Rehber HijackThis Log Paylaşımı ve Çözümleri

tysoskin · 12 Haziran 2024

Paste ofCode

paste.ofcode.org

RAT olduğunu düşünüyorum, bu uygulamada çıktığından emin değilim, ama bir bakar mısınız?

denizbey01631 · 14 Haziran 2024

Kod:

Logfile of HiJackThis+ (Plus) build 2024-04-18 Alpha v.3.4.0.9

Platform:  x64 Windows 10 (Home Single Language), 10.0.19045.4529 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      14.06.2024 - 12:29 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    11777 MiB Free. Loading RAM (29 %), CPU (4 %)
Elevated:  Yes
Ran by:    denız    (group: Administrators; type: Local) on DESKTOP-OR43LBS, FirstRun: yes

Chrome:  126.0.6478.61
Internet Explorer: 11.0.19041.4355
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path
   1  C:\Program Files (x86)\csduragics16\CsOyna.exe
   2  C:\Program Files (x86)\Everything\Everything.exe
   5  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   1  C:\Program Files\AMD\CNext\CNext\amdow.exe
   1  C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
   1  C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
   1  C:\Program Files\AMD\CNext\CNext\cncmd.exe
   1  C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
   1  C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
   1  C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
  16  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe
   1  C:\Program Files\Intel\WiFi\bin\EvtEng.exe
   1  C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\TxGameAssistant\AppMarket\AppMarket.exe
   3  C:\Program Files\TxGameAssistant\AppMarket\cef_frame_render.exe
   1  C:\Program Files\TxGameAssistant\AppMarket\DL\syzs_dl_svr.exe
   1  C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe
   1  C:\Program Files\WinRAR\WinRAR.exe
   1  C:\Users\denız\AppData\Local\Temp\Rar$EXa1780.4372\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\amdfendrsr.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\CastSrv.exe
   1  C:\Windows\System32\cmd.exe
   1  C:\Windows\System32\CompPkgSrv.exe
   3  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   2  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4401706d277a86e0\RtkAudUService64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0403196.inf_amd64_d0c41aa30f8bcfb2\B402774\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0403196.inf_amd64_d0c41aa30f8bcfb2\B402774\atiesrxx.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\ibtsiva.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\MoUsoCoreWorker.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   1  C:\Windows\System32\rundll32.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  68  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\126.0.6478.61\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [AMDNoiseSuppression] = C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe (file missing)
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C83C5BBB5D0A47CE21E389EF337DD068] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_27ECE6B1F3EBCBF9E8843119C787B4BD] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2024/01/19) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4401706d277a86e0\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\Run: [XMouseButtonControl] = C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable /delay (sign: 'Open Source Developer, Phillip Gibbons')
O4 - MountPoints2: HKCU\..\{64b9da71-1061-11ef-a838-d843ae15bffb}\shell\AutoRun\command: (default) = D:\.\StartModem.exe (file missing)
O4 - MountPoints2: HKCU\..\{69b9dff9-c75e-11ee-a7af-d843ae15bffb}\shell\AutoRun\command: (default) = D:\.\StartModem.exe (file missing)
O4-32 - HKLM\..\Run: [Everything] = C:\Program Files (x86)\Everything\Everything.exe -startup (sign: 'voidtools')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O17 - DHCP DNS 1: 192.168.0.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{C0F8C8A8-5944-4567-8316-F76E241BB711} - C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP (sign: 'Advanced Micro Devices')
O22 - Tasks: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate (sign: 'Advanced Micro Devices')
O22 - Tasks: AMDRyzenMasterSDKTask - C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe (sign: 'Advanced Micro Devices')
O22 - Tasks: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser (sign: 'Advanced Micro Devices')
O22 - Tasks: MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O22 - Tasks: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices')
O22 - Tasks: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: \Microsoft\Windows\Diagnosis\RecommendedTroubleshootingScanner - C:\WINDOWS\system32\mitigationscanner.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" (sign: '')
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" (sign: '')
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore{F7BE8A50-AC51-4143-A3D9-C9A6D0882849} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA{5E26A1D3-4F1F-4DF7-A57F-B105E398BDAD} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks_Migrated: MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0403196.inf_amd64_d0c41aa30f8bcfb2\B402774\atiesrxx.exe (sign: 'Advanced Micro Devices')
O23 - Service R2: Everything - C:\Program Files (x86)\Everything\Everything.exe -svc (sign: 'voidtools')
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\system32\ibtsiva.exe (sign: 'Intel(R) Wireless Connectivity Solutions')
O23 - Service R2: Intel(R) PROSet/Wireless Event Log - (EvtEng) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe (sign: 'Intel Corporation-Wireless Connectivity Solutions')
O23 - Service R2: Intel(R) PROSet/Wireless Registry Service - (RegSrvc) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (sign: 'Intel Corporation-Wireless Connectivity Solutions')
O23 - Service R2: Intel(R) PROSet/Wireless Zero Configuration Service - (ZeroConfigService) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (sign: 'Intel Corporation-Wireless Connectivity Solutions')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: QMEmulatorService - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe (sign: 'Tencent Technology(Shenzhen) Company Limited')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_4401706d277a86e0\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater InternalService 127.0.6490.0 (GoogleUpdaterInternalService127.0.6490.0) - (GoogleUpdaterInternalService127.0.6490.0) - C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater Service 127.0.6490.0 (GoogleUpdaterService127.0.6490.0) - (GoogleUpdaterService127.0.6490.0) - C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe (sign: 'BattlEye Innovations e.K.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\126.0.6478.61\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: Wireless PAN DHCP Server - (MyWiFiDHCPDNS) - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe (sign: 'Intel Corporation-Wireless Connectivity Solutions')
O23 - Driver R0: AMD PCI Root Bus Lower Filter - (amdkmpfd) - C:\WINDOWS\System32\drivers\amdkmpfd.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\WINDOWS\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\WINDOWS\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R1: TBox Support Driver - (TBoxDrv) - C:\Program Files\AndroidTbox\TBoxDrv.sys (sign: 'Tencent Technology(Shenzhen) Company Limited')
O23 - Driver R2: AMDRyzenMasterDriverV20 - C:\WINDOWS\system32\AMDRyzenMasterDriver.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R2: aow_drv - C:\Program Files\TxGameAssistant\UI\3.21.5141.80\aow_drv_x64_ev.sys (sign: 'Tencent Technology (Shenzhen) Company Limited')
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\WINDOWS\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: ___ Windows 8.1 64 Bit için Intel(R) Wireless Bağdaştırıcı Sürücüsü  - (NETwNb64) - C:\WINDOWS\System32\drivers\Netwbw02.sys (+safe mode) (sign: 'Intel Corporation-Wireless Connectivity Solutions')
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\WINDOWS\System32\drivers\amdfendr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: AMD Crash Defender Manager Driver - (amdfendrmgr) - C:\WINDOWS\System32\drivers\amdfendrmgr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\WINDOWS\system32\drivers\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\WINDOWS\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio3) - C:\WINDOWS\System32\drivers\amdgpio3.sys (sign: 'ASMedia Technology Inc.')
O23 - Driver R3: AMD Link Controller Emulation - (AMDXE) - C:\WINDOWS\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD PCI - (AMDPCIDev) - C:\WINDOWS\System32\drivers\AMDPCIDev.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMDSAFD - C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_54807f69fe156f14\amdsafd.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: amduw23g - C:\WINDOWS\System32\DriverStore\FileRepository\u0403196.inf_amd64_d0c41aa30f8bcfb2\B402774\amdkmdag.sys (sign: 'Advanced Micro Devices')
O23 - Driver R3: Intel(R) Wireless Bluetooth(R) - (ibtusb) - C:\WINDOWS\system32\DRIVERS\ibtusb.sys (+safe mode) (sign: 'Intel(R) Wireless Connectivity Solutions')
O23 - Driver R3: Kaspersky VPN - (kltun) - C:\WINDOWS\system32\DRIVERS\kltun.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: MBAMFarflt - C:\WINDOWS\system32\DRIVERS\farflt.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMProtection - C:\WINDOWS\system32\DRIVERS\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\WINDOWS\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\WINDOWS\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\WINDOWS\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: unirsdt - C:\Windows\system32\drivers\unirsdt.sys (sign: 'Tencent Technology (Shenzhen) Company Limited')
O23 - Driver S2: AMDRyzenMasterDriverV22 - C:\WINDOWS\system32\AMDRyzenMasterDriver.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver S3: FairplayKD - C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys (sign: 'Hans Roes')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: rspLLL - C:\WINDOWS\system32\DRIVERS\rspLLL64.sys (sign: 'Daniel Terhell')
O23 - Driver S3: UniFairy_x64 - C:\Windows\system32\drivers\UniFairy_x64.sys (sign: 'Tencent Technology (Shenzhen) Company Limited')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'kltun'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'NETwNb64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rt640x64'
O27 - Account: (Bad profile) Folder is not referenced by any of user SIDs: C:\Users\den
O27 - Account: (Bad profile) Folder is not referenced by any of user SIDs: C:\Users\denGLCache


