Rehber HijackThis Log Paylaşımı ve Çözümleri

Murat5038 · 13 Ekim 2013

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.

Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...

www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.

6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

Kod'a tıklayın.

Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.

Murat5038 · 2 Ağustos 2025

mkt80 dedi:
Hocam bütün dosyalarını sildim ama yine de emin olamadım. Tamamen kaldırmanın yolu var mı?

Gerekli olanları siz demeden kaldırtmıştım zaten. Fixlediyseniz sorun yok.

AzPişmişKöfte dedi:
Geçenlerde şüpheli bir linke tıkladım daha sonrasında ise 2-3 kere geçmişi ve çerezleri temizledim, şüpheli bir aktivite var mı diye merak ediyorum. Ek olarak nadir de olsa donma giriyor bilgisayara.

Klasör içindekileri temizleyin:
C:\Windows\SystemTemp\
C:\Windows\temp\

DDU kullanarak GPU sürücülerinizi silin sonra güncel olanları kendi sitesinden indirip yükleyin.

Temiz önyükleme yapın ve gereksiz şeyler varsa kullanmadığınız kaldırın. Bunun dışında sıkıntı yok, Kaspersky kullandığınızı görüyorum zaten bir işlevde sorun olursa uyaracaktır.

mkt80 · 4 Ağustos 2025

Murat5038 dedi:
Gerekli olanları siz demeden kaldırtmıştım zaten. Fixlediyseniz sorun yok.

Klasör içindekileri temizleyin:
C:\Windows\SystemTemp\
C:\Windows\temp\

DDU kullanarak GPU sürücülerinizi silin sonra güncel olanları kendi sitesinden indirip yükleyin.

Temiz önyükleme yapın ve gereksiz şeyler varsa kullanmadığınız kaldırın. Bunun dışında sıkıntı yok, Kaspersky kullandığınızı görüyorum zaten bir işlevde sorun olursa uyaracaktır.

Hocam yok ben size rapor yollamadım sadece mesajlara bakıyordum.

Murat5038 · 9 Ağustos 2025

mkt80 dedi:
Hocam yok ben size rapor yollamadım sadece mesajlara bakıyordum.

Pardon o zaman sizde rapor gönderip bakabiliriz.

ersin97 · 11 Eylül 2025

Merhabalar,

Bilgisayarımda yavaşlama ve aralıklarla donmalar mevcut. Fakat en büyük sıkıntı ekran birden gidiyor. Kasa çalışıyor. Örneğin discorddaki arkadaslarım beni duyabiliyor, ben onları duyuyorum. Ama görüntü gidiyor. Bilgisayarı komple kapatmak zorunda kalıyorum. 1660Super ve 2600x Sistemim var.

Kod:

Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17

Platform:  x64 Windows 11 (Pro), 10.0.22631.5768 (ReleaseId: 2009, 23H2), Service Pack: 0
Time:      11.09.2025 - 18:09 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    12,48 GiB Free / 16. Loading RAM (21 %), CPU (1 %)
Disk C:    105,14 GiB Free / 222 (SSD, GPT)
Elevated:  Yes
Ran by:    ersin    (group: Administrators; type: Microsoft) on ERSIN97, FirstRun: yes

Chrome:  139.0.7258.155
Internet Explorer: 11.0.22621.3527
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: Off)

