1543056134722.png


Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.



Kullanımı:

1)
Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

1543056459730.png


4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

1543053000396.png


5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
1543053111358.png


6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

1543053449185.png



*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

1543053710016.png

Kod'a tıklayın.

1543053809056.png


Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.
1543054420492.png
 
Son düzenleme:
Kod:
Logfile of HiJackThis+ (Plus) build 2024-02-27 Alpha v.3.4.0.6

Platform:  x64 Windows 11 (Pro), 10.0.22631.3296 (ReleaseId: 2009, 23H2), Service Pack: 0
Time:      19.03.2024 - 23:54 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    19897 MiB Free. Loading RAM (39 %), CPU (2 %)
Elevated:  Yes
Ran by:    arsla    (group: Administrators; type: Microsoft) on BERK, FirstRun: yes

Chrome:  122.0.6261.129
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: On) (Code Integrity: On)

Running processes:
Number | Path
   1  C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
   1  C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
   1  C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
   1  C:\Program Files (x86)\AnyDesk\AnyDesk.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\12.1.0.7121\AdskLicensingService\AdskLicensingService.exe
   1  C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\adskflex.exe
   2  C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avpui.exe
   1  C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\122.0.2365.92\msedgewebview2.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzAppManager
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzDiagnostic
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzIoTDeviceManager
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe
   1  C:\Program Files (x86)\Razer Chroma SDK\bin\RzSmartlightingDeviceManager
   1  C:\Program Files (x86)\Razer\Razer Services\GMS3\GameManagerService3.exe
   1  C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
   4  C:\Program Files\Autodesk\AdODIS\V1\Setup\ui-launcher\AdskAccessUIHost.exe
   1  C:\Program Files\Autodesk\AdskIdentityManager\1.10.4.0\AdskIdentityManager.exe
   1  C:\Program Files\Bonjour\mDNSResponder.exe
   4  C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe
   1  C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
   1  C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Razer\RazerAppEngine\app-4.0.272\CommonDLL\RzEngineMon.exe
  17  C:\Program Files\Razer\RazerAppEngine\app-4.0.272\RazerAppEngine.exe
   1  C:\Program Files\SteelSeries\GG\apps\engine\prism\SteelSeriesPrism.exe
   1  C:\Program Files\SteelSeries\GG\apps\engine\SteelSeriesEngine.exe
   1  C:\Program Files\SteelSeries\GG\apps\moments\SteelSeriesSvcLauncher.exe
   1  C:\Program Files\SteelSeries\GG\apps\sonar\SteelSeriesSonar.exe
   1  C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
   1  C:\Program Files\TeamViewer\crashpad_handler.exe
   1  C:\Program Files\TeamViewer\TeamViewer.exe
   1  C:\Program Files\TeamViewer\TeamViewer_Service.exe
   1  C:\Program Files\TeamViewer\tv_w32.exe
   1  C:\Program Files\TeamViewer\tv_x64.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2410.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
   1  C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
   1  C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.40043.0_x64__0a9344xs7nr4m\radeonsoftware\AMDRSServ.exe
   1  C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.40043.0_x64__0a9344xs7nr4m\radeonsoftware\cncmd.exe
   1  C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.22.40043.0_x64__0a9344xs7nr4m\radeonsoftware\RadeonSoftware.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24021.105.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.310.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.310.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
   4  C:\Program Files\WindowsApps\ULICTekInc.NitroSenseforNotebook_4.0.775.0_x64__nt9dgb7efx6bt\app\NitroSense.exe
   1  C:\ProgramData\Autodesk\ADPSDK\bin\ADPClientService.exe
   1  C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlceip.exe
   1  C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe
   1  C:\Users\arsla\AppData\Roaming\Autodesk\ADPSDK\bin\ADPClientService.exe
   1  C:\Users\arsla\OneDrive\Masaüstü\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\AcerDeviceInfo\AcerDeviceInfoAgentService.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\amdfendrsr.exe
   1  C:\Windows\System32\amdpmfservice.exe
   1  C:\Windows\System32\amdpmfserviceuser.exe
   1  C:\Windows\System32\audiodg.exe
  15  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe
   1  C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe
   1  C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWM.exe
   1  C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\AAADSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\AcerPixyService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\ARTAimmxService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_b14c5aaaf7d6a16e\ADESv2Svc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acerservicecomponent.inf_amd64_302f8c9c9f2d2353\AcerService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\acerservicecomponent.inf_amd64_302f8c9c9f2d2353\AcerServiceWrapper.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_6eae42cbc3ee7e36\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\AcerAgentService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\AcerCentralService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\AcerHardwareService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\AcerLightingService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\OpenRGB.exe
   3  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c607c18cb15933d8\RtkAudUService64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0395510.inf_amd64_266bc083bb7590df\B395348\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0395510.inf_amd64_266bc083bb7590df\B395348\atiesrxx.exe
   1  C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\escsvc64.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\LsaIso.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   1  C:\Windows\System32\rundll32.exe
   8  C:\Windows\System32\RuntimeBroker.exe
   2  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  87  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: 127.0.0.1 berk.local #laragon magic!
O1 - Hosts: 127.0.0.1 berke.local #laragon magic!
O1 - Hosts: 127.0.0.1 test.local #laragon magic!
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\122.0.6261.129\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Google LLC')
O4 - HKCU\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\88.0.0.0\GoogleDriveFS.exe --startup_mode (sign: 'Google LLC')
O4 - HKCU\..\Run: [RazerAppEngine] = C:\Program Files\Razer\RazerAppEngine\RazerAppEngine.exe --url-params=apps=synapse,chroma-app --launch-force-hidden=synapse,chroma-app --autoStart=1 (sign: 'Razer USA Ltd.')
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2024/01/10) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_4E33AFACCFFE77B68FE6789D29C8AC02] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2024/01/10) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\arsla\AppData\Local\Programs\Opera\opera.exe (2024/01/10) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2024/01/10) (sign: 'Valve Corp.')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\arsla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laragon.lnk    ->    C:\laragon\laragon.exe (2024/03/19) (not signed - Le Ngoc Khoa - 5AFC6DD4181F85D050296525817403708FDF60DF)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (sign: 'Adobe Systems Incorporated')
O4 - HKLM\..\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (sign: 'Adobe Inc.')
O4 - HKLM\..\Run: [Autodesk Access] = C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe --minimizedUi --autoLaunch (sign: 'Autodesk, Inc.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c607c18cb15933d8\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true (sign: 'SteelSeries ApS')
O4 - HKU\S-1-5-18\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\88.0.0.0\GoogleDriveFS.exe --startup_mode (User 'LocalSystem') (sign: 'Google LLC')
O4 - HKU\S-1-5-19\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\88.0.0.0\GoogleDriveFS.exe --startup_mode (User 'Local service') (sign: 'Google LLC')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\88.0.0.0\GoogleDriveFS.exe --startup_mode (User 'Network service') (sign: 'Google LLC')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\..\Run: [GoogleDriveFS] = C:\Program Files\Google\Drive File Stream\88.0.0.0\GoogleDriveFS.exe --startup_mode (User 'SQLTELEMETRY$TEW_SQLEXPRESS') (sign: 'Google LLC')
O4 - HKU\S-1-5-80-2079297812-3395903788-2019235919-340588434-3960611093\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'SQLTELEMETRY$TEW_SQLEXPRESS') (sign: 'Microsoft')
O4 - MountPoints2: HKCU\..\{2c3c3725-af2f-11ee-ba66-60e9aaf1335e}\shell\AutoRun\command: (default) = F:\SETUP.EXE (file missing)
