers\ace-game.sys (sign: 'Tencent Technology (Shenzhen) Company Limited')
O23 - Driver S3: ace-game-0 - C:\Windows\System32\drivers\ace-game-0.sys (file missing)
O23 - Driver S3: ACE-SSC-DRV64 - C:\Program Files\AntiCheatExpert\SGuard\x64\plugins\ACE-SSC-DRV64.sys (sign: 'Microsoft' - ANTICHEATEXPERT.COM)
O23 - Driver S3: cpuz149 - C:\Windows\temp\cpuz149\cpuz149_x64.sys (file missing)
O23 - Driver S3: equ8_helper - C:\Windows\system32\DRIVERS\equ8_helper.sys (file missing)
O23 - Driver S3: EQU8_HELPER_39 - C:\Windows\system32\DRIVERS\EQU8_HELPER_39.sys (sign: 'Int3 Software AB')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Logitech G HUB Virtual HID Device Driver - (logi_joy_vir_hid) - C:\Windows\system32\drivers\logi_joy_vir_hid.sys (sign: 'Logitech Inc')
O23 - Driver S3: LogMeIn Hamachi Virtual Miniport) - (Hamachi) - C:\Windows\system32\DRIVERS\Hamdrv.sys (+safe mode) (sign: 'Microsoft' - LogMeIn Inc.)
O23 - Driver S3: Nal Service  - (NAL) - C:\Windows\system32\Drivers\iqvsw64e.sys (sign: 'ND_QV')
O23 - Driver S3: NEProtect - D:\Oyunlar\SteamLibrary\steamapps\common\Once Human\NEProtect.sys (file missing)
O23 - Driver S3: rsDwf - C:\Windows\system32\DRIVERS\rsDwf.sys (file missing)
O23 - Driver S3: SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: TAP-ProtonVPN Windows Adapter V9 - (tapprotonvpn) - C:\Windows\System32\drivers\tapprotonvpn.sys (+safe mode) (sign: 'Microsoft' - The OpenVPN Project)
O23 - Driver S3: TAP-Windows Adapter V9 - (tap0901) - C:\Windows\System32\drivers\tap0901.sys (+safe mode) (sign: 'McAfee, LLC.')
O23 - Driver S3: WireGuard - C:\Windows\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Driver S3: xhunter1 - C:\Windows\xhunter1.sys (sign: 'Wellbia.com Co., Ltd.')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'e1dexpress'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Hamachi'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klim6'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'kltun'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klwtp.K4W-21-19'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tap0901'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tapprotonvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'VBoxNetAdp'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'VBoxNetLwf'


--
End of file - Time spent: 23,8 sec. - 75306 bytes, CRC32: FFFFFFFF. Sign: ᩹鏷

CyberJo3 · 3 Ocak 2025

Rica etsem benim de HijackThis log dosyamı inceler misiniz?

MetinÜZEN · 4 Ocak 2025

Merhaba benim içinde bir inceleme yapabilir misiniz?

Kod:

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 13:48:25, on 4.01.2025
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.26100.1882)