--
End of file - Time spent: 15,3 sec. - 40760 bytes, CRC32: FFFFFFFF. Sign: 䤶獞

Murat5038 · 17 Haziran 2024

tysoskin dedi:
RAT olduğunu düşünüyorum, bu uygulamada çıktığından emin değilim, ama bir bakar mısınız?

FDM kaldırın, Discord kaldırıp doğru yerden tekrar yükleyin.

Kaspersky Free & Trial Downloads | Kaspersky

Download Kaspersky free or trial version products and protect yourself against latest cyber attacks and threats. Get ultimate virus protection with Kaspersky cyber security software.

usa.kaspersky.com

Bununla bir tarama yapın sorunlu sürücü varsa kaldırın.
RAT türevi göreülmedi sadece şüpheli sürücüler var.

tysoskin · 22 Haziran 2024

Murat5038 dedi:
FDM kaldırın, Discord kaldırıp doğru yerden tekrar yükleyin.

Kaspersky Free & Trial Downloads | Kaspersky

Download Kaspersky free or trial version products and protect yourself against latest cyber attacks and threats. Get ultimate virus protection with Kaspersky cyber security software.

usa.kaspersky.com

Bununla bir tarama yapın sorunlu sürücü varsa kaldırın.
RAT türevi göreülmedi sadece şüpheli sürücüler var.

Hocam Discordptb'den mi bahsediyorsunuz kaldır derken?

Murat5038 · 23 Haziran 2024

tysoskin dedi:
Hocam Discordptb'den mi bahsediyorsunuz kaldır derken?

Discord içeren her şeyden.

jaydenpoyraz · 1 Temmuz 2024

Murat5038 dedi:
Eki Görüntüle 346215

sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama logunu burada paylaşmanız gerekmektedir.

kullanımı:

1) bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...

www.technopat.net

alternatif: Download HiJackThis Fork - MajorGeeks

eski sürüm: HiJackThis | Free software downloads at SourceForge.net

2) bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

Eki Görüntüle 346216

4) açılan arayüzde, "do a System scan and save a log file" butonuna tıklayın.

Eki Görüntüle 346202

5) otomatik olarak HijackThis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
Eki Görüntüle 346203

6) tarama tamamlandığında HijackThis raporunu içeren bir log dosyası karşınıza gelecektir.

Eki Görüntüle 346206

*7) log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

Eki Görüntüle 346207
Kod'a tıklayın.

Eki Görüntüle 346208

Log'da yazanları mavi bölmenin içine yapıştırıp "devam et" butonuna basın.

uyarı: sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode
Paste Code

8) ayrıca sisteminizde var olan sorunu detaylıca (performans düşüşü, malware varlığı şüphesi vb.) Belirterek konuyu cevaplayın.
(bunu yapmayana cevap verilmeyecektir)

fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında HijackThis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "fix checked" butonuna basın.
Eki Görüntüle 346212

Merhaba, uzun zamandır inanılmaz bir performans düşüşü yaşıyorum acaba bir göz atabilir misiniz?

Kod:

Logfile of HiJackThis+ (Plus) build 2024-04-18 Alpha v.3.4.0.9

Platform: x64 Windows 11 (Pro), 10.0.22631.3737 (ReleaseId: 2009, 23H2), Service Pack: 0
Time: 01.07.2024 - 21:26 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory: 13690 MiB Free. Loading RAM (33 %), CPU (17 %)
Elevated: Yes.
Ran by: ckrcn (group: Administrators; type: Microsoft) on POYRAZ, FirstRun: yes.