O4 - MountPoints2: HKCU\..\{5f674403-af3e-11ee-ba66-60e9aaf1335e}\shell\AutoRun\command: (default) = H:\Setup.exe (file missing)
O4-32 - HKLM\..\Run: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] = C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [Razer Synapse] = C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (sign: 'Razer USA Ltd.')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O5 - Applet: C:\Windows\System32\plotman.cpl (sign: 'Autodesk, Inc.')
O5 - Applet: C:\Windows\System32\styleman.cpl (sign: 'Autodesk, Inc.')
O7 - KnownFolder:  (folder missing)
O7 - KnownFolder: C:\Users\arsla\Desktop (folder missing)
O7 - KnownFolder: C:\Users\arsla\Pictures (folder missing)
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll (sign: 'Apple Inc.')
O17 - DHCP DNS 1: 192.168.0.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (sign: 'Adobe Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Google\Drive File Stream\88.0.0.0\drivefsext.dll (sign: 'Google LLC')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Windows\system32\AcSignIcon.dll (sign: 'Autodesk, Inc.')
O22 - Task (.job): (Not scheduled) EPSON L3150 Series Update {A26A6A02-A01C-4D62-8EB0-6D8D860E7C20}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE (sign: 'SEIKO EPSON CORPORATION')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: ACC - C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto (sign: 'Acer Incorporated')
O22 - Tasks: ACCAgent - C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe (sign: 'Acer Incorporated')
O22 - Tasks: ACCBackgroundApplication - C:\Program Files (x86)\Acer\Care Center\ACCStd.exe (sign: 'Acer Incorporated')
O22 - Tasks: AcerDeviceInfoAgentServiceDelayStart - C:\Windows\system32\sc.exe start AcerDeviceInfoAgentService (sign: 'Microsoft')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: AdobeGCInvoker-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled (sign: 'Adobe Inc.')
O22 - Tasks: Adobe-Genuine-Software-Integrity-Scheduler-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (sign: 'Adobe Inc.')
O22 - Tasks: C__Program Files_HeidiSQL_heidisql.exe - C:\Program Files\HeidiSQL\heidisql.exe --runfrom=scheduler (sign: 'Ansgar Becker')
O22 - Tasks: EPSON L3150 Series Update {A26A6A02-A01C-4D62-8EB0-6D8D860E7C20} - C:\Windows\system32\spool\DRIVERS\x64\3\E_YTSUNE.EXE /EXE:"{A26A6A02-A01C-4D62-8EB0-6D8D860E7C20}" /F:"Update" (sign: 'SEIKO EPSON CORPORATION')
O22 - Tasks: GoogleUpdateTaskMachineCore{19073392-C02C-43FA-84EF-D2CD934872CD} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA{D973E9E8-710D-4A10-BC36-3503E55C85F7} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe /waitUpgrade (sign: 'AO Kaspersky Lab')
O22 - Tasks: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser (sign: 'Advanced Micro Devices Inc.')
O22 - Tasks: NitroSenseLauncher - C:\Program Files\NitroSense\Prerequisites\NitroSenseLauncher.exe (sign: 'ULIC TEK INC.')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: Opera scheduled assistant Autoupdate 1704835846 - C:\Users\arsla\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\arsla\AppData\Local\Programs\Opera\assistant" $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera scheduled Autoupdate 1704835842 - C:\Users\arsla\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Software Update Application - C:\ProgramData\OEM\UpgradeTool\ListCheck.exe (sign: 'Acer Incorporated')
O23 - Service R2: AAADSvc - (AcerARTAIMMXDriverService) - C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\AAADSvc.exe (sign: 'Acer Incorporated')
O23 - Service R2: ACC Service - (ACCSvc) - C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe (sign: 'Acer Incorporated')
O23 - Service R2: Acer Agent Service - (AASSvc) - C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\AcerCentralService.exe (sign: 'Acer Incorporated')
O23 - Service R2: Acer Device Enabling Sevice V2 - (AcerDeviceEnablingServiceV2) - C:\Windows\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_b14c5aaaf7d6a16e\ADESv2Svc.exe (sign: 'Acer Incorporated')
O23 - Service R2: Acer Lighting Service - (AcerLightingService) - C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\AcerLightingService.exe (sign: 'Acer Incorporated')
O23 - Service R2: Acer Service Component Service - (AcerServiceSvc) - C:\Windows\System32\DriverStore\FileRepository\acerservicecomponent.inf_amd64_302f8c9c9f2d2353\AcerServiceWrapper.exe (sign: 'ULIC TEK INC.')
O23 - Service R2: AcerPixyService - C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\AcerPixyService.exe (sign: 'Acer Incorporated')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (sign: 'Adobe Inc.')
O23 - Service R2: AdskNLM - C:\Program Files (x86)\Common Files\Autodesk Shared\Network License Manager\lmgrd.exe (sign: 'Flexera Software LLC')
O23 - Service R2: AMD Crash Defender Service - C:\Windows\System32\amdfendrsr.exe (sign: 'Advanced Micro Devices Inc.')
O23 - Service R2: AMD External Events Utility - C:\Windows\System32\DriverStore\FileRepository\u0395510.inf_amd64_266bc083bb7590df\B395348\atiesrxx.exe (sign: 'Advanced Micro Devices Inc.')
O23 - Service R2: AMD PMF Service - (amdpmfservice) - C:\Windows\System32\amdpmfservice.exe (sign: 'Advanced Micro Devices Inc.')
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service (sign: 'AnyDesk Software GmbH')
O23 - Service R2: ARTAimmxService - (AcerARTAIMMXService) - C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\ARTAimmxService.exe (sign: 'Acer Incorporated')
O23 - Service R2: Autodesk Access Service Host - C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Autodesk Desktop Licensing Service - (AdskLicensingService) - C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: AzureAttestService - C:\Windows\system32\svchost.exe -k AzureAttestService; "ServiceDll" = C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll (sign: 'Microsoft')
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe (sign: 'Apple Inc.')
O23 - Service R2: DtsApo4Service - C:\Windows\System32\DTS\PC\APO4x\DtsApo4Service.exe (sign: 'DTS, Inc.')
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe (sign: 'SEIKO EPSON CORPORATION')
O23 - Service R2: FlexNet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (sign: 'Flexera Software LLC')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: Kaspersky Hizmeti 21.16 - (AVP21.16) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: Killer Analytics Service - C:\Windows\System32\drivers\RivetNetworks\Killer\KillerAnalyticsService.exe (sign: 'Intel Corporation')
O23 - Service R2: Killer Network Service - C:\Windows\System32\drivers\RivetNetworks\Killer\KillerNetworkService.exe (sign: 'Intel Corporation')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_6eae42cbc3ee7e36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_6eae42cbc3ee7e36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (sign: 'NVIDIA Corporation')
O23 - Service R2: Razer Chroma SDK Server - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKServer.exe (sign: 'Razer USA Ltd.')
O23 - Service R2: Razer Chroma SDK Service - C:\Program Files (x86)\Razer Chroma SDK\bin\RzSDKService.exe (sign: 'Razer USA Ltd.')
O23 - Service R2: Razer Chroma Stream Server - C:\Program Files (x86)\Razer Chroma SDK\bin\RzChromaStreamServer.exe (sign: 'Razer USA Ltd.')
O23 - Service R2: Razer Game Manager Service 3 - C:\Program Files (x86)\Razer\Razer Services\GMS3\GameManagerService3.exe (sign: 'Razer USA Ltd.')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_c607c18cb15933d8\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: SQL Server (TEW_SQLEXPRESS) - (MSSQL$TEW_SQLEXPRESS) - C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlservr.exe -sTEW_SQLEXPRESS (sign: 'Microsoft')
O23 - Service R2: SQL Server Browser - (SQLBrowser) - C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe (sign: 'Microsoft')
O23 - Service R2: SQL Server CEIP service (TEW_SQLEXPRESS) - (SQLTELEMETRY$TEW_SQLEXPRESS) - C:\ProgramData\SOLIDWORKS Electrical\MSSQL15.TEW_SQLEXPRESS\MSSQL\Binn\sqlceip.exe -Service TEW_SQLEXPRESS (sign: 'Microsoft')
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe (sign: 'TeamViewer Germany GmbH')
O23 - Service R3: AcerDeviceInfoAgentService - C:\Windows\system32\AcerDeviceInfo\AcerDeviceInfoAgentService.exe (sign: 'Changing Information Technology Inc.')
O23 - Service R3: Killer Dynamic Bandwidth Management - (KNDBWM) - C:\Windows\System32\drivers\RivetNetworks\Killer\KNDBWMService.exe (sign: 'Intel Corporation')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: iTop Data Recovery Service 4 - (iTopDataRecoveryService4) - C:\Program Files\iTop Data Recovery\IDRService.exe (file missing)
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\122.0.6261.129\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.16 - (klvssbridge64_21.16) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: Killer Smart AP Selection Service - (KAPSService) - C:\Windows\System32\drivers\RivetNetworks\Killer\KAPSService.exe (sign: 'Intel Corporation')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: Quick Access Local Service - (QALSvc) - C:\Program Files\Acer\Quick Access Service\QALSvc.exe (sign: 'Acer Incorporated')
O23 - Service S3: Quick Access Service - (QASvc) - C:\Program Files\Acer\Quick Access Service\QASvc.exe (sign: 'Acer Incorporated')