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 24.3\kpm_tray.exe
C:\Users\Metin Üzen\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_31D2A51A2715FA62A350CF1E20061885] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlansp_c.dll
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Kaspersky Hizmeti 21.19 (AVP21.19) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\avp.exe
O23 - Service: @oem90.inf,%AcpiBridge1.SVCDESC%;Control Center Hotkey Service (CCDCHUService) - Unknown owner - C:\WINDOWS\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_2a0208b3676c8a9c\DCHUService.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_6a13a6d40d93da6f\IntelCpHDCPSvc.exe
O23 - Service: VoiceDetect Monitor Service (Creative.VADMonitorService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Creative App\Creative.VADMonitorService.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @oem39.inf,%ServiceDisplayName%;Intel(R) Dynamic Tuning Technology Telemetry Service (dptftcs) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dtt_sw.inf_amd64_683097297aaa9bb4\ipfsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: NVIDIA FrameView SDK service (FvSvc) - NVIDIA - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
O23 - Service: @%systemroot%\system32\GameInputSvc.exe,-101 (GameInputSvc) - Unknown owner - C:\WINDOWS\System32\GameInputSvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) (GoogleChromeElevationService) - Google LLC - C:\Program Files\Google\Chrome\Application\131.0.6778.205\elevation_service.exe
O23 - Service: Google Güncelleyici Dahili Hizmeti (GoogleUpdaterInternalService132.0.6833.0) (GoogleUpdaterInternalService132.0.6833.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe
O23 - Service: Google Güncelleyici Hizmeti (GoogleUpdaterService132.0.6833.0) (GoogleUpdaterService132.0.6833.0) - Google LLC - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe
O23 - Service: Intel(R) Graphics Command Center Service (igccservice) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_630c90b3d4347f0d\OneApp.IGCC.WinService.exe
O23 - Service: @oem46.inf,%PlatformLicenseManagerServiceName%;Intel(R) Platform License Manager Service (Intel(R) Platform License Manager Service) - Intel(R) Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Intel - C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\\AS\\IAS\\IntelAudioService.exe
O23 - Service: @oem17.inf,%ServiceDisplayName%;Intel(R) Innovation Platform Framework Service (ipfsvc) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\ipf_cpu.inf_amd64_fe2967a6eb0d3a7d\ipf_uf.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Kaspersky Volume Shadow Copy Service Bridge 21.19 (klvssbridge64_21.19) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.19\x64\vssbridge64.exe
O23 - Service: Kaspersky Password Manager 24.3 Service (kpm_service_24.3) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 24.3\kpm_service.exe
O23 - Service: @%SystemRoot%\System32\localkdcsvc.dll,-1 (LocalKdc) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\nvcvi.inf_amd64_116d714430800ce5\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ReFsDedupSvc.exe,-100 (refsdedupsvc) - Unknown owner - C:\WINDOWS\System32\ReFsDedupSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Universal Service (RtkAudioUniversalService) - Realtek Semiconductor - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_5fd7659c24c054cd\RtkAudUService64.exe
O23 - Service: Razer Central Service (RzActionSvc) - Razer Inc. - C:\Program Files (x86)\Razer\Razer Services\Razer Central\RazerCentralService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTrap) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Intel(R) Management Engine WMI Provider Registration (WMIRegistrationService) - Intel Corporation - C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8869 bytes

Murat5038 · 23 Ocak 2025

DeepHunter dedi:
Öncelikle bizlere böyle fedakarca bir yardımda bulunup, zaman ayırdığınız için teşekkür ederim. Chrome tarayıcısı kullanıyorum ve sürekli şifrelerime ulaşan birilerinin olduğunu düşünüyorum. Kayıtlı sitelerden mail adresime şifre güncelleme yada yenileme linkleri geliyor '' Dakikada 4-5 adet'' Loglardan umarım birşeylere ulaşabiliriz.

Rica ederim, çok geç dönüş yaptım k.b. Fazla bakamıyorum sosyale çünkü.
IObit yazılımlarını kaldırın.
PDF ve yazıcı sürümlerini güncelleyin varsa.
Sürücü bulucu kullanmışsınız bu da sorunlara yol açabilirkaldıırn kullanmayın hiçbir zaman.
Bunlarında dışında sorun yok dediğin olayı etkileyecek.

Have I Been Pwned: Check if your email address has been exposed in a data breach

Have I Been Pwned allows you to check whether your email address has been exposed in a data breach.

haveibeenpwned.com

Buradan mail ve telefon gibi şeylerinizi kontrol sağalyıp önleminizi alın.

Bunları fixleyin:

Kod:

O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\OS Edition Upgrade event listener created by enrollment client - C:\Windows\system32\deviceenroller.exe /s "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /OsEditionUpgradeAlert /SID "S-1-5-21-558626871-841166075-3276843811-1001" (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Passport for Work alert created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /PFW (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Provisioning initiated session - C:\Windows\system32\deviceenroller.exe /c /ProvInitiatedSession /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\PushLaunch - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /z (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\PushRenewal - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /y (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Refresh schedule created by Declared Configuration to refresh any settings changed on the device - C:\Windows\system32\deviceenroller.exe /c /DeclaredConfigurationRefresh /o 9465BB34-975D-4D4D-A43E-3ADEDB56F399 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule #1 created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule #2 created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule #3 created by enrollment client - C:\Windows\system32\deviceenroller.exe /o "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /b (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule created by enrollment client for renewal of certificate warning - C:\Windows\system32\deviceenroller.exe /c /r /d 9465BB34-975D-4D4D-A43E-3ADEDB56F399 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule to run OMADMClient by client - C:\Windows\system32\omadmclient.exe /serverid "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /lookuptype 1 /initiator 0 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Schedule to run OMADMClient by server - C:\Windows\system32\omadmclient.exe /serverid "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /lookuptype 1 /initiator 1 (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\EnterpriseMgmt\9465BB34-975D-4D4D-A43E-3ADEDB56F399\Win10 S Mode event listener created by enrollment client - C:\Windows\system32\deviceenroller.exe /s "9465BB34-975D-4D4D-A43E-3ADEDB56F399" /c /Win10SModeAlert /SID "S-1-5-21-558626871-841166075-3276843811-1001" (sign: 'Microsoft')

WarlegenD dedi:
görselde attığım uygulamaları bir kaç ay önce start up menüsünde fark ettim. Dosaya konumuna gidilmiyordu, online da arattığımda da bir sey bulamıyordum. Şüphelenmeye başladım şimdi üzerine düşmek istedim.

Onlar genelde silinmiş bir yazılımın kaydı oluyor MS buna doğru düzgün hala bir çözüm bulamadı. Zararlı olarak sadece düşünmeyin yani.

WarlegenD dedi:
Merhabalar, öncelikle yeni yıllar ve emekleriniz ve vaktiniz için de ayrı teşekkür ederim.

Teşekkür ederim iyi dilekleriniz için size de

Resimdekilerin kaynağı Appsflyer adındaki şirketin bir yazılımını kullanıyorsunuz veya kullanmışssınız. Araştırdığım kadarıyla TRT uygulamalarından tabii vb. kullandıysanız oradan kaynaklı.

Bunları fixleyin:

Kod:

O4 - HKCU\..\StartupApproved\Run: [AF_counter_2139460] = 3 (file missing) (2024/12/04)
O4 - HKCU\..\StartupApproved\Run: [AF_uuid_2139460] = 29a8f2ca-673c-4493-be4b-36376ee9d90f (file missing) (2024/12/04)

Gaomon Tablet adında da bilinmedik bir sürü var tablet vb. bir araç kullanmıyorsanız kaldırın.

CyberJo3 dedi:
Rica etsem benim de HijackThis log dosyamı inceler misiniz?

Kuralları okuyup sormalıydınız. Sorunlu gördüklerimi fixlettiriyorum o zaman:

Kod:

O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Kingsoft\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Kingsoft\WPS Office\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Kingsoft\WPS Office\12.2.0.19307\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Kingsoft\WPS Office\12.2.0.19307\office6\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Kingsoft\WPS Office\12.2.0.19307\office6\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Kingsoft\WPS Office\12.2.0.19307\office6\kwpsmenushellext64.dll_d_242859 -> DELETE (size: 700288 bytes, SHA256: FEE7C5EFF461EBAF708D889F0D8AF8C0290BBE59AEAF68BA41E8C61BFA847D37)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\_iu14D2N.tmp -> DELETE (size: 1343048 bytes, SHA256: 5761E7789D813626CD68EE1E62429CFEB92BDD814CD29EF12FC4AE9EC1DBAFF3)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsu.tmp -> DELETE (file missing)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsu.tmp\Au_.exe -> DELETE (size: 165590 bytes, SHA256: E608BB67286BF3B1DC26FA0CE941B92E1768948AE33B19904AA68CD435048A8C)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsuA.tmp -> DELETE (file missing)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsuA.tmp -> DELETE (file missing)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsuA.tmp -> DELETE (file missing)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsuA.tmp\Un_A.exe -> DELETE (size: 182728 bytes, SHA256: EAA828B809A3FCEA92C11ABEE56492478B7E528E42F4AD44821012F9EC8CCEF4)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsuA.tmp\Un_B.exe -> DELETE (size: 778649 bytes, SHA256: 3FA2BFC21DB85D537636D09CE543631639EC85404E7A77E1F966F7BCDDAFB5EE)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\~nsuA.tmp\Un_C.exe -> DELETE (size: 103394 bytes, SHA256: A6457CA8F7A14BA363E6F8467C020E62425EEEC755EE1C7A57068E8952C16672)
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Local\Temp\nss6DBF.tmp\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Roaming\Kingsoft\wps\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Roaming\Kingsoft\wps\dcsdk\ -> DELETE
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\JC\AppData\Roaming\Kingsoft\wps\dcsdk\cache.db -> DELETE (size: 16777216 bytes, SHA256: 1C2FE331253D58662539A7C8BD820BDDA655E2A7EBB3A198FC3C8BB969093EC2)