Running processes:
Number | Path
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\140.0.3485.54\msedgewebview2.exe
   1  C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe
   1  C:\Program Files\LGHUB\lghub_updater.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\PowerToys\PowerToys.Awake.exe
   1  C:\Program Files\PowerToys\PowerToys.ColorPickerUI.exe
   1  C:\Program Files\PowerToys\PowerToys.CropAndLock.exe
   1  C:\Program Files\PowerToys\PowerToys.exe
   1  C:\Program Files\PowerToys\PowerToys.FancyZones.exe
   1  C:\Program Files\PowerToys\PowerToys.PowerLauncher.exe
   1  C:\Program Files\PowerToys\PowerToys.PowerOCR.exe
   1  C:\Program Files\PowerToys\WinUI3Apps\PowerToys.Peek.UI.exe
   1  C:\Program Files\TeamViewer\crashpad_handler.exe
   1  C:\Program Files\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_30.104.29001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_30.104.29001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.4.0.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25072.63.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.18101.90.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\NisSrv.exe
   1  C:\Users\ersin\Downloads\Compressed\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\audiodg.exe
   6  C:\Windows\System32\backgroundTaskHost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3496fbfac7a2d1ba\Display.NvContainer\NVDisplay.Container.exe
   2  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e54441f6cc56b0cb\RtkAudUService64.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   6  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  68  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\139.0.7258.155\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\ersin\AppData\Local\Discord\Update.exe --processStart Discord.exe (2024/11/02) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2024/04/09) (sign: 'Tonec Inc.')
O4 - HKCU\..\StartupApproved\Run: [LGHUB] = C:\Program Files\LGHUB\system_tray\lghub_system_tray.exe --minimized (2024/01/24) (sign: 'Logitech Inc')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_AEEA7D26E10C80D803D1467811869685] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/09/11) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\ersin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2024/11/02) (invalid sign: TRUST_E_BAD_DIGEST - Spotify Ltd - 00BB4C8738992C41C051AA088E2F5D6CF290C4C0)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2024/01/24) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e54441f6cc56b0cb\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\StartupApproved\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true (2024/11/02) (sign: 'GN Hearing A/S')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk    ->    C:\Program Files (x86)\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (file missing) (2025/09/11)
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (not signed - no company - 1A49C5F7A98580F8002AC1D6115AB39CB753975B)
O17 - DHCP DNS 1: 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - DHCP DNS 2: 1.0.0.1 (Well-known DNS: Cloudflare / APNIC)
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\Windows\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem141.0.7376.0{6EB92828-EAB9-452A-BF81-9555E10EDC06} - C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\ReconcileConfigs - {15F5ECE1-4550-4A92-8E26-984FD1DA54FA} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver - {D4C0420F-76BD-4F66-A91F-918A93ABEBEB} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemoteMouseSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteMouseSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemotePenSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemotePenSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemoteTouchpadSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteTouchpadSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator - C:\Windows\system32\UIEOrchestrator.exe /SendHeartbeat (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: \PowerToys\Autorun for ersin - C:\Program Files\PowerToys\PowerToys.exe (sign: 'Microsoft')
O22 - Tasks: AMDAutoUpdate - C:\Program Files\AMD\AutoUpdate\AMDAutoUpdate.exe (sign: 'Advanced Micro Devices Inc.')
O22 - Tasks: infatica_p2b - C:\Program Files (x86)\Infatica P2B\infatica_agent.exe (sign: 'Infatica Pte. Ltd.')
O22 - Tasks: NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe (sign: 'NVIDIA Corporation')
O23 - Service R2: Cloudflare WARP - (CloudflareWARP) - C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe (sign: 'Cloudflare, Inc.')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_30.104.29001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_30.104.29001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: LGHUB Updater Service - (LGHUBUpdaterService) - C:\Program Files\LGHUB\lghub_updater.exe --run-as-service (sign: 'Logitech Inc')
O23 - Service R2: Logitech LampArray Service - (logi_lamparray_service) - C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray_service.exe (sign: 'Logitech Inc')
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3496fbfac7a2d1ba\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3496fbfac7a2d1ba\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA Corporation\NVIDIA App\NvContainer\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000  -ert (sign: 'NVIDIA Corporation')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_e54441f6cc56b0cb\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe (sign: 'TeamViewer Germany GmbH')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Google Güncelleyici Dahili Hizmeti (GoogleUpdaterInternalService141.0.7376.0) - (GoogleUpdaterInternalService141.0.7376.0) - C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: Google Güncelleyici Hizmeti (GoogleUpdaterService141.0.7376.0) - (GoogleUpdaterService141.0.7376.0) - C:\Program Files (x86)\Google\GoogleUpdater\141.0.7376.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S3: Battle.net Update Helper Svc - (battlenet_helpersvc) - C:\ProgramData\Battle.net_components\battlenet_helpersvc\AgentHelper.exe (sign: 'Blizzard Entertainment, Inc.')
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe (sign: 'BattlEye Innovations e.K.')
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\139.0.7258.155\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: SteelSeries GG Update Service Proxy - (SteelSeriesGGUpdateServiceProxy) - C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe (sign: 'GN Hearing A/S')
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\Wellbia.com\ucldr_battlegrounds_gl.exe (sign: 'Wellbia.com Co., Ltd.')
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe (sign: 'KRAFTON, Inc.')
O23 - Driver R1: AMD PSP Service - (amdpsp) - C:\Windows\system32\DRIVERS\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R2: AMDRyzenMasterDriverV22 - C:\Program Files\AMD\RyzenMaster\bin\AMDRyzenMasterDriver.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R2: IDMWFP - C:\Windows\System32\drivers\idmwfp.sys (sign: 'Microsoft' - Tonec Inc.)
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\Windows\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio3) - C:\Windows\System32\drivers\amdgpio3.sys (invalid sign: CERT_E_CHAINING - Advanced Micro Devices, Inc - 0FC5F8864D2E9F6AE7D7AC9AC5CD04824ACF5D84)
O23 - Driver R3: AMD PCI - (AMDPCIDev) - C:\Windows\System32\drivers\AMDPCIDev.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: Logitech G HUB Translation Layer Driver - (logi_joy_xlcore) - C:\Windows\system32\drivers\logi_joy_xlcore.sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech G HUB Virtual Bus Enumerator Driver - (logi_joy_bus_enum) - C:\Windows\system32\drivers\logi_joy_bus_enum.sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech LampArray Device Driver - (logi_lamparray) - C:\Windows\System32\DriverStore\FileRepository\logi_lamparray_usb.inf_amd64_cdf3ca3c77d5f267\logi_lamparray.sys (sign: 'Logitech Inc')
O23 - Driver R3: NVIDIA USB Type-C PPC Service - (UcmCxUcsiNvppc) - C:\Windows\System32\DriverStore\FileRepository\nvppc.inf_amd64_e474dac8ea58e564\UcmCxUcsiNvppc.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_3496fbfac7a2d1ba\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SteelSeries Device Factory Service - (ssdevfactory) - C:\Windows\System32\drivers\ssdevfactory.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries HID Service - (sshid) - C:\Windows\System32\drivers\sshid.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries Sonar Driver - (SteelSeries_Sonar_VAD) - C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_4a7a0876e89a4ff8\SteelSeries-Sonar-VAD.sys (sign: 'GN Hearing A/S')
O23 - Driver S2: SecDrv - C:\Windows\system32\drivers\SECDRV.SYS (file missing)
O23 - Driver S3: AMD Kernel Mode CSP Service - (amdkmcsp) - C:\Windows\system32\DRIVERS\amdkmcsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - 4F9AFC33289DADF4FC78FC744B3B163810C7ECD1)
O23 - Driver S3: EAAntiCheat - C:\Windows\system32\drivers\eaanticheat.sys (file missing)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Logitech G HUB Virtual HID Device Driver - (logi_joy_vir_hid) - C:\Windows\system32\drivers\logi_joy_vir_hid.sys (sign: 'Logitech Inc')
O23 - Driver S3: navagio - C:\Program Files\Common Files\PUBG\navagio.sys (sign: 'Microsoft' - no company)
O23 - Driver S3: Wintun - (wintun) - C:\Windows\System32\drivers\wintun.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Driver S3: xhunter1 - C:\Windows\xhunter1.sys (sign: 'Wellbia.com Co., Ltd.')
O26 - Office Addin: HKCU\..\TeamsAddin.FastConnect - (Microsoft Teams Meeting Add-in for Microsoft Office) -> (no file)