O23 - Service S3: Razer Elevation Service - C:\Program Files\Razer\razer_elevation_service\razer_elevation_service.exe (sign: 'Razer USA Ltd.')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: SteelSeries GG Update Service Proxy - (SteelSeriesGGUpdateServiceProxy) - C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe (sign: 'SteelSeries ApS')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R0: AMD Micro PEP Device - (AmdMicroPEP) - C:\Windows\System32\drivers\AmdMicroPEP.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\Windows\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AMD USB4 PCI Filter Driver - (pcifilter) - C:\Windows\System32\drivers\amdusb4pcifilter.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\Windows\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-16_arkmon - C:\Windows\System32\Drivers\klupd_K4W-21-16_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-16_klbg - C:\Windows\System32\Drivers\klupd_K4W-21-16_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: nvpciflt - C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_6eae42cbc3ee7e36\nvpciflt.sys (sign: 'NVIDIA Corporation')
O23 - Driver R1: dokan1 - C:\Windows\system32\DRIVERS\dokan1.sys (+safe mode) (sign: 'Microsoft' - Dokan Project)
O23 - Driver R1: googledrivefs31357 - C:\Windows\System32\DriverStore\FileRepository\googledrivefs31357.inf_amd64_a8bf31a168cf7d00\googledrivefs31357.sys (+safe mode) (sign: 'Microsoft' - Google, Inc.)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\Windows\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-16 - (KLIF.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-16 - (klpd.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-16 - (klflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-16 - (klbackupdisk.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-16 - (klbackupflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-16 - (klkbdflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-16 - (klpnpflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-16 - (klgse.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-16 - (klhk.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-16 - C:\Windows\system32\DRIVERS\K4W-21-16\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-16 - C:\Windows\system32\DRIVERS\K4W-21-16\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-16 - C:\Windows\system32\DRIVERS\K4W-21-16\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\Windows\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R2: AMD_DPFC Service - (amd_dpfc) - C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_6eae42cbc3ee7e36\amd_dpfc.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R2: inpoutx64 - C:\Windows\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: Acer Airplane Mode Controller - (AcerAirplaneModeController) - C:\Windows\System32\drivers\AcerAirplaneModeController.sys (sign: 'Acer Incorporated')
O23 - Driver R3: Acer Application Base Driver - (AcerApplicationBaseDriver_Device) - C:\Windows\System32\drivers\AcerApplicationBaseDriver.sys (sign: 'Acer Incorporated')
O23 - Driver R3: Acer ART-AIMMX - (AcerARTAIMMXDriverComponentService) - C:\Windows\System32\DriverStore\FileRepository\acerartaimmxdrivercomponent.inf_amd64_0b7c9c4160a3476c\AcerARTAIMMXDriverComponent.sys (sign: 'Acer Incorporated')
O23 - Driver R3: Acer Device Enabling Sevice V2 - (AcerDeviceEnablingServiceComponentService) - C:\Windows\System32\DriverStore\FileRepository\acerdeviceenablingservicecomponent.inf_amd64_b14c5aaaf7d6a16e\AcerDeviceEnablingServiceComponent.sys (sign: 'Acer Incorporated')
O23 - Driver R3: AMD Audio Service - (AMDAfdAudioService) - C:\Windows\System32\DriverStore\FileRepository\amdacpafd.inf_amd64_93221359f0901248\amdacpafd.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\Windows\System32\drivers\amdfendr.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Crash Defender Manager Driver - (amdfendrmgr) - C:\Windows\System32\drivers\amdfendrmgr.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\Windows\system32\drivers\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\Windows\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD I2C Controller Service - (amdi2c) - C:\Windows\System32\drivers\amdi2c.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD PMF Kernel Driver - (amdpmf) - C:\Windows\System32\drivers\amdpmf.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: amdwddmg - C:\Windows\System32\DriverStore\FileRepository\u0395510.inf_amd64_266bc083bb7590df\B395348\amdkmdag.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: Audio Coprocessr Driver for DSP - (amdacpbus) - C:\Windows\System32\DriverStore\FileRepository\amdacpbus.inf_amd64_baddba3a10126549\amdacpbus.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: ELAN I2C Filter Driver - (ETDI2C) - C:\Windows\System32\drivers\ETDI2C.sys (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-16 - (klmouflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: KfeCoSvc - C:\Windows\System32\drivers\RivetNetworks\Killer\KfeCo11X64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Killer NetAdapter Driver - (e2k68cx21x64) - C:\Windows\System32\DriverStore\FileRepository\e2k68cx21x64.inf_amd64_5966b201aaa328ab\e2k68cx21x64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: klids.K4W-21-16 - C:\ProgramData\Kaspersky Lab\AVP21.16\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-16_klark - C:\Windows\System32\Drivers\klupd_K4W-21-16_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-16_mark - C:\Windows\System32\Drivers\klupd_K4W-21-16_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: MBAMFarflt - C:\Windows\system32\DRIVERS\farflt11.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: MBAMProtection - C:\Windows\system32\DRIVERS\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\Windows\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: Mediatek PCI LE Extensible Wireless LAN Card Driver - (mtkwlex) - C:\Windows\System32\drivers\mtkwl6ex.sys (+safe mode) (sign: 'Microsoft' - MediaTek Inc.)
O23 - Driver R3: MTK BT Filter Driver - (MTKBTFilterx64) - C:\Windows\System32\drivers\mtkbtfilterx.sys (sign: 'Microsoft' - MediaTek Inc.)
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nvaci.inf_amd64_6eae42cbc3ee7e36\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVPCF Service - (nvpcf) - C:\Windows\System32\drivers\nvpcf.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Predator Service - (PredatorService) - C:\Windows\System32\DriverStore\FileRepository\predatorservice.inf_amd64_1602ea523ee54f88\PredatorServiceSoftwareComponent.sys (sign: 'Acer Incorporated')
O23 - Driver R3: PTP Customization Component Service - (PTPFilter) - C:\Windows\System32\drivers\PTPFilter.sys (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: Razer Keyboard Driver - (rzudd) - C:\Windows\System32\drivers\rzudd.sys (sign: 'Razer USA Ltd.')
O23 - Driver R3: Realtek PCIE Card Reader - PER - (RTSPER) - C:\Windows\System32\drivers\RtsPer.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family Miniport 6.4 64-bit Driver - (rtump64x64) - C:\Windows\System32\drivers\rtump64x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SteelSeries Device Factory Service - (ssdevfactory) - C:\Windows\System32\drivers\ssdevfactory.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries HID Service - (sshid) - C:\Windows\System32\drivers\sshid.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries Sonar Driver - (SteelSeries_Sonar_VAD) - C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys (sign: 'SteelSeries ApS')
O23 - Driver R3: VB-Audio Voicemeeter VAIO (WDM) - (VBVoicemeeterVAIOMME) - C:\Windows\System32\DriverStore\FileRepository\vbvoicemeetervaio64_win10.inf_amd64_c2bd37de84fa6e4f\vbvoicemeetervaio64_win10.sys (sign: 'BUREL VINCENT Entrepreneur individuel')
O23 - Driver S1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed - Microsoft Corporation - 67CCA20C75513AA40CE583604C48AAC9423B9275)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed - Microsoft Corporation - B5158D62E6EE9ED25D446CCCFC60B63DB0AD7389)
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - 4F9AFC33289DADF4FC78FC744B3B163810C7ECD1)
O23 - Driver S3: CH341SER_A64 - C:\Windows\System32\Drivers\CH341S64.SYS (sign: 'Microsoft' - wch.cn)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Killer RT640 NT Driver - (e2kw10x64) - C:\Windows\System32\drivers\e2kw10x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: R0SteelSeriesSystemMonitor - C:\Program Files\SteelSeries\GG\apps\engine\engineApps\system-stats\SteelSeriesSystemMonitor.sys (file missing)
O23 - Driver S3: Realtek USB FE/1GbE/2.5GbE/5GbE NIC Family NetAdapterCx 2.2 64-bit Driver - (rtucx22x64) - C:\Windows\System32\DriverStore\FileRepository\rtucx22x64.inf_amd64_a19e472f32bd1e8d\rtucx22x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: rzendpt - C:\Windows\System32\drivers\rzendpt.sys (sign: 'Razer USA Ltd.')
O23 - Driver S3: xhunter1 - C:\Windows\xhunter1.sys (sign: 'Wellbia.com Co., Ltd.')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'e2kw10x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klim6'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klwtp.K4W-21-16'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'mtkwlex'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rtucx22x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rtump64x64'