MetinÜZEN dedi:
Merhaba benim içinde bir inceleme yapabilir misiniz?

Siz de aynı şekilde kuralları okumadan yazmışssınız.
Baktığımda bir sorun görünmüyor.

kai.zen · 24 Ocak 2025

Selamlar, rica etsem inceler misiniz? Teşekkür ederim.

Kod:

Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17

Platform:  x64 Windows 11 (Pro), 10.0.22631.4751 (ReleaseId: 2009, 23H2), Service Pack: 0
Time:      24.01.2025 - 13:58 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    9,57 GiB Free / 16. Loading RAM (39 %), CPU (5 %)
Disk C:    136,59 GiB Free / 465 (SSD, GPT)
Elevated:  Yes
Ran by:    ipros    (group: Administrators; type: Microsoft) on KEREM, FirstRun: yes

Internet Explorer: 11.0.22621.3527
Default: "C:\Users\ipros\AppData\Local\Programs\Opera GX\opera.exe" -noautoupdate -- "%1" (Opera GX Internet Browser)

Boot mode: Normal (Secure Boot: On) (Code Integrity: On)

Running processes:
Number | Path
   3  C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
   1  C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
   1  C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.43\AsusFanControlService.exe
   1  C:\Program Files (x86)\ASUS\AXSP\4.03.12\atkexComSvc.exe
   1  C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
   1  C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler.exe
   1  C:\Program Files (x86)\BraveSoftware\Update\1.3.361.151\BraveCrashHandler64.exe
   1  C:\Program Files (x86)\LightingService\LightingService.exe
   1  C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
   1  C:\Program Files\AMD\CNext\CNext\amdow.exe
   1  C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
   1  C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
   1  C:\Program Files\AMD\CNext\CNext\cncmd.exe
   1  C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
   1  C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe
   1  C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
   1  C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
   1  C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
   1  C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
   1  C:\Program Files\Microsoft Update Health Tools\uhssvc.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\WindowsApps\28017CharlesMilette.TranslucentTB_2024.3.0.0_x64__v826wp6bftszj\TranslucentTB.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
   6  C:\Users\ipros\AppData\Local\Discord\app-1.0.9179\Discord.exe
   1  C:\Users\ipros\AppData\Local\Programs\Opera GX\115.0.5322.152\opera_crashreporter.exe
  31  C:\Users\ipros\AppData\Local\Programs\Opera GX\opera.exe
   6  C:\Users\ipros\AppData\Roaming\Spotify\Spotify.exe
   1  C:\Users\ipros\Downloads\HiJackThis\HiJackThis.exe
   1  C:\Users\ipros\OneDrive\Masaüstü\goodbyedpi-0.2.3rc3-turkey\x86_64\goodbyedpi.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\cmd.exe
   2  C:\Windows\System32\conhost.exe
   1  C:\Windows\System32\CorsairGamingAudioCfgService64.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrsr.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0ba3dc7378fedf6\RstMwService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atiesrxx.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\LsaIso.exe
   1  C:\Windows\System32\lsass.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\SpaceAgent.exe
   1  C:\Windows\System32\spaceman.exe
  28  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SysWOW64\wallpaperservice32.exe