Chrome: 126.0.6478.127
Internet Explorer: 11.0.22621.3527
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path.
 1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
 1 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
 1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
 1 C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
 1 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
 1 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
 1 C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
 1 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
 1 C:\Program Files (x86)\IObit\Driver Booster\11.1.0\Scheduler.exe
 2 C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe
 1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avpui.exe
 1 C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
 1 C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
 1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
 6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
 1 C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe
 1 C:\Program Files (x86)\oCam\oCamTask.exe
 1 C:\Program Files (x86)\RivaTuner Statistics Server\EncoderServer.exe
 1 C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe
 1 C:\Program Files (x86)\RivaTuner Statistics Server\RTSSHooksLoader64.exe
 1 C:\Program Files (x86)\Skillbrains\lightshot\5.5.0.7\Lightshot.exe
 1 C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
 1 C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
 1 C:\Program Files\Bonjour\mDNSResponder.exe
 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
 1 C:\Program Files\datronicsoft\spacedesk\spacedeskService.exe
 1 C:\Program Files\datronicsoft\spacedesk\spacedeskServiceTray.exe
 19 C:\Program Files\Google\Chrome\Application\chrome.exe
 1 C:\Program Files\Malwarebytes\Anti-Malware\MbamBgNativeMsg.exe
 1 C:\Program Files\Microsoft OneDrive\24.116.0609.0005\Microsoft.SharePoint.exe
 1 C:\Program Files\Rainmeter\Rainmeter.exe
 1 C:\Program Files\Riot Vanguard\vgtray.exe
 1 C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\GCP.ML.BackgroundSysTray\IGCCTray.exe
 1 C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5536.0_x64__8j3eq9eme6ctt\IGCC.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\gamingservices.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
 1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24061.93.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
 1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
 1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
 1 C:\Program Files\WinRAR\WinRAR.exe
 1 C:\Users\ckrcn\AppData\Local\Temp\Rar$EXa8504.10241\HiJackThis.exe
 1 C:\Users\ckrcn\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe
 1 C:\Windows\explorer.exe
 1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 1 C:\Windows\RtkBtManServ.exe
 1 C:\Windows\RtkWiFiManServ.exe
 1 C:\Windows\System32\audiodg.exe
 1 C:\Windows\System32\cmd.exe
 3 C:\Windows\System32\conhost.exe
 2 C:\Windows\System32\csrss.exe
 1 C:\Windows\System32\ctfmon.exe
 1 C:\Windows\System32\dllhost.exe
 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe
 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe
 1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe
 1 C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\AppHelperCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\DiagsCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\SysInfoCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7f680e39d88878f3\IntelCpHDCPSvc.exe
 1 C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe
 2 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe
 1 C:\Windows\System32\dwm.exe
 1 C:\Windows\System32\ETDCtrl.exe
 1 C:\Windows\System32\ETDService.exe
 2 C:\Windows\System32\fontdrvhost.exe
 1 C:\Windows\System32\lsass.exe
 4 C:\Windows\System32\RuntimeBroker.exe
 1 C:\Windows\System32\SearchFilterHost.exe
 1 C:\Windows\System32\SearchIndexer.exe
 1 C:\Windows\System32\SearchProtocolHost.exe
 1 C:\Windows\System32\SECOCL64.exe
 1 C:\Windows\System32\SECOMN64.exe
 1 C:\Windows\System32\SecurityHealthService.exe
 1 C:\Windows\System32\services.exe
 1 C:\Windows\System32\sihost.exe
 1 C:\Windows\System32\smartscreen.exe
 1 C:\Windows\System32\smss.exe
 1 C:\Windows\System32\spoolsv.exe
 89 C:\Windows\System32\svchost.exe
 3 C:\Windows\System32\taskhostw.exe
 1 C:\Windows\System32\Taskmgr.exe
 1 C:\Windows\System32\wbem\unsecapp.exe
 2 C:\Windows\System32\wbem\WmiPrvSE.exe
 1 C:\Windows\System32\wininit.exe
 1 C:\Windows\System32\winlogon.exe
 2 C:\Windows\System32\WUDFHost.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 1 C:\Windows\SysWOW64\dllhost.exe
 1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_87C559F2A50A95A39A0DBBAB5E544D94] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (not signed - Tonec Inc. - 156892236320597C81414F1DF37118EB4C381DD9)
O4 - HKCU\..\Run: [Opera GX Browser Assistant] = C:\Users\ckrcn\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (sign: 'Opera Software AS')
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/06/27) (sign: 'PIRIFORM SOFTWARE LIMITED')
O4 - HKCU\..\StartupApproved\Run: [DNS Changer] = C:\Program Files\DNS Changer\DNS Changer.exe (2024/06/27) (not signed - sajjadmrx - 7EFE8EF24F9CC77CBE85B89570296335CDF042C0)
O4 - HKCU\..\StartupApproved\Run: [electron.app.BlueStacks Services] = C:\Users\ckrcn\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden (2024/01/23) (not signed - now.gg, Inc. - 7BC1B82EB0A959CB5C15E10814CFE8FF19C114EA)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2024/06/27) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [LonelyScreen] = C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe /start_context sys_auto (2023/11/18) (not signed - no company - 79F0E44415FFE74B320DFB27C8988D326DC80B2E)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_98D1BFE922228188AF3C4F8715131BF1] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2023/08/21) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background (2023/08/21) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2024/01/23) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2023/12/16) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (sign: 'Riot Games, Inc.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\RunOnce: [Delete Cached Standalone Update Binary] = C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (sign: 'Microsoft')
O4 - HKLM\..\RunOnce: [Delete Cached Update Binary] = C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (sign: 'Microsoft')
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe -> DELETE.
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run: [XMouseButtonControl] = C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable /delay (2024/01/23) (sign: 'Open Source Developer, Phillip Gibbons')
O4 - HKLM\..\StartupApproved\Run32: [HPMessageService] = C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (sign: 'HP Inc.')
O4 - HKLM\..\StartupApproved\Run32: [LogMeIn Hamachi Ui] = C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start (2024/01/23) (sign: 'LogMeIn, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (2023/11/18) (sign: 'Wondershare Technology Co.,Ltd')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - Startup: C:\Users\ckrcn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (sign: 'Firebit OU')
O4-32 - HKLM\..\Run: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [HP CoolSense] = C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkey (sign: 'Hewlett-Packard Company')
O4-32 - HKLM\..\Run: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (sign: 'Kilonova LLC')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (not signed - no company - 1A49C5F7A98580F8002AC1D6115AB39CB753975B)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll (sign: 'Apple Inc.')
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{cd36c867-d62d-42f1-8a6e-408065dda0a6}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{cd36c867-d62d-42f1-8a6e-408065dda0a6}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Windows\system32\mscoree.dll (sign: 'Microsoft')
O22 - BITS Job: (download) {50BE6E6D-8E4D-4B91-A4AD-7B95C892E7D8} - hxxp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3uct24gmihq5qbompwph6xpyla_454/lmelglejhemejginpboagddgdfbepgmp_454_all_ZZ_err26x7gg6gj6pv3jridudm2ny.crx3 -> C:\Users\ckrcn\AppData\Local\Temp\chrome_BITS_14692_1150611375\lmelglejhemejginpboagddgdfbepgmp_454_all_ZZ_err26x7gg6gj6pv3jridudm2ny.crx3
O22 - BITS Job: (download) {A6B00CFB-ED26-4F8E-B691-91BD21042BF4} - hxxp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 -> C:\Users\ckrcn\AppData\Local\Temp\chrome_BITS_21288_124163902\gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe (sign: 'PIRIFORM SOFTWARE LIMITED')
O22 - Task (.job): (Not scheduled) update-S-1-5-21-863331324-1791074393-1256297829-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (sign: 'OOO Lightshot')
O22 - Task (.job): (Not scheduled) update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe (sign: 'OOO Lightshot')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty)
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{ECB862EF-4782-4A57-9CE5-6658C1620A8C} - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe /send (file missing)
O22 - Tasks: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe /f (file missing)
O22 - Tasks: \Hewlett-Packard\HP Support Assistant\Opt-in For HP Support Assistant Quick Start - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF_Utils.exe /SetTaskbarTask (file missing)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (sign: 'Now.gg, INC')
O22 - Tasks: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe (sign: 'PIRIFORM SOFTWARE LIMITED')
O22 - Tasks: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "6156c798-ba51-48e5-9365-7b3672d2c235" --version "6.25.11093" --silent (sign: 'PIRIFORM SOFTWARE LIMITED')
O22 - Tasks: CCleanerSkipUAC - ckrcn - C:\Program Files\CCleaner\CCleaner.exe $(Arg0) (sign: 'PIRIFORM SOFTWARE LIMITED')
O22 - Tasks: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\11.1.0\Scheduler.exe /scheduler (sign: 'IObit CO., LTD')
O22 - Tasks: Driver Booster SkipUAC (ckrcn) - C:\Program Files (x86)\IObit\Driver Booster\11.1.0\DriverBooster.exe /skipuac (sign: 'IObit CO., LTD')
O22 - Tasks: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\11.1.0\AutoUpdate.exe /auto (sign: 'IObit CO., LTD')
O22 - Tasks: MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O22 - Tasks: oCamTask - C:\Program Files (x86)\oCam\oCamTask.exe /Run (sign: 'OORT inc.')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-863331324-1791074393-1256297829-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: Opera GX scheduled assistant Autoupdate 1693381548 - C:\Users\ckrcn\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\ckrcn\AppData\Local\Programs\Opera GX\assistant" $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera GX scheduled Autoupdate 1692619181 - C:\Users\ckrcn\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: RTSS - C:\Program Files (x86)\RivaTuner Statistics Server\RTSS.exe /s (sign: 'Alexey Nicolaychuk')
O22 - Tasks: update-S-1-5-21-863331324-1791074393-1256297829-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (sign: 'OOO Lightshot')
O22 - Tasks: update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate (sign: 'OOO Lightshot')
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\Windows\RtkBtManServ.exe (sign: 'Microsoft')
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe (sign: 'Apple Inc.')
O23 - Service R2: ELAN Service - (ETDService) - C:\Windows\System32\ETDService.exe (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: Hamachi Tunneling Engine - (Hamachi2Svc) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe -s (sign: 'LogMeIn, Inc.') (+safe mode)
O23 - Service R2: HP App Helper HSA Service - (HPAppHelperCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\AppHelperCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP Diagnostics HSA Service - (HPDiagsCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\DiagsCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP Insights Analytics - (HpTouchpointAnalyticsService) - C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_7dcf4ebd9d1b4772\x64\TouchpointAnalyticsClientService.exe (sign: 'HP Inc.')