--
End of file - Time spent: 19,4 sec. - 98878 bytes, CRC32: FFFFFFFF. Sign: 獆

Son 4-5 gündür gmail dahil olmak üzere whm yönetici panelime girildi. Hepsinin şifresini değiştirip 2 faktörlü doğrulama ekledim. Fakat geçen gün kamera isteği geldi. Kaspersky ile tarattım virüs bulamadı. Mallwarebytes ile tarattım 5 adet virüs buldu. En son twitter'dan paylaşım yapılmıştı. Logları ekledim ne tavsiye edersiniz?
 
Bunları fixleyin:
Kod:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: 127.0.0.1 berk.local #laragon magic!
O1 - Hosts: 127.0.0.1 berke.local #laragon magic!
O1 - Hosts: 127.0.0.1 test.local #laragon magic!
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_4E33AFACCFFE77B68FE6789D29C8AC02] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2024/01/10) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\arsla\AppData\Local\Programs\Opera\opera.exe (2024/01/10) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\arsla\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\laragon.lnk    ->    C:\laragon\laragon.exe (2024/03/19) (not signed - Le Ngoc Khoa - 5AFC6DD4181F85D050296525817403708FDF60DF)
O4 - MountPoints2: HKCU\..\{2c3c3725-af2f-11ee-ba66-60e9aaf1335e}\shell\AutoRun\command: (default) = F:\SETUP.EXE (file missing)
O4 - MountPoints2: HKCU\..\{5f674403-af3e-11ee-ba66-60e9aaf1335e}\shell\AutoRun\command: (default) = H:\Setup.exe (file missing)
O7 - KnownFolder:  (folder missing)
O7 - KnownFolder: C:\Users\arsla\Desktop (folder missing)
O7 - KnownFolder: C:\Users\arsla\Pictures (folder missing)

Google Drive, Onedrive uygulamalarını kullanmıyorsanız kaldırın.
Laragon uygulamasını siz mi kurdunuz?
Gereksiz Acer yazılımlarını kaldırın.
iTop Data Recovery bunu siz mi yüklediniz gereksiz ise kaldırın.

HeidiSQL siz mi kurdunuz? Kurmadıysanız fixleyin bu şekilde:
Kod:
O22 - Tasks: C__Program Files_HeidiSQL_heidisql.exe - C:\Program Files\HeidiSQL\heidisql.exe --runfrom=scheduler (sign: 'Ansgar Becker')

Sql ve programlama gibi yazılımları, siz kurduysanız yazılımların güncelliğini kontrol edin.
 
Kod:
Logfile of HiJackThis+ (Plus) build 2024-03-24 Alpha v.3.4.0.8

Platform:  x64 Windows 11 (Home), 10.0.22631.3296 (ReleaseId: 2009, 23H2), Service Pack: 0
Time:      01.04.2024 - 18:27 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    10970 MiB Free. Loading RAM (33 %), CPU (7 %)
Elevated:  Yes
Ran by:    ulask    (group: Administrators; type: Microsoft) on DESKTOP-4QIQID5, FirstRun: yes

Chrome:  123.0.6312.86
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: On) (Code Integrity: On)