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_421\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_421\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.50\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\Run: [Discord] = C:\Users\ipros\AppData\Local\Discord\Update.exe --processStart Discord.exe (sign: 'Discord Inc.')
O4 - HKCU\..\Run: [Spotify] = C:\Users\ipros\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (sign: 'Spotify AB')
O4 - HKCU\..\StartupApproved\Run: [AMDNoiseSuppression] = C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe (2024/08/08) (sign: 'Advanced Micro Devices Inc.')
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2024/08/08) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [electron.app.OP.GG] = C:\Users\ipros\AppData\Local\Programs\OP.GG\OP.GG.exe (2025/01/22) (not signed - OP.GG - 4C635A21B7854E05C88FD2EA8C307F196A13169E)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2024/08/04) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [Medal] = C:\Users\ipros\AppData\Local\Medal\update.exe --processStart "Medal.exe" (2025/01/22) (sign: 'Ferox Games B.V.')
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\ipros\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2025/01/22) (sign: 'Opera Software AS')
O4 - HKCU\..\StartupApproved\Run: [Opera GX Stable] = C:\Users\ipros\AppData\Local\Programs\Opera GX\opera.exe (2024/08/04) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2024/08/04) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2024/08/04) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (sign: 'Riot Games, Inc.')
O4 - HKLM\..\StartupApproved\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe -background (2025/01/22) (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (2025/01/22) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/01/22) (sign: 'Oracle America, Inc.')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [Discord] = C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall (sign: 'Discord Inc.')
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O7 - Policy: HKCU\..\Windows\Explorer: [DisableSearchBoxSuggestions] = 1
O7 - Policy: HKLM\..\Windows\Explorer: [DisableSearchBoxSuggestions] = 1
O7 - Policy: HKLM\..\Windows\Explorer: [ShowOrHideMostUsedApps] = 2
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore1dae3f9589300ab - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\P508PowerAgent_sdk - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (file missing)
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP (sign: 'Advanced Micro Devices')
O22 - Tasks: BraveSoftwareUpdateTaskMachineCore{368D436A-641A-4398-A760-21656773FB76} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA{BDF64A72-91AD-4EB3-A891-82431D919707} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser (sign: 'Advanced Micro Devices')
O22 - Tasks: Opera GX scheduled assistant Autoupdate 1723638781 - C:\Users\ipros\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\ipros\AppData\Local\Programs\Opera GX\assistant" $(Arg0) (file missing)
O22 - Tasks: Opera GX scheduled Autoupdate 1722506921 - C:\Users\ipros\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices')
O22 - Tasks: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices')
O23 - Service R2: @oem26.inf,%RstMwService.ServiceName%;Intel(R) Storage Middleware Service - (RstMwService) - C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0ba3dc7378fedf6\RstMwService.exe (sign: 'Intel Corporation')
O23 - Service R2: AMD Crash Defender Service - C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\atiesrxx.exe (sign: 'Advanced Micro Devices')
O23 - Service R2: ARMOURY CRATE Service - (ArmouryCrateService) - C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS AURA SYNC lighting service - (LightingService) - C:\Program Files (x86)\LightingService\LightingService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Asus Certificate Service - (AsusCertService) - C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Com Service - (asComSvc) - C:\Program Files (x86)\ASUS\AXSP\4.03.12\atkexComSvc.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusFanControlService - C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.43\AsusFanControlService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Corsair Gaming Audio Configuration Service - (CorsairGamingAudioConfig) - C:\Windows\System32\CorsairGamingAudioCfgService64.exe (sign: 'Microsoft')