O23 - Service R2: HP Network HSA Service - (HPNetworkCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\NetworkCap.exe (sign: 'HP Inc.')
O23 - Service R2: HP Support Solutions Framework Service - (HPSupportSolutionsFrameworkService) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (sign: 'HP Inc.')
O23 - Service R2: HP System Info HSA Service - (HPSysInfoCap) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_e37f0d22409571ae\x64\SysInfoCap.exe (sign: 'HP Inc.')
O23 - Service R2: HPWMISVC - c:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe (sign: 'HP Inc.')
O23 - Service R2: Intel(R) Audio Service - (IntelAudioService) - C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\\AS\\IAS\\IntelAudioService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7f680e39d88878f3\IntelCpHDCPSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_64d7fcfcde9b9c10\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Tuning service - (esifsvc) - C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_uf.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_f3c201b4c28c14d0\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Kaspersky Hizmeti 21.17 - (AVP21.17) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: LMIGuardianSvc - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe (sign: 'LogMeIn, Inc.')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_04ff63d068f8c626\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: Realtek Wireless Manager Service - (RtkWiFiManServ) - C:\Windows\RtkWiFiManServ.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: Sound Research SECOMN Service - (SECOMNService) - C:\Windows\System32\SECOMN64.exe (sign: 'Sound Research Corporation')
O23 - Service R2: spacedeskService - C:\Program Files\datronicsoft\spacedesk\spacedeskService.exe (sign: 'Datronicsoft Inc.')
O23 - Service R2: Wondershare Native Push Service - (NativePushService) - C:\Users\ckrcn\AppData\Local\Wondershare\Wondershare NativePush\WsNativePushService.exe (sign: 'Wondershare Technology Group Co.,Ltd')
O23 - Service R3: HP Software Framework Service - (hpqwmiex) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe (sign: 'Hewlett-Packard Company')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater InternalService 128.0.6537.0 (GoogleUpdaterInternalService128.0.6537.0) - (GoogleUpdaterInternalService128.0.6537.0) - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater Service 128.0.6537.0 (GoogleUpdaterService128.0.6537.0) - (GoogleUpdaterService128.0.6537.0) - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Intel(R) Storage Middleware Service - (RstMwService) - C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_74e28d819fb21cc3\RstMwService.exe (sign: 'Intel Corporation')
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\TPMProvisioningService.exe (sign: 'Intel Corporation')
O23 - Service S2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service S2: Wallpaper Engine Service - C:\Users\ckrcn\Desktop\wallpaper_engine\bin\wallpaperservice32_c.exe -x64 (file missing)
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe (sign: 'PIRIFORM SOFTWARE LIMITED')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\24.116.0609.0005\FileSyncHelper.exe (sign: 'Microsoft')
O23 - Service S3: Fredaikis Anti-Cheat: Infestation - (FacSvc_Infestation) - C:\Users\ckrcn\AppData\Roaming\FAC\Infestation\FacSvc.exe (sign: 'Fredaikis AB')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\126.0.6478.127\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_183917c66152901d\lib\SocketHeciServer.exe (sign: 'Intel Corporation')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.17 - (klvssbridge64_21.17) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.17\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\24.116.0609.0005\OneDriveUpdaterService.exe (sign: 'Microsoft')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\Windows\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: Intel(R) Chipset VMD RST Controller service - (iaStorVD) - C:\Windows\System32\drivers\iaStorVD.sys (sign: 'Intel Corporation')
O23 - Driver R0: klupd_K4W-21-17_arkmon - C:\Windows\System32\Drivers\klupd_K4W-21-17_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-17_klbg - C:\Windows\System32\Drivers\klupd_K4W-21-17_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R0: pwdrvio - C:\Windows\system32\pwdrvio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\Windows\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-17 - (KLIF.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-17 - (klpd.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-17 - (KLFLT.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-17 - (klbackupdisk.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-17 - (klbackupflt.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-17 - (klkbdflt.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-17 - (klpnpflt.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-17 - (klgse.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-17 - (KLHK.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-17 - C:\Windows\system32\DRIVERS\K4W-21-17\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-17 - C:\Windows\system32\DRIVERS\K4W-21-17\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-17 - C:\Windows\system32\DRIVERS\K4W-21-17\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R2: BlueStacks Hypervisor_nxt - (BlueStacksDrv_nxt) - C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys (sign: 'Microsoft' - Bluestack System Inc.)
O23 - Driver R2: IDMWFP - C:\Windows\System32\drivers\idmwfp.sys (sign: 'Microsoft' - Tonec Inc.)
O23 - Driver R3: dptf_acpi - C:\Windows\System32\DriverStore\FileRepository\dptf_acpi.inf_amd64_3e57360bec7af08c\dptf_acpi.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: dptf_cpu - C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\dptf_cpu.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: ELAN HID Class Filter Service - (ETDHCF) - C:\Windows\System32\drivers\ETDHCF.sys (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: ELAN Input Device - (ETD) - C:\Windows\System32\drivers\ETD.sys (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: esif_lf - C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_c2c5b0e17a28a48f\esif_lf.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: ETDSMBus - C:\Windows\System32\drivers\ETDSMBus.sys (+safe mode) (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: HP Application Driver - (HPCustomCapDriver) - C:\Windows\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_a955fa431e522f5e\x64\hpcustomcapdriver.sys (+safe mode) (sign: 'HP Inc.')
O23 - Driver R3: HP Wireless Button Driver Service - (WirelessButtonDriver64) - C:\Windows\System32\drivers\WirelessButtonDriver64.sys (+safe mode) (sign: 'HP Inc.')
O23 - Driver R3: igfxn - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_7f680e39d88878f3\igdkmdn64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) GNA Scoring Accelerator service - (IntelGNA) - C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_6f93b7542fd3ead9\gna.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Management Engine Interface - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_b6bf4e82efc8dcc1\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2.inf_amd64_42bd8bb784c1d369\iaLPSS2_GPIO2.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c.inf_amd64_77fd3be5a5990cbc\iaLPSS2_I2C.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO SPI Driver v2 - (iaLPSS2_SPI) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi.inf_amd64_cb6b519247ebb7ec\iaLPSS2_SPI.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO UART Driver v2 - (iaLPSS2_UART2) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2.inf_amd64_246791019c0b3c8d\iaLPSS2_UART2.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology BUS - (IntcAudioBus) - C:\Windows\System32\DriverStore\FileRepository\intcaudiobus.inf_amd64_d4b4926bdb629e78\IntcAudioBus.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology for Bluetooth® Audio - (IntcBTAu) - C:\Windows\System32\DriverStore\FileRepository\intcbtau.inf_amd64_21a7b4fd28013a69\IntcBTAu.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology for Digital Microphones - (IntcDMic) - C:\Windows\System32\DriverStore\FileRepository\intcdmic.inf_amd64_5782b1fb66a92af3\IntcDMic.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology for USB Audio - (IntcUSB) - C:\Windows\System32\DriverStore\FileRepository\intcusb.inf_amd64_cdadcbaa7b661890\IntcUSB.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel® Smart Sound Technology OED - (IntcOED) - C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\IntcOED.sys (sign: 'Intel Corporation')
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-17 - (klmouflt.K4W-21-17) - C:\Windows\system32\DRIVERS\K4W-21-17\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-17 - C:\ProgramData\Kaspersky Lab\AVP21.17\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-17_klark - C:\Windows\System32\Drivers\klupd_K4W-21-17_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-17_mark - C:\Windows\System32\Drivers\klupd_K4W-21-17_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: LogMeIn Hamachi Virtual Miniport) - (Hamachi) - C:\Windows\system32\DRIVERS\Hamdrv.sys (+safe mode) (sign: 'Microsoft' - LogMeIn Inc.)
O23 - Driver R3: PTP Customization Component Service - (PTPFilter) - C:\Windows\System32\drivers\PTPFilter.sys (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: Realtek Bluetooth Filter Driver - (RtkBtFilter) - C:\Windows\System32\drivers\RtkBtfilter.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek NetAdapter Driver - (rt68cx21) - C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_78de62dcb501407d\rt68cx21x64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek Wireless LAN 802.11n PCI-E Network Adapter - (RTWlanE) - C:\Windows\System32\drivers\rtwlane.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: RTCore64 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O23 - Driver R3: Scp Virtual Bus Driver - (ScpVBus) - C:\Windows\System32\drivers\ScpVBus.sys (sign: 'Bruce James')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: spacedesk Android Control Service - (spacedeskDriverAndroidControl) - C:\Windows\System32\drivers\spacedeskDriverAndroidControl.sys (sign: 'Datronicsoft Inc.')
O23 - Driver R3: spacedesk virtual Bus - (spacedeskDriverBus) - C:\Windows\System32\drivers\spacedeskDriverBus.sys (sign: 'Datronicsoft Inc.')
O23 - Driver S3: Apple Lower Filter Driver - (AppleLowerFilter) - C:\Windows\System32\drivers\AppleLowerFilter.sys (sign: 'Apple Inc.')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - 4F9AFC33289DADF4FC78FC744B3B163810C7ECD1)
O23 - Driver S3: GPUZ-v2 - C:\Windows\TEMP\GPUZ-v2.sys (file missing)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2_TGL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys (sign: 'Intel Corporation')
O23 - Driver S3: Intel(R) Serial IO SPI Driver v2 - (iaLPSS2_SPI_TGL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_spi_tgl.inf_amd64_fc1ed3a5a1d514f2\iaLPSS2_SPI_TGL.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver S3: Intel(R) Serial IO UART Driver v2 - (iaLPSS2_UART2_TGL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_uart2_tgl.inf_amd64_cd8c3a141c1b1284\iaLPSS2_UART2_TGL.sys (sign: 'Intel Corporation')
O23 - Driver S3: libusbK USB Driver 08/28/2015 - 3.0.5.16 - (libusbK) - C:\Windows\System32\drivers\libusbK.sys (sign: 'Travis Lee Robinson')
O23 - Driver S3: pwdspio - C:\Windows\system32\pwdspio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver S3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: spacedesk Virtual Audio Device Driver - (spacedeskDriverAudio) - C:\Windows\System32\drivers\spacedeskDriverAudio.sys (sign: 'Datronicsoft Inc.')
O23 - Driver S3: spacedeskKtmInputMouse Service - (spacedeskKtmInputMouse) - C:\Windows\System32\drivers\spacedeskKtmInputMouse.sys (sign: 'Datronicsoft Inc.')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'Hamachi'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'klim6'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'klwtp.K4W-21-17'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RTWlanE'.