Running processes:
Number | Path
   7  C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmouryHtmlDebugServer.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
   1  C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
   1  C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe
   1  C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.20\AsusFanControlService.exe
   1  C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe
   1  C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
   1  C:\Program Files (x86)\Camo Studio\CamoService\CamoService.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avpui.exe
   1  C:\Program Files (x86)\LightingService\LightingService.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files\ASUS\AacAmbientHal\AacAmbientLighting.exe
   1  C:\Program Files\ASUS\AacExtCard\extensionCardHal_x86.exe
   2  C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe
   1  C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.UserSessionHelper.exe
   1  C:\Program Files\ASUS\ASUS_Aac_DRAM\Aac3572DramHal_x86.exe
   1  C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x64.exe
   1  C:\Program Files\ASUS\KINGSTON_Aac_DRAM\AacKingstonDramHal_x86.exe
   1  C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
   1  C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2412.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_424.1301.450.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24022.90.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
   6  C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.233.1042.0_x64__zpdnekdrzrea0\Spotify.exe
   6  C:\Users\ulask\AppData\Local\Discord\app-1.0.9038\Discord.exe
   1  C:\Users\ulask\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   2  C:\Windows\System32\conhost.exe
   1  C:\Windows\System32\CorsairGamingAudioCfgService64.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_362f239e9bd019fc\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\LsaIso.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   1  C:\Windows\System32\rundll32.exe
   7  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  78  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wbem\WMIADAP.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\123.0.6312.86\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [Discord] = C:\Users\ulask\AppData\Local\Discord\Update.exe --processStart Discord.exe (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [BakkesMod] = C:\Program Files\BakkesMod\BakkesMod.exe (2023/09/27) (not signed - no company - 9916E032D1879D9964015B5E79C73D267C10244D)
O4 - HKCU\..\StartupApproved\Run: [Battle.net] = D:\Battle.net\Battle.net.exe --autostarted (2023/10/13) (sign: 'Blizzard Entertainment, Inc.')
O4 - HKCU\..\StartupApproved\Run: [electron.app.Somiibo] = C:\Users\ulask\AppData\Local\Programs\somiibo\Somiibo.exe --was-opened-at-login "true" (file missing) (2024/02/19)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2023/09/07) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [krisp] = C:\Users\ulask\AppData\Local\Programs\Krisp\app-2.27.2\krisp.exe --hidden (2023/11/06) (not signed - Krisp Technologies, Inc. - 133C4BACA081BD67C69DFB662A324CE564DD80A2)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_B194454C79E26476C586735CE1A3223D] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2023/09/07) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = D:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2023/09/07) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2023/09/07) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (sign: 'Riot Games, Inc.')
O4 - HKLM\..\StartupApproved\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true (2023/09/08) (sign: 'SteelSeries ApS')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/10/13) (sign: 'Oracle America, Inc.')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk    ->    C:\Program Files (x86)\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (file missing) (2023/09/15)
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - MountPoints2: HKCU\..\{761f59a8-cbd5-11ee-a21a-94198d02f543}\shell\AutoRun\command: (default) = "E:\setup.EXE" /AUTORUN (file missing)
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O17 - DHCP DNS 1: 192.168.1.1
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\Windows\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\Windows\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\Armoury Crate Service Task_CountDown - C:\ProgramData\ASUS\FestsEffect\data\CountDown\CountDown.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore1d9e13fdda0f1dc - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\Framework Service - C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe --delay (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\NoiseCancelingEngine - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\P508PowerAgent_sdk - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (file missing)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\Windows\system32\MusNotification.exe (file missing)
O22 - Tasks: Google Play Games Notifier - D:\Play Games\Bootstrapper.exe /bg (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineCore{59CD48EA-90FF-40B2-BAAF-1CCE83F01915} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA{573B19B6-5098-446F-A609-E976BE10EBB5} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky\upgrade_launcher.exe /waitUpgrade (sign: 'AO Kaspersky Lab')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-2690102956-3972842158-1261217720-1001 - C:\Users\ulask\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-2690102956-3972842158-1261217720-1004 - C:\Users\ulask\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: WindowsSetup - C:/Windows/System32/oobe/Setup.exe (sign: 'Microsoft')
O23 - Service R2: ARMOURY CRATE Service - (ArmouryCrateService) - C:\Program Files\ASUS\ARMOURY CRATE Lite Service\ArmouryCrate.Service.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS AURA SYNC lighting service - (LightingService) - C:\Program Files (x86)\LightingService\LightingService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Com Service - (asComSvc) - C:\Program Files (x86)\ASUS\AXSP\4.02.32\atkexComSvc.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusCertService - C:\Program Files (x86)\ASUS\AsusCertService\AsusCertService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusFanControlService - C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.20\AsusFanControlService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Camo Helper Service - (CamoService) - C:\Program Files (x86)\Camo Studio\CamoService\CamoService.exe (sign: 'Reincubate Limited')
O23 - Service R2: Cloudflare WARP - (CloudflareWARP) - C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe (sign: 'Cloudflare, Inc.')
O23 - Service R2: Corsair Gaming Audio Configuration Service - (CorsairGamingAudioConfig) - C:\Windows\System32\CorsairGamingAudioCfgService64.exe (sign: 'Microsoft')
O23 - Service R2: GameSDK Service - C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_19.87.13001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: Kaspersky Hizmeti 21.16 - (AVP21.16) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_362f239e9bd019fc\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_362f239e9bd019fc\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (sign: 'NVIDIA Corporation')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: AsusUpdateCheck - C:\Windows\System32\AsusUpdateCheck.exe (sign: 'ASUSTeK Computer Inc.')
O23 - Service S2: Corsair CpuIdService - (CorsairCpuIdService) - C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairCpuIdService.exe (sign: 'Corsair Memory, Inc.')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe (sign: 'BattlEye Innovations e.K.')
O23 - Service S3: Corsair Device Listing Service - (CorsairDeviceListerService) - C:\Program Files\Corsair\Corsair iCUE5 Software\CorsairDeviceListerService.exe (sign: 'Corsair Memory, Inc.')
O23 - Service S3: Corsair iCUE Update Service - (iCUEUpdateService) - C:\Program Files\Corsair\Corsair iCUE5 Software\iCUEUpdateService.exe (sign: 'Corsair Memory, Inc.')
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Easy Anti-Cheat (Epic Online Services) - (EasyAntiCheat_EOS) - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\123.0.6312.86\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.16 - (klvssbridge64_21.16) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.16\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: SteelSeries GG Update Service Proxy - (SteelSeriesGGUpdateServiceProxy) - C:\Program Files\SteelSeries\GG\SteelSeriesGGUpdateServiceProxy.exe (sign: 'SteelSeries ApS')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R: ASUS Kernel Mode Driver for NT  - C:\Windows\system32\drivers\IOMap64.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\Windows\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\Windows\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-16_arkmon - C:\Windows\System32\Drivers\klupd_K4W-21-16_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-16_klbg - C:\Windows\System32\Drivers\klupd_K4W-21-16_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Asusgio3 - C:\Windows\system32\drivers\AsIO3.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R1: CTIAIO - C:\Windows\system32\drivers\CtiAIo64.sys (sign: 'Microsoft' - Creative Technology Innovation Co., LTd.)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\Windows\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-16 - (KLIF.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-16 - (klpd.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-16 - (KLFLT.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-16 - (klbackupdisk.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-16 - (klbackupflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-16 - (klkbdflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-16 - (klpnpflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-16 - (klgse.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-16 - (KLHK.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-16 - C:\Windows\system32\DRIVERS\K4W-21-16\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-16 - C:\Windows\system32\DRIVERS\K4W-21-16\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-16 - C:\Windows\system32\DRIVERS\K4W-21-16\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\Windows\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R1: MSIO - C:\Windows\system32\drivers\MsIo64.sys (sign: 'Microsoft' - MICSYS Technology Co., LTd)
O23 - Driver R1: Nefarius Virtual Gamepad Emulation Service - (ViGEmBus) - C:\Windows\System32\drivers\ViGEmBus.sys (sign: 'Microsoft' - Nefarius Software Solutions e.U.)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\Windows\system32\drivers\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\Windows\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio3) - C:\Windows\System32\drivers\amdgpio3.sys (sign: 'ASMedia Technology Inc.')
O23 - Driver R3: AMD PCI - (AMDPCIDev) - C:\Windows\System32\drivers\AMDPCIDev.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: Camo - (camodriver) - C:\Windows\System32\DriverStore\FileRepository\camodriver.inf_amd64_99bad0a66e30f6f3\x64\camodriver.sys (sign: 'Microsoft' - Reincubate Ltd.)
O23 - Driver R3: Camo service - (Camo_e070661c-ac3f-4aae-aa3f-7d4e8ded5142) - C:\Windows\System32\drivers\vacrnckd.sys (sign: 'Muzychenko Evgenii Viktorovich, IP')
O23 - Driver R3: Corsair Gaming Audio Service - (CorsairGamingAudioService) - C:\Windows\System32\drivers\CorsairGamingAudio64.sys (sign: 'Microsoft' - Corsair Memory, Inc.)
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-16 - (klmouflt.K4W-21-16) - C:\Windows\system32\DRIVERS\K4W-21-16\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-16 - C:\ProgramData\Kaspersky Lab\AVP21.16\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-16_klark - C:\Windows\System32\Drivers\klupd_K4W-21-16_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-16_mark - C:\Windows\System32\Drivers\klupd_K4W-21-16_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: Krisp Audio - (KrispAudioS) - C:\Windows\System32\drivers\KrispAudio.sys (sign: 'Krisp Technologies, Inc')
O23 - Driver R3: Krisp Family Devices - (KrispVUSB) - C:\Windows\system32\DRIVERS\KrispVUSB.sys (sign: 'Krisp Technologies, Inc')
O23 - Driver R3: MBAMFarflt - C:\Windows\system32\DRIVERS\farflt11.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: MBAMProtection - C:\Windows\system32\DRIVERS\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\Windows\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_362f239e9bd019fc\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Realtek NetAdapter Driver - (rt68cx21) - C:\Windows\System32\DriverStore\FileRepository\rt68cx21x64sta.inf_amd64_35a79378ec3f3135\rt68cx21x64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SteelSeries Device Factory Service - (ssdevfactory) - C:\Windows\System32\drivers\ssdevfactory.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries HID Service - (sshid) - C:\Windows\System32\drivers\sshid.sys (sign: 'Microsoft' - SteelSeries ApS)
O23 - Driver R3: SteelSeries Sonar Driver - (SteelSeries_Sonar_VAD) - C:\Windows\System32\DriverStore\FileRepository\steelseries-sonar-vad.inf_amd64_da15ab44a6216a8e\SteelSeries-Sonar-VAD.sys (sign: 'SteelSeries ApS')
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed - Microsoft Corporation - 67CCA20C75513AA40CE583604C48AAC9423B9275)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed - Microsoft Corporation - B5158D62E6EE9ED25D446CCCFC60B63DB0AD7389)
O23 - Driver S3: @oem41.inf,%DeviceDescription%;HotspotShield TAP-Windows Adapter V9 - (hsstap) - C:\Windows\System32\drivers\hsstap.sys (file missing) (+safe mode)
O23 - Driver S3: @oem5.inf,%amdkmcsp.SVCDESC%;AMD Kernel Mode CSP Service - (amdkmcsp) - C:\Windows\System32\drivers\amdkmcsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - 98F206942E354585A70D8AA75BCE27FA7D86AB63)
O23 - Driver S3: cpuz154 - C:\Windows\temp\cpuz154\cpuz154_x64.sys (file missing)
O23 - Driver S3: cpuz157 - C:\Windows\temp\cpuz157\cpuz157_x64.sys (file missing)
O23 - Driver S3: cpuz158 - C:\Windows\temp\cpuz158\cpuz158_x64.sys (sign: 'Microsoft' - CPUID)
O23 - Driver S3: DirectIO_PT_1101006 - C:\Program Files\PerformanceTest\DirectIo64.sys (sign: 'PassMark Software Pty Ltd')
O23 - Driver S3: GearUp Packet Filter Driver - (hostpacket) - C:\Windows\System32\drivers\hostpacket.sys (sign: 'Microsoft' - GEARUP PORTAL PTE. LTD.)
O23 - Driver S3: GU WFP Driver - (nwwfp) - C:\Windows\System32\drivers\nwwfp.sys (sign: 'Gearup Portal Pte. Ltd.')
O23 - Driver S3: HoYoProtect - C:\Windows\system32\HoYoKProtect.sys (sign: 'Microsoft' - miHoYo)
O23 - Driver S3: HWiNFO Kernel Driver (v180) - (HWiNFO_180) - C:\Users\ulask\AppData\Local\Temp\HWiNFO64A_180.SYS (sign: 'WDKTestCert martin,133281419032501408', but untrusted root: 'WDKTestCert martin,133281419032501408' with fingerprint: 06B025A5B41B8DC1D2EF09A7C654A38F37E5941E)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: NVIDIA USB Type-C PPC Service - (UcmCxUcsiNvppc) - C:\Windows\System32\DriverStore\FileRepository\nvppc.inf_amd64_0892cbc9718d1f80\UcmCxUcsiNvppc.sys (sign: 'NVIDIA Corporation')
O23 - Driver S3: NW TAP-Win32 Adapter V9.21 - (NW_TAP_0921) - C:\Windows\System32\drivers\NW_TAP_0921.sys (+safe mode) (sign: 'Gearup Portal Pte. Ltd.')
O23 - Driver S3: R0SteelSeriesSystemMonitor - C:\Program Files\SteelSeries\GG\apps\engine\engineApps\system-stats\SteelSeriesSystemMonitor.sys (file missing)
O23 - Driver S3: VB-Audio VoiceMeeter VAIO (WDM) - (VBAudioVMVAIOMME) - C:\Windows\System32\drivers\vbaudio_vmvaio64_win10.sys (sign: 'Vincent Burel')
O23 - Driver S3: Wintun - (wintun) - C:\Windows\System32\drivers\wintun.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'hsstap'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klim6'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klwtp.K4W-21-16'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'NW_TAP_0921'


--
End of file - Time spent: 30,1 sec. - 67580 bytes, CRC32: FFFFFFFF. Sign: 纎

son 3 gün içinde papara kartımdan izinsiz para çekimi,spotfiy hesabıma ABD üzerinden tahminimce vpn ile giriş yapılması ve aynı şekilde telegram hesabıma giriş yapılması kendim Kaspersky ile tarama yaptım ve sonuç temiz çıktı ancak Malwarebytes ile tarama yaptığımda 4 tane uyarı verdi ve bende karantinaya aldım Twitter hesabım üzerinden ise coin paylaşımları yapıldı
 