O23 - Service R2: GameSDK Service - C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: GoodbyeDPI - C:\Users\ipros\OneDrive\Masaüstü\goodbyedpi-0.2.3rc3-turkey\x86_64\goodbyedpi.exe -5 --set-ttl 5 --dns-addr 77.88.8.8 --dns-port 1253 --dnsv6-addr 2a02:6b8::feed:0ff --dnsv6-port 1253 (not signed - no company - 478F336AB054623ABFA691F11F12BC3BE31DEABE)
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_2c6939fa3ca49312\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Wallpaper Engine Service - C:\Windows\SysWOW64\wallpaperservice32.exe -p "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" (sign: 'Skutta Software GmbH')
O23 - Service S2: @oem6.inf,%PlatformLicenseManagerServiceName%;Intel(R) Platform License Manager Service - (Intel(R) Platform License Manager Service) - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe (sign: 'Intel Corporation')
O23 - Service S2: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: AsusUpdateCheck - C:\Windows\System32\AsusUpdateCheck.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S3: Armoury Crate Download Tool - (ArmouryCrateDownloadTool) - C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_1a978b89f16e1813\ArmouryLiveUpdate.exe (sign: 'ASUSTeK Computer Inc.')
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\132.1.74.50\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: EAAntiCheatService - C:\Program Files\EA\AC\eaanticheat.gameservice.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Easy Anti-Cheat (Epic Online Services) - (EasyAntiCheat_EOS) - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Service S3: Yazıcı Uzantıları ve Bildirimleri - (PrintNotify) - C:\Windows\system32\svchost.exe -k print; "ServiceDll" = C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (not signed - Microsoft Corporation - 8C9FC924BE54376B864FA42AF38D8597253C6404)
O23 - Driver R: ASUS Kernel Mode Driver for NT  - C:\Windows\system32\drivers\IOMap64.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R: The WinDivert 2.2 driver [URL: hxxps://reqrypt.org/windivert.html] [Bitcoin: 1C5vZVSbizPeZ8ydTYhUfm4LA2cNwBfcYh] - C:\Users\ipros\OneDrive\Masaüstü\goodbyedpi-0.2.3rc3-turkey\x86_64\WinDivert64.sys (sign: 'Cloudveil Technology Inc.')
O23 - Driver R0: @oem26.inf,%iaStorVD.ServiceName%;Intel(R) Chipset VMD RST Controller service - (iaStorVD) - C:\Windows\System32\drivers\iaStorVD.sys (sign: 'Intel Corporation')
O23 - Driver R0: @oem3.inf,%AMDKMPFD_svcdesc%;AMD PCI Root Bus Lower Filter - (amdkmpfd) - C:\Windows\System32\drivers\amdkmpfd.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R1: Asusgio3 - C:\Windows\system32\drivers\AsIO3.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R1: CTIAIO - C:\Windows\system32\drivers\CtiAIo64.sys (sign: 'Microsoft' - Creative Technology Innovation Co., LTd.)
O23 - Driver R1: MSIO - C:\Windows\system32\drivers\MsIo64.sys (sign: 'Microsoft' - MICSYS Technology Co., LTd)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R3: @oem10.inf,%dev.SVCDESC%;Corsair Bus - (CorsairVBusDriver) - C:\Windows\System32\drivers\CorsairVBusDriver.sys (sign: 'Microsoft' - Corsair)
O23 - Driver R3: @oem11.inf,%AMDFENDR_svcdesc%;AMD Crash Defender Driver - (amdfendr) - C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: @oem11.inf,%AMDFENDRMGR_svcdesc%;AMD Crash Defender Manager Driver - (amdfendrmgr) - C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_05bfde18331c4d58\amdfendrmgr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: @oem2.inf,%dev.SVCDESC%;Corsair virtual device - (CorsairVHidDriver) - C:\Windows\System32\drivers\CorsairVHidDriver.sys (sign: 'Microsoft' - Corsair)