--
End of file - Time spent: 58,5 sec. - 83994 bytes, CRC32: FFFFFFFF. Sign: ៹�

Amegoss · 1 Temmuz 2024

Kod:

Logfile of HiJackThis+ (Plus) build 2024-04-18 Alpha v.3.4.0.9

Platform:  x64 Windows 11 (Pro), 10.0.22631.3737 (ReleaseId: 2009, 23H2), Service Pack: 0
Time:      01.07.2024 - 22:30 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    7907 MiB Free. Loading RAM (52 %), CPU (2 %)
Elevated:  Yes
Ran by:    qonly    (group: Administrators; type: Microsoft) on AMEGO, FirstRun: no

Chrome:  126.0.6478.127
Internet Explorer: 11.0.22621.3527
Default: "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1 (Brave)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path
   1  C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler.exe
   1  C:\Program Files (x86)\BraveSoftware\Update\1.3.361.149\BraveCrashHandler64.exe
   1  C:\Program Files (x86)\Camo Studio\Service\CamoService.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\Common Files\Steam\steamservice.exe
   1  C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe
   1  C:\Program Files (x86)\Hotspot Shield\12.9.1\bin\cmw_srv.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
   7  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.81\msedgewebview2.exe
   7  C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
   1  C:\Program Files (x86)\Steam\steam.exe
   1  C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
  23  C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe
   1  C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe
   1  C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
   1  C:\Program Files\Intel\Intel Arc Control\ArcControl.exe
   6  C:\Program Files\Intel\Intel Arc Control\ArcControlAssist.exe
   1  C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
   1  C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
   1  C:\Program Files\SteelSeries\GG\apps\moments\SteelSeriesSvcLauncher.exe
   1  C:\Program Files\SteelSeries\GG\apps\sonar\SteelSeriesSonar.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2424.6.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\55746MarkSmirnov.BluetoothAudioReveicer_1.1.5.0_x64__xwrbx6997tsfc\Bluetooth Audio Reveicer.exe
   1  C:\Program Files\WindowsApps\CLEVOCO.FnhotkeysandOSD_6.76.3.0_x64__6h6z29zh29qx0\FnKey\FnKey.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingApp_2406.1001.20.0_x64__8wekyb3d8bbwe\XboxPcAppFT.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   2  C:\Program Files\WindowsApps\Microsoft.WindowsNotepad_11.2405.13.0_x64__8wekyb3d8bbwe\Notepad\Notepad.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24052.124.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24052.124.0_x64__8wekyb3d8bbwe\YourPhoneAppProxy.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
   1  C:\Users\qonly\AppData\Roaming\Telegram Desktop\Telegram.exe
   1  C:\Users\qonly\Downloads\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\servicing\TrustedInstaller.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\audiodg.exe
   3  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\DataExchangeHost.exe
   4  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\DCHUService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIServiceN.exe
   1  C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEMN.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4ae66f8a827f1834\IntelCpHDCPSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_b6f8943ac919b8b8\Display.NvContainer\NVDisplay.Container.exe
   2  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\LocationNotificationWindows.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   8  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  89  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\SysWOW64\wallpaperservice32.exe
   1  C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
   1  C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.22621.3662_none_e93555b642ec4d03\TiWorker.exe