Bunları fixleyin:
Kod:
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\123.0.6312.86\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\StartupApproved\Run: [BakkesMod] = C:\Program Files\BakkesMod\BakkesMod.exe (2023/09/27) (not signed - no company - 9916E032D1879D9964015B5E79C73D267C10244D)
O4 - HKCU\..\StartupApproved\Run: [electron.app.Somiibo] = C:\Users\ulask\AppData\Local\Programs\somiibo\Somiibo.exe --was-opened-at-login "true" (file missing) (2024/02/19)
O4 - HKCU\..\StartupApproved\Run: [krisp] = C:\Users\ulask\AppData\Local\Programs\Krisp\app-2.27.2\krisp.exe --hidden (2023/11/06) (not signed - Krisp Technologies, Inc. - 133C4BACA081BD67C69DFB662A324CE564DD80A2)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_B194454C79E26476C586735CE1A3223D] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2023/09/07) (sign: 'Microsoft')
O22 - Tasks: Google Play Games Notifier - D:\Play Games\Bootstrapper.exe /bg (sign: 'Google LLC')
O22 - Tasks: WindowsSetup - C:/Windows/System32/oobe/Setup.exe (sign: 'Microsoft')
O23 - Driver S3: GearUp Packet Filter Driver - (hostpacket) - C:\Windows\System32\drivers\hostpacket.sys (sign: 'Microsoft' - GEARUP PORTAL PTE. LTD.)
O23 - Driver S3: GU WFP Driver - (nwwfp) - C:\Windows\System32\drivers\nwwfp.sys (sign: 'Gearup Portal Pte. Ltd.')
O23 - Driver S3: NW TAP-Win32 Adapter V9.21 - (NW_TAP_0921) - C:\Windows\System32\drivers\NW_TAP_0921.sys (+safe mode) (sign: 'Gearup Portal Pte. Ltd.')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'NW_TAP_0921'

Kullandığın VPN kaldır, gereksiz Asus yazılımlaırnı kaldır. Java güncellemesini kontrol et.
 
Merhaba @Murat5038 bilgisayara zararlı bulaştığını düşünüyorum. Zararlı var mı?
Kod:
Logfile of HiJackThis+ (Plus) build 2024-03-24 Alpha v.3.4.0.8

Platform:  x64 Windows 8 (Pro), 6.2.9200.0, Service Pack: 0 <=== Attention! (outdated SP)
Time:      03.04.2024 - 14:25 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    1432 MiB Free. Loading RAM (31 %), CPU (12 %)
Elevated:  Yes
Ran by:    ogrenci    (group: Administrators) on KUTUPHANE, FirstRun: yes