--
End of file - Time spent: 33,9 sec. - 44446 bytes, CRC32: FFFFFFFF. Sign: 睜ㅜ

sedatyild · 11 Eylül 2025

Merhaba pc de sürekli yavaşlamalar oluyor özellikle netteyken, kaspersky kurulu arada malwarebytes ile cclenar ile taratıyorum yardımcı olabilirmisniz,iyi çalışmalar

Kod:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform:  x64 Windows 10 (Home Single Language), 10.0.19045.6332 (ReleaseId: 2009), Service Pack: 0
Time:      11.09.2025 - 18:39 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Sedat    (group: Administrator) on DESKTOP-5SG7IFU, FirstRun: no

Chrome:  139.0.7258.139
Firefox: 142.0.1.723
Internet Explorer: 11.0.19041.5794
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Internet Download Manager\IDMan.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\avpui.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\plugins_nms.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.22\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.22\ksdeui.exe
   1  C:\Program Files (x86)\Microsoft Office\Office16\EXCEL.EXE
   6  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  28  C:\Program Files\Google\Chrome\Application\chrome.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   2  C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
   6  C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.271.421.0_x64__zpdnekdrzrea0\Spotify.exe
   1  C:\Users\Sedat\Desktop\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
   5  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\backgroundTaskHost.exe
   1  C:\Windows\System32\cmd.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  72  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe

O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\140.0.3485.54\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\140.0.3485.54\BHO\ie_to_edge_bho.dll
O4 - HKCU\..\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/05/17)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_E8C4207C584F2FB0A77218D53CE2B382] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start (2023/12/29)
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\System32\LogiLDA.dll C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\StartupApproved\Run32: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (2023/04/20)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/01/17)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (2023/12/29)
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_MAXX6] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX6 (2023/04/20)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [WavesSvc] = C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe (2023/04/20)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O17 - DHCP DNS 1: 94.140.15.15
O17 - DHCP DNS 2: 94.140.14.14
O17 - DHCP DNS 3: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{15c25ed0-5989-42b4-99a5-ab2821930431}: [NameServer] = 94.140.14.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{15c25ed0-5989-42b4-99a5-ab2821930431}: [NameServer] = 94.140.15.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{964cabfa-c42e-474f-aa2e-217e3b7f0f31}: [NameServer] = 94.140.14.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{964cabfa-c42e-474f-aa2e-217e3b7f0f31}: [NameServer] = 94.140.15.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc23399-5ff9-4215-9c67-de030da6615f}: [NameServer] = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc23399-5ff9-4215-9c67-de030da6615f}: [NameServer] = 94.140.14.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{ccc23399-5ff9-4215-9c67-de030da6615f}: [NameServer] = 94.140.15.15
O17 - HKLM\System\CCS\Services\Tcpip\..\{ff9aac56-a22b-47b9-8d75-1565135e7377}: [NameServer] = 94.140.14.14
O17 - HKLM\System\CCS\Services\Tcpip\..\{ff9aac56-a22b-47b9-8d75-1565135e7377}: [NameServer] = 94.140.15.15
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{15C25ED0-5989-42B4-99A5-AB2821930431}: [NameServer] = 94.140.14.14
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{15C25ED0-5989-42B4-99A5-AB2821930431}: [NameServer] = 94.140.15.15
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{964CABFA-C42E-474F-AA2E-217E3B7F0F31}: [NameServer] = 94.140.14.14
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{964CABFA-C42E-474F-AA2E-217E3B7F0F31}: [NameServer] = 94.140.15.15
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{CCC23399-5FF9-4215-9C67-DE030DA6615F}: [NameServer] = 192.168.1.1
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{CCC23399-5FF9-4215-9C67-DE030DA6615F}: [NameServer] = 94.140.14.14
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{CCC23399-5FF9-4215-9C67-DE030DA6615F}: [NameServer] = 94.140.15.15
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{FF9AAC56-A22B-47B9-8D75-1565135E7377}: [NameServer] = 94.140.14.14
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{FF9AAC56-A22B-47B9-8D75-1565135E7377}: [NameServer] = 94.140.15.15
O21 - HKLM\..\ShellIconOverlayIdentifiers\            IDM Shell Extension: IDM Shell Extension - {CDC95B92-E27C-4745-A8C5-64A52A78855D} - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e88f95aa-daa4-4c9e-af8e-9c9a1c54b6e0" --version "6.39.0.11548" --silent
O22 - Task (.job): update-S-1-5-21-2081644607-73863285-1770954733-1001.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task (.job): update-sys.job - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\Windows\system32\MusNotification.exe /RunOnAC Reboot (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\Windows\system32\MusNotification.exe /RunOnBattery Reboot (Microsoft)
O22 - Task: (disabled) GoogleUpdateTaskUserS-1-5-21-2081644607-73863285-1770954733-1001UA{76A9F737-270C-480E-A702-85BB48C2D018} - C:\Users\Sedat\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (file missing)
O22 - Task: (disabled) RtHDVBg_PushButton - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /IM
O22 - Task: (disabled) \Microsoft\Windows\Clip\ClipESU - C:\Windows\system32\clipesu.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) update-S-1-5-21-2081644607-73863285-1770954733-1001 - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task: (disabled) update-sys - C:\Program Files (x86)\Skillbrains\Updater\Updater.exe -runmode=checkupdate
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (Microsoft)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e88f95aa-daa4-4c9e-af8e-9c9a1c54b6e0" --version "6.39.0.11548" --silent
O22 - Task: CCleanerSkipUAC - Sedat - C:\Program Files\CCleaner\CCleaner64.exe $(Arg0)
O22 - Task: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky\upgrade.exe /waitUpgrade
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\Windows\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipESUConsumer - C:\Windows\system32\ClipESUConsumer.exe -evaluateEligibility (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder - C:\Windows\system32\ClipESUConsumer.exe -postProcessPreOrder (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund - C:\Windows\system32\ClipESUConsumer.exe -processRefund (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\EnableClipESU - C:\Windows\system32\clipesu.exe -e (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82AA0895-198A-4C1B-B2D1-C16894218AFB} - C:\Windows\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\Windows\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\SoftwareProtectionPlatform\SvcTrigger - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},logon - C:\Windows\System32\sppcext.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Start Oobe Expedite Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScanAfterUpdate - C:\Windows\system32\usoclient.exe StartOobeAppsScanAfterUpdate (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\Windows\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-2081644607-73863285-1770954733-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
O23 - Service R2: Kaspersky Hizmeti 21.22 - (AVP21.22) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\avp.exe -r
O23 - Service R2: Kaspersky VPN Secure Connection Hizmeti 5.22 - (KSDE5.22) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.22\ksde.exe -r
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) Optane(TM) Memory Service - (iaStorAfsService) - C:\Windows\System32\iaStorAfsService.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.22 - (klvssbridge64_21.22) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\x64\vssbridge64.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice_tmp.exe
O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe


--
End of file - Time spent: 14.6 sec. - 36084 bytes, CRC32: FFFFFFFF. Sign: 츟瑣

rm1903 · Pazar 15:50

Merhaba. Dün bilgisayarıma PES yaması indirmek isterken dalgınlığıma geldi ve virüs indirip çalıştırdım fark edince PC'yi yeniden başlattım. PC yeniden başladığında özellikle görev yöneticisinde bir sürü "rundll32.exe" çalışıyor ve Görev Yöneticisi'nden kapatmak istediğimde Görev Yöneticisi kilitlenip kapanıyor ve de PC yavaşlıyor. Ortalama 3-4 dk içinde PC kendine geliyor ve düzeliyor. Ayrıca virüs girdikten sonra Chrome ve Microsoft Edge programları masaüstünde klonlandı, garip bir uyarıyla açılmaya başladı (işe yarar mı bilmem ama fotoğrafı ekleyeceğim) ve BAT dosyasıyla çalışmaya başladı bende hemen dosya konumundan sildim şu an orijinal Chrome'u kullanıyorum ve artık batla çalışmıyor. Malwarebytes ile tarama yaptım 6-7 tane virüs buldu, sildim. Daha sonra Appdata/Local dizininde 2 tane garip isimli program bulup onları da sildim tekrar Malwarebytes ile tarama yaptığımda 3 tane daha virüs buldu onları da sildim. Ama sorun hala devam ediyor.
Format atmak istemiyorum ama sizde çözüm bulmazsanız tek çare o kaldı gibi.

İlgili Dosya

Murat5038 · Dün 22:31

rm1903 dedi:
Format atmak istemiyorum ama sizde çözüm bulmazsanız tek çare o kaldı gibi.

C:\ProgramData\ClpHtt
Bu klasör içi şüpheli.

E:\Program Files (x86)\Driver Booster
Sürücü bulucu kullanmışssın sebeplerden biri bu.

Tavsiye edilmeyen adı bile az bilinen programlar yüklemişssiniz mümkün oldukça kaldırın:
E:\Zona
C:\Program Files\Visual Subst
Avira\System Speedup
Free Download Manager

Bunları fixleyin:

Kod:

O22 - Tasks: VisualSubstUAC - C:\Program Files\Visual Subst\VSubst.exe /UACTASK (sign: 'NTWIND LLC')
O22 - Tasks: \Diagnostic\Service - C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.exe "C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.dat" (file missing)
O22 - Tasks_Migrated: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)
O22 - Tasks: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)

Bunları yaptıktan sonra Kaspersky ile tam tarama yapmanızı da tavsiye ederim.

sedatyild dedi:
Merhaba PC de sürekli yavaşlamalar oluyor özellikle netteyken, Kaspersky kurulu arada Malwarebytes ile cclenar ile taratıyorum yardımcı olabilir misiniz, iyi çalışmalar.

MBAM ve Kaspersky aktif kullanılamaz. MBAM kaldırın eğer Kaspersky lisanslı kullanıyorsanız.
CCleaner da smart teknoloji özelliğini kapatın.
Temiz önyükleme yapın ve gerekli olmadığında IDM ve arka planda açık program bırakmayın.
Sürücü güncellemelerinizi de kontrol edin.