O23 - Driver R3: @oem28.inf,%iaLPSS2_GPIO2_ADL.SVCDESC%;Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2_ADL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys (sign: 'Intel Corporation')
O23 - Driver R3: @oem29.inf,%iaLPSS2_I2C_ADL.SVCDESC%;Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C_ADL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: @oem32.inf,%Service.DisplayName%;Realtek NetAdapter Driver - (rt68cx21) - C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_75af912c76141870\rt68cx21x64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: @oem36.inf,%AMDXE.SVCDESC%;AMD Controller Emulation - (AMDXE) - C:\Windows\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: @oem4.inf,%TEE_SvcDesc%;Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_6b6e8cc42a3d1f09\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: @oem45.inf,%ViGEmBus.SVCDESC%;Virtual Gamepad Emulation Service - (ViGEmBus) - C:\Windows\System32\drivers\ViGEmBus.sys (sign: 'Microsoft' - Benjamin Höglinger-Stelzer)
O23 - Driver R3: @oem48.inf,%ATIHdAudioDriver.SvcDesc%;AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\Windows\System32\DriverStore\FileRepository\atihdwt6.inf_amd64_4ad1437aef138551\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: @oem49.inf,%AMDSAfdDriver.SVCDESC%;AMDSAFD - (AMDSAFD) - C:\Windows\System32\DriverStore\FileRepository\amdsafd.inf_amd64_d4de13a10f2586d0\amdsafd.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: amduw23g - C:\Windows\System32\DriverStore\FileRepository\u0410212.inf_amd64_daae2c8b5eb35aaa\B409877\amdkmdag.sys (sign: 'Advanced Micro Devices')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed - Microsoft Corporation - 00929ABCF957D3913F99F399CB1024A4F68301F7)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed - Microsoft Corporation - 90F662D6077E609D2D81CF64417B144CBA087791)
O23 - Driver S3: @oem35.inf,%Wintun.Name%;Wintun - (wintun) - C:\Windows\System32\drivers\wintun.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Driver S3: @oem56.inf,%CorsairAudioFilterServiceDisplayName%;Corsair Gaming Audio Service - (CorsairGamingAudioService) - C:\Windows\System32\drivers\CorsairGamingAudio64.sys (sign: 'Microsoft' - Corsair Memory, Inc.)
O23 - Driver S3: ALSysIO - C:\Users\ipros\AppData\Local\Temp\ALSysIO64.sys (file missing)
O23 - Driver S3: cpuz158 - C:\Windows\temp\cpuz158\cpuz158_x64.sys (file missing)
O23 - Driver S3: cpuz159 - C:\Windows\temp\cpuz159\cpuz159_x64.sys (sign: 'Microsoft' - CPUID)
O23 - Driver S3: EAAntiCheat - C:\Windows\system32\drivers\eaanticheat.sys (file missing)
O23 - Driver S3: HWiNFO Kernel Driver (v191) - (HWiNFO_191) - C:\Users\ipros\AppData\Local\Temp\HWiNFO64A_191.SYS (file missing)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: ROG Mouse - (ROGMS) - C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_1a978b89f16e1813\ROGMS.sys (sign: 'ASUSTeK COMPUTER INC.')
O26 - Debugger: HKLM\..\CompatTelRunner.exe: [Debugger] = C:\Windows\System32\taskkill.exe (sign: 'Microsoft')
O26 - Debugger: HKLM\..\DeviceCensus.exe: [Debugger] = C:\Windows\System32\taskkill.exe (sign: 'Microsoft')
O26 - Debugger: HKLM\..\software_reporter_tool.exe: [Debugger] = C:\Windows\System32\taskkill.exe (sign: 'Microsoft')


--
End of file - Time spent: 24,1 sec. - 59556 bytes, CRC32: FFFFFFFF. Sign: 域챦

Murat5038 · 25 Ocak 2025

kai.zen dedi:
Selamlar, rica etsem inceler misiniz? Teşekkür ederim.

Rehberi okumak çok mu zor? Kurallara uygun sormuyorsunuz.
Zararlı olarak kontrol ettim ve bir sorun yok.

Rehber HijackThis Log Paylaşımı ve Çözümleri

Ayrıntılı düzenleme

HiJackThis

EmirSbgl

Kilopat

Paste ofCode

NmutluTDiyen

Femtopat

Murat5038

Yottapat!

Windows'ta temiz önyükleme gerçekleştirme - Microsoft Desteği

DeepHunter

Kilopat

WarlegenD

Zeptopat

Dosya Ekleri

CyberJo3

Kilopat

Dosya Ekleri

MetinÜZEN

Femtopat

Murat5038

Yottapat!

Have I Been Pwned: Check if your email address has been exposed in a data breach

kai.zen

Kilopat

Murat5038

Yottapat!

Benzer konular

Technopat Haberler

Yeni konular

Yeni mesajlar

Gizliliğinize önem veriyoruz