Chrome:  109.0.5414.168
Firefox: 111.0.1 (x64 tr)
Internet Explorer: 10.0.9200.16384
Default: "C:\Users\ogrenci\AppData\Local\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\Windows Defender\MsMpEng.exe
   1  C:\Users\ogrenci\AppData\Local\Google\Update\1.3.36.372\GoogleCrashHandler.exe
   1  C:\Users\ogrenci\AppData\Local\Google\Update\1.3.36.372\GoogleCrashHandler64.exe
   1  C:\Users\ogrenci\AppData\Local\Google\Update\GoogleUpdate.exe
   1  C:\Users\ogrenci\Desktop\HiJackThis.exe
   1  C:\Windows\explorer.exe
   2  C:\Windows\System32\Ati2evxx.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
   1  C:\Windows\System32\SppExtComObj.Exe
   1  C:\Windows\System32\sppsvc.exe
  10  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskeng.exe
   1  C:\Windows\System32\taskhostex.exe
   1  C:\Windows\System32\wbem\WMIADAP.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = hxxps://vvv.msn.com/tr-tr/?ocid=iehp
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{89820200-ECBD-11cf-8B85-00AA005B4340}: [StubPath] = C:\Windows\system32\regsvr32.exe /s /n /i:U C:\Windows\System32\shell32.dll (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Google Update] = C:\Users\ogrenci\AppData\Local\Google\Update\1.3.36.372\GoogleUpdateCore.exe (2023/09/09) (sign: 'Google LLC')
O4 - HKCU\..\StartupApproved\Run: [Microsoft Edge Update] = C:\Users\ogrenci\AppData\Local\Microsoft\EdgeUpdate\1.3.185.27\MicrosoftEdgeUpdateCore.exe (2023/09/09) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2023/09/09) (sign: 'Riot Games, Inc.')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\StartupApproved\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (2023/09/09) (sign: 'Riot Games, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [ss_global] = D:\FunPlus\State of Survival\Launcher.exe (file missing) (2023/09/09)
O4 - HKLM\..\StartupApproved\Run32: [USB Security] = C:\Program Files (x86)\USB Disk Security\USBGuard.exe (file missing) (2023/09/09)
O5 - Applet: C:\Windows\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp.')
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Cache = C:\Users\ogrenci\AppData\Local\Microsoft\Windows\Temporary Internet Files
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Cookies = C:\Users\ogrenci\AppData\Roaming\Microsoft\Windows\Cookies
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Cache = %USERPROFILE%\AppData\Local\Microsoft\Windows\Temporary Internet Files
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Cookies = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Cookies
O17 - DHCP DNS 1: 172.16.0.132
O17 - DHCP DNS 2: 172.16.0.133
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\IME\SQM data sender - {ccb1d8cb-d39f-41c9-b793-0196214bdc4e} - C:\Windows\System32\IME\shared\imecfm.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613fba38-a3df-4ab8-9674-5604984a299a},/RuntimeWide - C:\Windows\system32\mscoree.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {de434264-8fe9-4c0b-a83b-89ebeebff78e},/RuntimeWide - C:\Windows\system32\mscoree.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Automated) - {CF2CF428-325B-48D3-8CA8-7633E36E5A32} - C:\Windows\system32\msdrm.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\CertificateServicesClient\UserTask-Roam - {58fb76b9-ac85-4e55-ac04-427593b1d060},KEYROAMING - C:\Windows\system32\dimsjob.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan - {DCFD3EA8-D960-4719-8206-490AE315F94F} - C:\Windows\System32\discan.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\File Classification Infrastructure\Property Definition Sync - {2ae64751-b728-4d6b-97a0-b2da2e7d2a3b} - C:\Windows\System32\srmclient.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Live\Roaming\MaintenanceTask - {0AC1DBCA-7F9F-47FC-A090-34E5FEB291E8} - C:\Windows\system32\wlroamextension.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Live\Roaming\SynchronizeWithStorage - {5F074BDF-4BA3-4E68-AE86-2A6B0B5963B0} - C:\Windows\system32\wlroamextension.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Offline Files\Background Synchronization - {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8} - C:\Windows\System32\cscui.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Offline Files\Logon Synchronization - {FA3F3DD9-4C1A-456B-A8FA-C76EF3ED83B8},Logon - C:\Windows\System32\cscui.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - C:\Windows\System32\perftrack.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - C:\Windows\System32\AuxiliaryDisplayServices.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDfE067B1} - C:\Windows\System32\AuxiliaryDisplayServices.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - C:\Windows\System32\AuxiliaryDisplayServices.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\User Profile Service\HiveUploadTask - {BA677074-762C-444b-94C8-8C83F93F6605} - C:\Windows\system32\profsvc.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsColorSystem\Calibration Loader - {B210D694-C8DF-490d-9576-9E20CDBC20BD} - C:\Windows\System32\mscms.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall - {EFF7F153-1C97-417a-B633-FEDE6683A939} - C:\Windows\system32\wuaueng.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsUpdate\AUScheduledInstall - {F3B4E234-7A68-4E43-B813-E4BA55A065F6} - C:\Windows\system32\wuaueng.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsUpdate\AUSessionConnect - {784E29F4-5EBE-4279-9948-1E8FE941646D} - C:\Windows\system32\wuaueng.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\rundll32.exe aepdu.dll,AePduRunUpdate (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\StartupAppTask - C:\Windows\system32\rundll32.exe Startupscan.dll,SusRunTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\BthSQM - {c8367320-6f85-11e0-a1f0-0800200c9a66},SYSTEM - C:\Windows\System32\BthSQM.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask - {e7ed314f-2816-4c26-aeb5-54a34d02404c} - C:\Windows\System32\kernelceip.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\Windows\system32\WSqmCons.exe -u (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\UsbCeip - {c27f6b1d-fe0b-45e4-9257-38799fa69bc8},SYSTEM - C:\Windows\System32\usbceip.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\system32\mscoree.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\system32\mscoree.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Active Directory Rights Management Services Client\AD RMS Rights Policy Template Management (Manual) - {BF5CB148-7C77-4d8a-A53E-D81C70CF743C} - C:\Windows\system32\msdrm.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppID\SmartScreenSpecific - {9f2b0085-9218-42a1-88b0-9f0e65851666},U - C:\Windows\system32\apprepsync.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CertificateServicesClient\SystemTask - {58fb76b9-ac85-4e55-ac04-427593b1d060},SYSTEM - C:\Windows\system32\dimsjob.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CertificateServicesClient\UserTask - {58fb76b9-ac85-4e55-ac04-427593b1d060},USER - C:\Windows\system32\dimsjob.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Chkdsk\ProactiveScan - {cf4270f5-2e43-4468-83b3-a8c45bb33ea1} - C:\Windows\System32\pstask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Data Integrity Scan\Data Integrity Scan for Crash Recovery - {DCFD3EA8-D960-4719-8206-490AE315F94F},-CrashRecovery - C:\Windows\System32\discan.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Device Setup\Metadata Refresh - {23C1F3CF-C110-4512-ACA9-7B6174ECE888} - C:\Windows\System32\DeviceSetupManagerAPI.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Diagnosis\Scheduled - {c1f85ef8-bcc2-4606-bb39-70c523715eb3} - C:\Windows\System32\sdiagschd.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\FileHistory\File History (maintenance mode) - {89917B7C-A1A6-11DF-8BF6-18A90531A85A} - C:\Windows\System32\fhtask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Maintenance\WinSAT - A9A33436-678B-4c9c-A211-7CC38785E79D - C:\Windows\system32\WinSATAPI.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\MemoryDiagnostic\ProcessMemoryDiagnosticEvents - {8168e74a-b39f-46d8-adcd-7bed477b80a3},Event - C:\Windows\System32\MemoryDiagnostic.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\MemoryDiagnostic\RunFullMemoryDiagnostic - {8168e74a-b39f-46d8-adcd-7bed477b80a3},Time - C:\Windows\System32\MemoryDiagnostic.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43da-BFD7-FBEEA2180A1E} - C:\Windows\System32\HotStartUserAgent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Multimedia\SystemSoundsService - {2DEA658F-54C1-4227-AF9B-260AB5FC3543} - C:\Windows\System32\PlaySndSrv.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - C:\Windows\System32\netcfgx.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PI\Secure-Boot-Update - {5014B7C8-934E-4262-9816-887FA745A6C4},SBServicing - C:\Windows\system32\TpmTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PI\Sqm-Tasks - {5014B7C8-934E-4262-9816-887FA745A6C4},PiSqmTasks - C:\Windows\system32\TpmTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Plug and Play\Device Install Group Policy - {60400283-b242-4fa8-8c25-caf695b88209} - C:\Windows\System32\pnppolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Plug and Play\Device Install Reboot Required - {48794782-6a1f-47b9-bd52-1d5f95d49c1b} - C:\Windows\System32\pnpui.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Power Efficiency Diagnostics\AnalyzeSystem - {927ea2af-1c54-43d5-825e-0074ce028eee} - C:\Windows\System32\energytask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\RAC\RacTask - {42060D27-CA53-41f5-96E4-B1E8169308A6},$(Arg0) - C:\Windows\system32\RacEngn.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Ras\MobilityManager - {c463a0fc-794f-4fdf-9201-01938ceacafa} - C:\Windows\system32\rasmbmgr.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Registry\RegIdleBackup - {ca767aa8-9157-4604-b64b-40747123d5f2} - C:\Windows\System32\regidle.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\SettingSync\BackgroundUploadTask - {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} - C:\Windows\system32\SettingSyncInfo.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Shell\CreateObjectTask - {990a9f8f-301f-45f7-8d0e-68c5952dba43} - C:\Windows\system32\shell32.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Shell\FamilySafetyRefresh - {EBF00FCB-0769-4b81-9BEC-6C05514111AA},$(Arg0) - C:\Windows\System32\WpcWebSync.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Shell\IndexerAutomaticMaintenance - {3FBA60A6-7BF5-4868-A2CA-6623B3DFFEA6} - C:\Windows\System32\srchadmin.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4f47-879B-29A80C355D61},$(Arg0) - C:\Windows\System32\AuxiliaryDisplayServices.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTask - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},timer - C:\Windows\System32\sppcext.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskLogon - {b1aebb5d-ead9-4476-b375-9c3ed9f32afc},logon - C:\Windows\System32\sppcext.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\SoftwareProtectionPlatform\SvcRestartTaskNetwork - {b1aebb5d-ead9-4476-b375-9c3ed9f32afc},network - C:\Windows\System32\sppcext.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Task Manager\Interactive - {855fec53-d2e4-4999-9e87-3414e9cf0ff4},$(Arg0) - C:\Windows\system32\wdc.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TaskScheduler\Idle Maintenance - {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44},Idle - C:\Windows\system32\msched.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TaskScheduler\Maintenance Configurator - {645E29EA-4B0A-464C-8B7D-1A6B9F9D92A8} - C:\Windows\system32\msched.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TaskScheduler\Manual Maintenance - {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44},Manual - C:\Windows\system32\msched.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TaskScheduler\Regular Maintenance - {57BFCFDD-EEE4-4DBB-A751-3CDEB169FF44},Regular - C:\Windows\system32\msched.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TextServicesFramework\MsCtfMonitor - {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1} - C:\Windows\system32\MsCtfMonitor.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Time Synchronization\ForceSynchronizeTime - {A31AD6C2-FF4C-43D4-8E90-7101023096F9},TimeSyncTask - C:\Windows\system32\TimeSyncTask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TPM\Tpm-Maintenance - {5014B7C8-934E-4262-9816-887FA745A6C4},TpmTasks - C:\Windows\system32\TpmTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WDI\ResolutionHost - {900be39d-6be8-461a-bc4d-b0fa71f5ecb1} - C:\Windows\System32\wdi.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Wininet\CacheTask - {0358b920-0ac7-461f-98f4-58e32cd89148} - C:\Windows\system32\wininet.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WS\Badge Update - {00CCDDF6-5107-424D-853D-3907AE5502DC} - C:\Windows\winstore\WinStoreUI.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WS\Sync Licenses - {10F591BE-3C84-418A-86DD-BAA002E2F36E} - C:\Windows\winstore\WinStoreUI.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WS\WSTask - {E52C9A25-F3E8-49E4-BAA7-FAD0EF620129},$(Arg0);$(Arg1) - C:\Windows\System32\WSService.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (file missing)
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (file missing)
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: Adobe Flash Player PPAPI Notifier - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_151_pepper.exe -check pepperplugin (sign: 'Adobe Systems Incorporated')
O22 - Tasks: GoogleUpdateTaskUserS-1-5-21-316505953-3294828509-2662217272-1001Core - C:\Users\ogrenci\AppData\Local\Google\Update\GoogleUpdate.exe /c (sign: 'Google Inc')
O22 - Tasks: GoogleUpdateTaskUserS-1-5-21-316505953-3294828509-2662217272-1001UA - C:\Users\ogrenci\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google Inc')
O22 - Tasks: MicrosoftEdgeUpdateTaskUserS-1-5-21-316505953-3294828509-2662217272-1001Core{57D644EC-2D2F-4CBE-A5C8-1DC0177E91D4} - C:\Users\ogrenci\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c (sign: 'Microsoft')
O22 - Tasks: MicrosoftEdgeUpdateTaskUserS-1-5-21-316505953-3294828509-2662217272-1001UA{5262F194-CCDF-4FCF-9BF4-339104758312} - C:\Users\ogrenci\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler (sign: 'Microsoft')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Ati External Event Utility - C:\Windows\system32\Ati2evxx.exe (not signed - ATI Technologies Inc. - 193141CBF1ADEC4B5FAB7570F1FE8B9B8EDA843C)
O23 - Service S3: FoxitReaderService - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe (sign: 'Foxit Software Incorporated')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R3: atikmdag - C:\Windows\system32\DRIVERS\atikmdag.sys (not signed - ATI Technologies Inc. - 32461514799554AE4759FC59090627B0058125B4)
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver S2: LdVBoxDrv - C:\Program Files\ldplayerbox\LdVBoxDrv.sys (sign: 'MyTestCertificate', but untrusted root: 'MyTestCertificate' with fingerprint: 4F853C1609278236C25FEC01AB2348215F9AF7C3)
O23 - Driver S3: Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0 - (b57nd60a) - C:\Windows\system32\DRIVERS\b57nd60a.sys (+safe mode) (sign: 'EMULEX')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus.sys (+safe mode) (sign: 'Samsung Electronics Co., Ltd.')


--
End of file - Time spent: 54,5 sec. - 41534 bytes, CRC32: FFFFFFFF. Sign: �ᓂ
 
Merhaba @Murat5038 bilgisayara zararlı bulaştığını düşünüyorum. Zararlı var mı?
Bir zararlı gözükmüyor. Sadece şüpheniz varsa diğer konularda attığınız raporları incelemeye gerek yok. Bundan sonra sorun görürsek ve geçmez ise istiyoruz. Onları bu yüzden incelemeyeceğim bilginiz olsun.
 
Merhaba @Murat5038 yanıtınız için teşekkür ederim. Bilgisayara zararlı bulaştığını düşünüyorum. İçinde bulaşıcı zararlılar olan USB takıldı ve kendi kendine şüpheli programlar yüklendi.
Getsysteminfo, Farbar ve AIDA64 raporlarını da incelemenizi rica ediyorum.
 