Bunları fixleyin:

Kod:

O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/05/17)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_E8C4207C584F2FB0A77218D53CE2B382] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start (2023/12/29)
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\System32\LogiLDA.dll C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\StartupApproved\Run32: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (2023/04/20)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/01/17)
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e88f95aa-daa4-4c9e-af8e-9c9a1c54b6e0" --version "6.39.0.11548" --silent
O22 - Task: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe

ersin97 dedi:
Bilgisayarımda yavaşlama ve aralıklarla donmalar mevcut.

PowerToys kullanıyorsunuz bu güzel araçlar içerse de bilinçsiz kulalnımda sistem kararsızlıklarına yol açar. Güncelliğini de devamlı kontrol etmeniz gerekir. Kullanmıyorsanız kaldırın.
Bunları fixleyin.:

Kod:

O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\ersin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2024/11/02) (invalid sign: TRUST_E_BAD_DIGEST - Spotify Ltd - 00BB4C8738992C41C051AA088E2F5D6CF290C4C0)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_AEEA7D26E10C80D803D1467811869685] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/09/11) (sign: 'Microsoft')
O22 - Tasks: infatica_p2b - C:\Program Files (x86)\Infatica P2B\infatica_agent.exe (sign: 'Infatica Pte. Ltd.')

rm1903 · Dün 22:42

Murat5038 dedi:

C:\ProgramData\ClpHtt
Bu klasör içi şüpheli.

E:\program files (X86)\driver booster.
Sürücü bulucu kullanmışssın sebeplerden biri bu.

Tavsiye edilmeyen adı bile az bilinen programlar yüklemişssiniz mümkün oldukça kaldırın:
E:\zona
C:\program Files\Visual subst.
Avira\System speedup.
Free Download Manager.

Bunları fixleyin:

Kod:

O22 - Tasks: VisualSubstUAC - C:\Program Files\Visual Subst\VSubst.exe /UACTASK (sign: 'NTWIND LLC')
O22 - Tasks: \Diagnostic\Service - C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.exe "C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.dat" (file missing)
O22 - Tasks_Migrated: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)
O22 - Tasks: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)

Bunları yaptıktan sonra Kaspersky ile tam tarama yapmanızı da tavsiye ederim.

MBAM ve Kaspersky aktif kullanılamaz. MBAM kaldırın eğer Kaspersky lisanslı kullanıyorsanız.
CCleaner da Smart teknoloji özelliğini kapatın.
Temiz önyükleme yapın ve gerekli olmadığında IDM ve arka planda açık program bırakmayın.
Sürücü güncellemelerinizi de kontrol edin.

Bunları fixleyin:

Kod:

O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/05/17)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_E8C4207C584F2FB0A77218D53CE2B382] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start (2023/12/29)
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\System32\LogiLDA.dll C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\StartupApproved\Run32: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (2023/04/20)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/01/17)
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e88f95aa-daa4-4c9e-af8e-9c9a1c54b6e0" --version "6.39.0.11548" --silent
O22 - Task: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe

Eyvallah hocam. Format atarak çözdüm ben. Bahsettiğiniz programlar uzun zamandır PC'mdeydi ve bir sorun yaşatmamıştı ama bir daha kullanmam aktif kullandığım programlar değildi zaten. İlk söylediğiniz klasörü (ProgramData\ClpHtt) ilk defa duydum muhtemel virüs oydu ama PC kasmaktan kullanılmaz duruma geldiği için formatlamak zorunda kaldım.

Murat5038 · Dün 22:47

Rica ederim geçmiş olsun. Sürücü bulucu kullanmayın yanında siz görmediğinizde ek yazılımlar ekliyor.

rm1903 · Dün 22:54

Murat5038 dedi:
Rica ederim geçmiş olsun. Sürücü bulucu kullanmayın yanında siz görmediğinizde ek yazılımlar ekliyor.

Doğrudur hocam. Driver Booster bir kere PC mi bozmuştu, sistem geri yükleme ile düzeltmiştim ondan beridir kullanmıyordum zaten. Öyle duruyordu. Driver yükleme konusunda cahil olduğum için (hangi driver nereden indirilir) bilmediğimden yüklemiştim. Hala daha anlamam pek.

Rehber HijackThis Log Paylaşımı ve Çözümleri

Ayrıntılı düzenleme

HiJackThis

Murat5038

Yottapat!

mkt80

Hectopat

Murat5038

Yottapat!

ersin97

Hectopat

sedatyild

Hectopat

rm1903

Decapat

Dosya Ekleri

Murat5038

Yottapat!

rm1903

Decapat

Murat5038

Yottapat!

rm1903

Decapat

Benzer konular