O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\qonly\AppData\Local\Discord\Update.exe --processStart Discord.exe (2024/06/30) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2024/06/23) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_4B8064101E6B0129EC5F1B66CDD1C798] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2024/06/22) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\qonly\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2024/06/22) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\qonly\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2024/06/22) (sign: 'Spotify AB')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk    ->    C:\Program Files (x86)\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (file missing) (2024/06/22)
O17 - DHCP DNS 1: 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - DHCP DNS 2: 1.0.0.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0c7e3dbb-b574-4fb0-86e6-ea4240b8712e}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{201b7c45-a402-436f-ba0e-9e1289051497}: [NameServer] = 1.0.0.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{201b7c45-a402-436f-ba0e-9e1289051497}: [NameServer] = 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{8A475B96-5340-49AD-944B-2D162C98A467} - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: BraveSoftwareUpdateTaskMachineCore{F4D4439D-7B65-46E7-A4F6-2320C929CE58} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA{AA9E6D8B-FEFF-424D-934B-8E0714E91CC3} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: HidHide_Updater - C:\Program Files\Nefarius Software Solutions\HidHide\HidHide_Updater.exe /silent (sign: 'Nefarius Software Solutions e.U.')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-1399301459-2609114966-273286550-1001 - C:\Users\qonly\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')
O23 - Service R2: Camo Helper Service - (CamoService) - C:\Program Files (x86)\Camo Studio\Service\CamoService.exe (sign: 'Reincubate Limited')
O23 - Service R2: Cloudflare WARP - (CloudflareWARP) - C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe (sign: 'Cloudflare, Inc.')
O23 - Service R2: Control Center Hotkey Service - (CCDCHUService) - C:\Windows\System32\DriverStore\FileRepository\acpibridge1.inf_amd64_cedafa39846f03cf\DCHUService.exe (sign: 'Microsoft')
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" (sign: 'Intel Corporation')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: HotKey Clipboard Service - (HKClipSvc) - C:\Program Files (x86)\ControlCenter\Driver\x64\HKClipSvc.exe (sign: 'Microsoft')
O23 - Service R2: Hotspot Shield Service 12.9.1 - (hshld_12.9.1) - C:\Program Files (x86)\Hotspot Shield\12.9.1\bin\cmw_srv.exe (sign: 'Pango LLC')
O23 - Service R2: Intel(R) Arc Control Service - (IntelArcControlService) - C:\Program Files\Intel\Intel Arc Control\ArcControlService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4ae66f8a827f1834\IntelCpHDCPSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIServiceN.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_b6f8943ac919b8b8\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_b6f8943ac919b8b8\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_f82b8b1a0b601f77\RtkAudUService64.exe (file missing)
O23 - Service R2: Wallpaper Engine Service - C:\Windows\SysWOW64\wallpaperservice32.exe -p "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" (sign: 'Skutta Software GmbH')
O23 - Service R3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (sign: 'Intel Corporation')
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: GoogleUpdater InternalService 128.0.6537.0 (GoogleUpdaterInternalService128.0.6537.0) - (GoogleUpdaterInternalService128.0.6537.0) - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater Service 128.0.6537.0 (GoogleUpdaterService128.0.6537.0) - (GoogleUpdaterService128.0.6537.0) - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\TPMProvisioningService.exe (sign: 'Intel Corporation')
O23 - Service S2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -ert (sign: 'NVIDIA Corporation')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\126.1.67.123\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: Easy Anti-Cheat (Epic Online Services) - (EasyAntiCheat_EOS) - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\126.0.6478.127\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (sign: 'Intel Corporation')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (sign: 'Rockstar Games, Inc.')
O23 - Service S3: SteelSeries GG Update Service Proxy - (SteelSeriesGGUpdateServiceProxy) - C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe (sign: 'SteelSeries ApS')
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"  (sign: 'Intel Corporation')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R0: bhtsddr - C:\Windows\system32\DRIVERS\bhtsddr.sys (sign: 'BayHub Technology Inc.')
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\Windows\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R1: Nefarius Virtual Gamepad Emulation Service - (ViGEmBus) - C:\Windows\System32\drivers\ViGEmBus.sys (sign: 'Microsoft' - Nefarius Software Solutions e.U.)
O23 - Driver R1: pango_netfilter2 - C:\Windows\system32\drivers\pango_netfilter2.sys (+safe mode) (sign: 'Microsoft' - Pango Inc)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: ___ Windows 10 64 Bit için Intel(R) Wireless Bağdaştırıcı Sürücüsü  - (Netwtw10) - C:\Windows\System32\drivers\Netwtw10.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Acpi Bridge Service - (AcpiBridge) - C:\Windows\System32\drivers\AcpiBridge.sys (sign: 'Microsoft' - Insyde Software Corporation)
O23 - Driver R3: Camo - (camodriver) - C:\Windows\System32\DriverStore\FileRepository\camodriver.inf_amd64_99bad0a66e30f6f3\x64\camodriver.sys (sign: 'Microsoft' - Reincubate Ltd.)
O23 - Driver R3: Camo service - (Camo_e070661c-ac3f-4aae-aa3f-7d4e8ded5142) - C:\Windows\System32\drivers\vacrnckd.sys (sign: 'Muzychenko Evgenii Viktorovich, IP')
O23 - Driver R3: HotKey Keyboard Class Filter Service - (HKKbdFltr) - C:\Windows\system32\DRIVERS\HKKbdFltr.sys (sign: 'WDKTestCert stone.cheng,131963286194994418', but untrusted root: 'WDKTestCert stone.cheng,131963286194994418' with fingerprint: 7B0B33CF7EA3AC9EDE8B0754255DCD9C5691A739)
O23 - Driver R3: HotKey Mouse Class Filter Service - (HKMouFltr) - C:\Windows\system32\DRIVERS\HKMouFltr.sys (sign: 'WDKTestCert stone.cheng,131963286194994418', but untrusted root: 'WDKTestCert stone.cheng,131963286194994418' with fingerprint: 7B0B33CF7EA3AC9EDE8B0754255DCD9C5691A739)
O23 - Driver R3: HotspotShield TAP-Windows Adapter V9 - (hsstap) - C:\Windows\System32\drivers\hsstap.sys (+safe mode) (sign: 'Microsoft' - Pango)
O23 - Driver R3: igfxn - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_4ae66f8a827f1834\igdkmdn64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) GNA Scoring Accelerator service - (IntelGNA) - C:\Windows\System32\DriverStore\FileRepository\gna.inf_amd64_689d3d5fefeef458\gna.sys (sign: 'Gaussian Mixture Models and Neural Networks Accelerator')
O23 - Driver R3: Intel(R) HID Event Filter - (HidEventFilter) - C:\Windows\System32\DriverStore\FileRepository\hideventfilter.inf_amd64_11ad2b4276308b53\HidEventFilter.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_605dda426937489f\x64\TeeDriverW10x64.sys (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Driver R3: Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2_TGL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C_TGL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Wireless Bluetooth(R) - (ibtusb) - C:\Windows\System32\DriverStore\FileRepository\ibtusb.inf_amd64_aeebfcf31efc55f8\ibtusb.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: MBAMFarflt - C:\Windows\system32\DRIVERS\farflt11.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: MBAMProtection - C:\Windows\system32\DRIVERS\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\Windows\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: Nefarius HidHide Service - (HidHide) - C:\Windows\System32\drivers\HidHide.sys (sign: 'Microsoft' - Nefarius Software Solutions e.U.)
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nvcvi.inf_amd64_b6f8943ac919b8b8\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVPCF Service - (nvpcf) - C:\Windows\System32\drivers\nvpcf.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: semav6msr64 - C:\Windows\system32\drivers\semav6msr64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SteelSeries Device Factory Service - (ssdevfactory) - C:\Windows\System32\drivers\ssdevfactory.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries Sonar Driver - (SteelSeries_Sonar_VAD) - C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys (sign: 'SteelSeries ApS')
O23 - Driver S3: @oem76.inf,%NDivertServiceName%;NDivert - (NDivert) - C:\Windows\System32\drivers\NDivert.sys (file missing) (+safe mode)
O23 - Driver S3: BERT Reader Service - (bertreader) - C:\Windows\System32\drivers\bertreader.sys (sign: 'Intel Corporation')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - 4F9AFC33289DADF4FC78FC744B3B163810C7ECD1)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Realtek NetAdapter Driver - (rt68cx21) - C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_17b0987cc485ce8a\rt68cx21x64.sys (sign: 'Microsoft' - Realtek)
O23 - Driver S3: TAP-NordVPN Windows Adapter V9 - (tapnordvpn) - C:\Windows\System32\drivers\tapnordvpn.sys (+safe mode) (sign: 'TEFINCOM S.A.')
O23 - Driver S3: Wintun - (wintun) - C:\Windows\System32\drivers\wintun.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'hsstap'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'NDivert'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Netwtw10'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tapnordvpn'


--
End of file - Time spent: 34,2 sec. - 62276 bytes, CRC32: FFFFFFFF. Sign: 碄୪

Murat5038 dedi:
Eki Görüntüle 346215

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.

Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...

www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

Eki Görüntüle 346216

4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

Eki Görüntüle 346202

5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
Eki Görüntüle 346203

6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

Eki Görüntüle 346206

*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

Eki Görüntüle 346207
Kod'a tıklayın.

Eki Görüntüle 346208

Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode
Paste Code

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.
Eki Görüntüle 346212

Murat5038 · 2 Temmuz 2024

jaydenpoyraz dedi:
Merhaba, uzun zamandır inanılmaz bir performans düşüşü yaşıyorum acaba bir göz atabilir misiniz?

Kod:

O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_87C559F2A50A95A39A0DBBAB5E544D94] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [Opera GX Browser Assistant] = C:\Users\ckrcn\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (sign: 'Opera Software AS')
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/06/27) (sign: 'PIRIFORM SOFTWARE LIMITED')
O4 - HKCU\..\StartupApproved\Run: [DNS Changer] = C:\Program Files\DNS Changer\DNS Changer.exe (2024/06/27) (not signed - sajjadmrx - 7EFE8EF24F9CC77CBE85B89570296335CDF042C0)
O4 - HKCU\..\StartupApproved\Run: [electron.app.BlueStacks Services] = C:\Users\ckrcn\AppData\Local\Programs\bluestacks-services\BlueStacksServices.exe --hidden (2024/01/23) (not signed - now.gg, Inc. - 7BC1B82EB0A959CB5C15E10814CFE8FF19C114EA)
O4 - HKCU\..\StartupApproved\Run: [LonelyScreen] = C:\Program Files (x86)\LonelyScreen\lonelyscreen.exe /start_context sys_auto (2023/11/18) (not signed - no company - 79F0E44415FFE74B320DFB27C8988D326DC80B2E)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_98D1BFE922228188AF3C4F8715131BF1] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2023/08/21) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background (2023/08/21) (sign: 'Microsoft')
O4 - HKLM\..\RunOnce: [Delete Cached Standalone Update Binary] = C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe" (sign: 'Microsoft')
O4 - HKLM\..\RunOnce: [Delete Cached Update Binary] = C:\Windows\system32\cmd.exe /q /c del /q "C:\Program Files\Microsoft OneDrive\Update\OneDriveSetup.exe" (sign: 'Microsoft')
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Program Files\Microsoft OneDrive\StandaloneUpdater\OneDriveSetup.exe -> DELETE.
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run: [XMouseButtonControl] = C:\Program Files\Highresolution Enterprises\X-Mouse Button Control\XMouseButtonControl.exe /notportable /delay (2024/01/23) (sign: 'Open Source Developer, Phillip Gibbons')
O4 - HKLM\..\StartupApproved\Run32: [HPMessageService] = C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe (sign: 'HP Inc.')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - Startup: C:\Users\ckrcn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe (sign: 'Firebit OU')
O22 - BITS Job: (download) {50BE6E6D-8E4D-4B91-A4AD-7B95C892E7D8} - hxxp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3uct24gmihq5qbompwph6xpyla_454/lmelglejhemejginpboagddgdfbepgmp_454_all_ZZ_err26x7gg6gj6pv3jridudm2ny.crx3 -> C:\Users\ckrcn\AppData\Local\Temp\chrome_BITS_14692_1150611375\lmelglejhemejginpboagddgdfbepgmp_454_all_ZZ_err26x7gg6gj6pv3jridudm2ny.crx3
O22 - BITS Job: (download) {A6B00CFB-ED26-4F8E-B691-91BD21042BF4} - hxxp://edgedl.me.gvt1.com/edgedl/release2/chrome_component/ad3rm3ciqs3fjr4bc4x5vwuildeq_9.49.1/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3 -> C:\Users\ckrcn\AppData\Local\Temp\chrome_BITS_21288_124163902\gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.49.1_all_ixzyrcu7pvmgu5pjv6enfqq6wa.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Tasks: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\11.1.0\Scheduler.exe /scheduler (sign: 'IObit CO., LTD')
O22 - Tasks: Driver Booster SkipUAC (ckrcn) - C:\Program Files (x86)\IObit\Driver Booster\11.1.0\DriverBooster.exe /skipuac (sign: 'IObit CO., LTD')
O22 - Tasks: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\11.1.0\AutoUpdate.exe /auto (sign: 'IObit CO., LTD')
O22 - Tasks: MSIAfterburner - C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe /s (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O22 - Tasks: oCamTask - C:\Program Files (x86)\oCam\oCamTask.exe /Run (sign: 'OORT inc.')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-863331324-1791074393-1256297829-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')

İlk olarak sürücü bulucu kullanmışssınız. Normalde yardım etmiyorum kullananlara. Sürücü bulucu driverbooster kaldırın. Gereksiz yazılımları kaldırın. Gereksiz üretici yazılımlarını kaldırıp güvenli önyükleme gerçekleştirin.
Bunların dışında çok bişey yok zararlı bakımından.

NESTER34 · 7 Temmuz 2024

Merhaba sistemimi yeni kurdum. Kurduğumdan beri stutters dedikleri kekemelik sorunu yaşıyorum. Bilgisayarı açtıktan 1-2 saat içerisinde oyunda ya da masaüstündeyken bu sorun başlıyor. Yeniden başlatmadan düzelmiyor.

Kod:

Logfile of HiJackThis+ (Plus) build 2024-04-18 Alpha v.3.4.0.9

Platform:  x64 Windows 11 (Pro), 10.0.22631.3810 (ReleaseId: 2009, 23H2), Service Pack: 0
Time:      07.07.2024 - 19:14 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    25470 MiB Free. Loading RAM (23 %), CPU (2 %)
Elevated:  Yes
Ran by:    usr    (group: Administrators; type: Local) on FURKAN, FirstRun: yes

Chrome:  126.0.6478.127
Internet Explorer: 11.0.22621.3527
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path
  11  C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\KeyboardSDK\ROGKBPlugin.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
   1  C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
   1  C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.37\AsusFanControlService.exe
   1  C:\Program Files (x86)\ASUS\AXSP\4.03.03\atkexComSvc.exe
   1  C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
   1  C:\Program Files (x86)\Common Files\Steam\steamservice.exe
   1  C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
   1  C:\Program Files (x86)\Creative\Sound Blaster Command\Creative.SBCommand.exe
   1  C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
   1  C:\Program Files (x86)\LightingService\LightingService.exe
  11  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  18  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.87\msedgewebview2.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   7  C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
   1  C:\Program Files (x86)\Steam\steam.exe
   1  C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe
   1  C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe
   1  C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
   2  C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
   1  C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
   1  C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
   1  C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
   1  C:\Program Files\ASUS\USB Wattage Watcher\AsusFCNotification_v2.exe
   1  C:\Program Files\LGHUB\lghub_agent.exe
   1  C:\Program Files\LGHUB\lghub_updater.exe
   1  C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe
   1  C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
   1  C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
   1  C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
   1  C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24061.93.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\MicrosoftTeams_24151.2105.2943.2101_x64__8wekyb3d8bbwe\msteams.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.16300.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
   1  C:\ProgramData\Logishrd\LogiOptionsPlus\logi_ai_prompt_builder\LogiAiPromptBuilder.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\NisSrv.exe
   1  C:\Riot Games\Riot Client\RiotClientCrashHandler.exe
   1  C:\Riot Games\Riot Client\RiotClientServices.exe
   6  C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Discord\app-1.0.9152\Discord.exe
   1  C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Microsoft\OneDrive\24.116.0609.0005\FileCoAuth.exe
   1  C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Microsoft\OneDrive\OneDrive.exe
   1  C:\Users\usr.DESKTOP-B9F2CT7\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\backgroundTaskHost.exe
   3  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   4  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0ba3dc7378fedf6\RstMwService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_aec3f212d50aa03b\logi_lamparray_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5714f0dca6485379\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_289adb86c54e3a76\Intel_PIE_Service.exe
   2  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe
   1  C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   8  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   2  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  72  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe

O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [AsusFCNotification_v2] = C:\Program Files\ASUS\USB Wattage Watcher\AsusFCNotification_v2.exe (sign: 'ASUSTeK COMPUTER INC.')
O4 - HKCU\..\Run: [Discord] = C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Discord\Update.exe --processStart Discord.exe (sign: 'Discord Inc.')
O4 - HKCU\..\Run: [LGHUB] = C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe --minimized (sign: 'Logitech Inc')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_834E69382F805420B63A1D8398C5735F] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\Run: [OneDrive] = C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (sign: 'Microsoft')
O4 - HKCU\..\Run: [RiotClient] = C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (sign: 'Riot Games, Inc.')
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (sign: 'Riot Games, Inc.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [Creative.SBCommand] = C:\Program Files (x86)\Creative\Sound Blaster Command\Creative.SBCommand.exe /background (sign: 'Creative Technology Ltd')
O4-32 - HKLM\..\Run: [FireStormStartUpAutoRun] = C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe (not signed - PC Partner Co.Ltd - C75E6394E824A029E4472C37EABD53A65A24D79F)
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7CD01409-EB69-48D7-913E-2654F996247A} - \Microsoft\Windows\Registry\OOBE-Maintenance (no xml)
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\Armoury Crate Service Task_CountDown - C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore1dacb139ee7ed9d - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\NoiseCancelingEngine - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\P508PowerAgent_sdk - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (file missing)
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem128.0.6537.0{FC04D0BA-39AA-457D-A7DA-FD7174D683CF} - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HardDiskSentinel\Hard Disk Sentinel_usr - C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe /AUTORUN (sign: 'Janos Mathe')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\Windows\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-500477158-1126696071-3279862432-1001 - C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O23 - Service R2: ARMOURY CRATE Service - (ArmouryCrateService) - C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS AURA SYNC lighting service - (LightingService) - C:\Program Files (x86)\LightingService\LightingService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Asus Certificate Service - (AsusCertService) - C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Com Service - (asComSvc) - C:\Program Files (x86)\ASUS\AXSP\4.03.03\atkexComSvc.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusFanControlService - C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.37\AsusFanControlService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Creative Audio Service - (CTAudSvcService) - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (sign: 'Creative Technology Ltd')
O23 - Service R2: DtsApo4Service - C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe (sign: 'DTS, Inc.')
O23 - Service R2: GameSDK Service - C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Storage Middleware Service - (RstMwService) - C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0ba3dc7378fedf6\RstMwService.exe (sign: 'Intel Corporation')
O23 - Service R2: LGHUB Updater Service - (LGHUBUpdaterService) - C:\Program Files\LGHUB\lghub_updater.exe --run-as-service (sign: 'Logitech Inc')
O23 - Service R2: Logi Facecam Service - (LogiFacecamService) - C:\Program Files\Logitech\LogiCapture\bin\Service\LogiFacecamService.exe (sign: 'Logitech Inc')
O23 - Service R2: Logi Options+ - (OptionsPlusUpdaterService) - C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe --run-as-service (sign: 'Logitech Inc')
O23 - Service R2: Logitech LampArray Service - (logi_lamparray_service) - C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_aec3f212d50aa03b\logi_lamparray_service.exe (sign: 'Logitech Inc')
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24050.7-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5714f0dca6485379\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5714f0dca6485379\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -ert (sign: 'NVIDIA Corporation')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_9d3a92437ffb40b7\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R3: Intel® PROSet/Wireless Service - (PIEServiceNew) - C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_289adb86c54e3a76\Intel_PIE_Service.exe (sign: 'Intel Corporation')
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S2: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: AsusUpdateCheck - C:\Windows\System32\AsusUpdateCheck.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: GoogleUpdater InternalService 128.0.6537.0 (GoogleUpdaterInternalService128.0.6537.0) - (GoogleUpdaterInternalService128.0.6537.0) - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater Service 128.0.6537.0 (GoogleUpdaterService128.0.6537.0) - (GoogleUpdaterService128.0.6537.0) - C:\Program Files (x86)\Google\GoogleUpdater\128.0.6537.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Intel(R) Platform License Manager Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\PlatformLicenseManagerService.exe (sign: 'Intel Corporation')
O23 - Service S3: Armoury Crate Download Tool - (ArmouryCrateDownloadTool) - C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_8801feb2c30e9f2a\ArmouryLiveUpdate.exe (sign: 'ASUSTeK Computer Inc.')
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S3: Easy Anti-Cheat (Epic Online Services) - (EasyAntiCheat_EOS) - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\126.0.6478.127\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R: ASUS Kernel Mode Driver for NT  - C:\Windows\system32\drivers\IOMap64.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R0: Intel(R) Chipset VMD RST Controller service - (iaStorVD) - C:\Windows\System32\drivers\iaStorVD.sys (sign: 'Intel Corporation')
O23 - Driver R1: Asusgio3 - C:\Windows\system32\drivers\AsIO3.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R1: CTIAIO - C:\Windows\system32\drivers\CtiAIo64.sys (sign: 'Microsoft' - Creative Technology Innovation Co., LTd.)
O23 - Driver R1: MSIO - C:\Windows\system32\drivers\MsIo64.sys (sign: 'Microsoft' - MICSYS Technology Co., LTd)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R3: ___ Windows 10 64 Bit için Intel(R) Wireless Bağdaştırıcı Sürücüsü  - (Netwtw14) - C:\Windows\System32\DriverStore\FileRepository\netwtw6e.inf_amd64_275233d28d23c717\Netwtw14.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: cpuz158 - C:\Windows\temp\cpuz158\cpuz158_x64.sys (sign: 'Microsoft' - CPUID)
O23 - Driver R3: Creative USB Kernel Audio Driver 64 - (KsUSBa64) - C:\Windows\system32\drivers\ksUSBa64.sys (sign: 'Microsoft' - Creative Technology Ltd.)
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_6b6e8cc42a3d1f09\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) PCI Express Network Connection NetAdapter Driver - (e2fnexpress) - C:\Windows\System32\DriverStore\FileRepository\e2fn.inf_amd64_fcb868ac03f43b71\e2fn.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2_ADL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_302e75596cffa74a\iaLPSS2_GPIO2_ADL.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C_ADL) - C:\Windows\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_e736c048ca307ed2\iaLPSS2_I2C_ADL.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Wireless Bluetooth(R) - (ibtusb) - C:\Windows\System32\DriverStore\FileRepository\ibtusb.inf_amd64_50f352b9697c6268\ibtusb.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: ITE UcmCx Client Service - (ITEUcmCxClient) - C:\Windows\System32\drivers\ITEUcmCxClient.sys (sign: 'ITE Tech. Inc.')
O23 - Driver R3: Logitech G HUB Translation Layer Driver - (logi_joy_xlcore) - C:\Windows\system32\drivers\logi_joy_xlcore.sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech G HUB Virtual Bus Enumerator Driver - (logi_joy_bus_enum) - C:\Windows\system32\drivers\logi_joy_bus_enum.sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech G HUB Virtual HID Device Driver - (logi_joy_vir_hid) - C:\Windows\system32\drivers\logi_joy_vir_hid.sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech LampArray Device Driver - (logi_lamparray) - C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_aec3f212d50aa03b\logi_lamparray.sys (sign: 'Logitech Inc')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_5714f0dca6485379\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_ea6cec41fc5b2a8b\NvModuleTracker.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: ROG Mouse - (ROGMS) - C:\Windows\System32\DriverStore\FileRepository\rogms.inf_amd64_8801feb2c30e9f2a\ROGMS.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - 4F9AFC33289DADF4FC78FC744B3B163810C7ECD1)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Logitech USB Surround Filter Driver (G HUB) - (logi_audio_surround) - C:\Windows\system32\drivers\logi_audio_surround.sys (sign: 'Logitech Inc')
O23 - Driver S3: RTCore64 - C:\Program Files (x86)\MSI Afterburner\RTCore64.sys (sign: 'MICRO-STAR INTERNATIONAL CO., LTD.')
O23 - Driver S3: SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Connectivity Device Driver V2 - (ss_conn_usb_driver2) - C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'e2fnexpress'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Netwtw14'
O27 - Account: (Bad profile) Folder is not referenced by any of user SIDs: C:\Users\defaultuser0
O27 - Account: (Bad profile) Folder is not referenced by any of user SIDs: C:\Users\usr


--
End of file - Time spent: 11.7 sec. - 57812 bytes, CRC32: FFFFFFFF. Sign: �펓

Murat5038 · 7 Temmuz 2024

Gereksiz üretici yazılımlarını kaldırın.

Bunları fixleyin:

Kod:

O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\126.0.6478.127\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [AsusFCNotification_v2] = C:\Program Files\ASUS\USB Wattage Watcher\AsusFCNotification_v2.exe (sign: 'ASUSTeK COMPUTER INC.')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_834E69382F805420B63A1D8398C5735F] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\Run: [OneDrive] = C:\Users\usr.DESKTOP-B9F2CT7\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (sign: 'Microsoft')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [FireStormStartUpAutoRun] = C:\Program Files (x86)\ZotacFireStorm\FireStorm.exe (not signed - PC Partner Co.Ltd - C75E6394E824A029E4472C37EABD53A65A24D79F)

Ekran kartı ve ME sürücülerini güncelleyin.

Rehber HijackThis Log Paylaşımı ve Çözümleri

Ayrıntılı düzenleme

HiJackThis

tysoskin

Zeptopat

Paste ofCode

denizbey01631

Centipat

Murat5038

Yottapat!

Kaspersky Free & Trial Downloads | Kaspersky

tysoskin

Zeptopat

Kaspersky Free & Trial Downloads | Kaspersky

Murat5038

Yottapat!

jaydenpoyraz

Hectopat

HiJackThis

Amegoss

Femtopat

HiJackThis

Murat5038

Yottapat!

NESTER34

Megapat

Murat5038

Yottapat!

Benzer konular

Technopat Haberler

Yeni konular

Yeni mesajlar

Gizliliğinize önem veriyoruz