Kod:
Logfile of HiJackThis+ (Plus) build 2024-03-24 Alpha v.3.4.0.8

Platform:  x64 Windows 10 (Home), 10.0.19045.4170 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      05.04.2024 - 21:27 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    2440 MiB Free. Loading RAM (70 %), CPU (9 %)
Elevated:  Yes
Ran by:    osman    (group: Administrators; type: Microsoft) on DESKTOP-N954N3M, FirstRun: yes

Chrome:  123.0.6312.106
Internet Explorer: 11.0.19041.3636
Default: C:\Windows\system32\OpenWith.exe "%1" (Bir uygulama seçin)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path
   1  C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
   1  C:\Program Files (x86)\AnyDesk\AnyDesk.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\13.2.0.9150\AdskLicensingService\AdskLicensingService.exe
   1  C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
   1  C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
   7  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   1  C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\OEM\OSD\OSD.exe
   1  C:\Program Files (x86)\OEM\OSD\OSDSrv.exe
   1  C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
   2  C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
   1  C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
   4  C:\Program Files\Autodesk\AdODIS\V1\Setup\ui-launcher\AdskAccessUIHost.exe
   1  C:\Program Files\Autodesk\AdskIdentityManager\1.10.4.0\AdskIdentityManager.exe
   1  C:\Program Files\Autodesk\Autodesk AdSSO\AdSSO.exe
   4  C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe
   1  C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
   1  C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
   1  C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
  10  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Microsoft OneDrive\24.050.0310.0001\Microsoft.SharePoint.exe
   1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
   1  C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
   2  C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
   1  C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\GamingCenter.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\GamingCenterTray.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchServGM.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\OOBE\OOBEI2CTpOnOffDetect.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\OSDTpDetect.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\XtuService.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2412.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
   1  C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\HxOutlook.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\HxTsr.exe
   1  C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBar.exe
   1  C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
   1  C:\Users\osman\AppData\Local\Microsoft\BingSvc\BingSvc.exe
   2  C:\Users\osman\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe
   1  C:\Users\osman\AppData\Roaming\Autodesk\ADPSDK\bin\ADPClientService.exe
   1  C:\Users\osman\OneDrive\Masaüstü\hijack\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\audiodg.exe
   8  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxEM.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHDCPSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHeciSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\MoUsoCoreWorker.exe
   1  C:\Windows\System32\MusNotifyIcon.exe
   2  C:\Windows\System32\RtkAudUService64.exe
  10  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
   1  C:\Windows\System32\sppsvc.exe
  88  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SysWOW64\Creative.UWPRPCService.exe
   1  C:\Windows\TFSPEQService.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = hxxps://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm-prd-da1.licenses.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate-da1.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O1 - Hosts: 127.0.0.1 uds.licenses.adobe.com
O1 - Hosts: 127.0.0.1 license.adobe.com
O1 - Hosts: 127.0.0.1 helpexamples.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 genuine.adobe.com
O1 - Hosts: 127.0.0.1 prod.adobegenuine.com
O1 - Hosts.ICS: 192.168.137.1 DESKTOP-N954N3M.mshome.net # 2027 7 0 18 12 44 37 712
O1 - Hosts.ICS: 192.168.137.19 MI8-MI8.mshome.net # 2022 7 2 26 12 44 37 712
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] = C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe (sign: 'Adobe Inc.')
O4 - HKCU\..\Run: [BingSvc] = C:\Users\osman\AppData\Local\Microsoft\BingSvc\BingSvc.exe (sign: 'Microsoft')
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1234850CEE8F329C765747D804E12799] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_8BE5DCD6BEB35ECCD48AED73486FB62C] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe  --component-updater=url-source=hxxps://go-updater.brave.com/extensions --disable-domain-reliability --enable-distillability-service --enable-dom-distiller --lso-url=hxxps://no-thanks.invalid --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=hxxps://sync-v2.brave.com/v2 --variations-insecure-server-url=hxxps://variations.brave.com/seed --variations-server-url=hxxps://variations.brave.com/seed --restore-last-session --restart (file missing)
O4 - HKCU\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\osman\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (2022/04/24) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2022/07/18) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\osman\AppData\Local\Programs\Opera\opera.exe (2023/08/28) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [ProtonVPN] = C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (2023/02/13) (sign: 'Proton Technologies AG')
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\osman\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2022/04/24) (sign: 'Spotify AB')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2022/07/19) (sign: 'Valve Corp.')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\osman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk    ->    C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe /AutoStartUp (2022/08/10) (sign: 'Canon Inc.')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\osman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monster Kontrol Merkezi.lnk    ->    C:\Program Files\OEM\Monster Kontrol Merkezi\CallGM.exe 1 (2022/06/08) (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (sign: 'Adobe Systems Incorporated')
O4 - HKLM\..\Run: [Autodesk Access] = C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe --minimizedUi --autoLaunch (sign: 'Autodesk, Inc.')
O4 - HKLM\..\Run: [Monster Kontrol Merkezi] = C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchCtrlGM.exe -R (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [OOBEI2CTpOnOffDetect.exe] = C:\Program Files\OEM\Monster Kontrol Merkezi\OOBE\OOBEI2CTpOnOffDetect.exe (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [OSDTpDetect.exe] = C:\Program Files\OEM\Monster Kontrol Merkezi\OSDTpDetect.exe (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\osman\AppData\Local\Temp\CoreSync.dll_TEMP -> DELETE
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2023/04/17) (sign: 'Adobe Inc.')
O4 - HKLM\..\StartupApproved\Run: [pac] = C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe (2022/06/08) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Autodesk Genuine Service ] = C:\Program Files\Autodesk\Genuine Service\GenuineService.exe (2022/04/24) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk    ->    C:\Program Files (x86)\AnyDesk\AnyDesk.exe --control (2023/08/28) (sign: 'AnyDesk Software GmbH')
O4 - HKU\S-1-5-18\..\RunOnce: [Application Restart #0] = C:\Program Files (x86)\OEM\OSD\OSD.exe /RestartByRestartManager:2B9938DC-1141-42bc-B5A5-2303B1CB5062 (User 'LocalSystem') (not signed - OEM - F6FBBDF201D6991E679970F16F3865C73D688CE2)
O4 - HKU\S-1-5-18\..\RunOnce: [Application Restart #1] = C:\Program Files (x86)\OEM\OSD\OSD.exe /RestartByRestartManager:B7A6ADBE-5875-4079-B338-BA957D6E9223 (User 'LocalSystem') (not signed - OEM - F6FBBDF201D6991E679970F16F3865C73D688CE2)
O4-32 - HKLM\..\Run: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] = C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [OSD] = C:\Program Files (x86)\OEM\OSD\OSDCtrl.exe -R (not signed - OEM - 20818F4618AFF6EF4375223095B5AD2A0A88A7D2)
O4-32 - HKLM\..\Run: [TeamsMachineInstaller] = C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (file missing)
O5 - Applet: C:\Windows\System32\plotman.cpl (sign: 'Autodesk, Inc.')
O5 - Applet: C:\Windows\System32\styleman.cpl (sign: 'Autodesk, Inc.')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (not signed - no company - 1A49C5F7A98580F8002AC1D6115AB39CB753975B)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O15 - Trusted Zone: hxxps://iyte365-files.sharepoint.com
O15 - Trusted Zone: hxxps://iyte365-myfiles.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (sign: 'Adobe Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O22 - BITS Job: (download) {26D23F9B-5635-4428-8251-CC0885AC6D25} - MicrosoftMapsBingGeoStore - (no URL)
O22 - BITS Job: Fix all (including legit)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\Windows\system32\MusNotification.exe /RunOnAC Reboot (sign: 'Microsoft')
O22 - Tasks: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\Windows\system32\MusNotification.exe /RunOnBattery Reboot (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-2938348060-641186788-2289696801-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore1d8576ca50a672f - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: Adobe-Genuine-Software-Integrity-Scheduler-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (sign: 'Adobe Inc.')
O22 - Tasks: GoogleUpdateTaskMachineCore{65F8B88B-8813-44AB-B350-81AF5F75692E} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA{3B59B983-2134-4E34-AF9A-BB088A07751D} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Tasks: Launch Adobe CCXProcess - C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-2938348060-641186788-2289696801-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: Opera scheduled Autoupdate 1692004591 - C:\Users\osman\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')
O23 - Service R2: Adobe Genuine Software Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (sign: 'Adobe Inc.')
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (sign: 'Adobe Inc.')
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service (sign: 'AnyDesk Software GmbH')
O23 - Service R2: Autodesk Access Service Host - C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Autodesk Desktop Licensing Service - (AdskLicensingService) - C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" (sign: 'Intel Corporation')
O23 - Service R2: FlexNet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (sign: 'Flexera Software LLC')
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (sign: 'Flexera Software LLC')
O23 - Service R2: GamingCenter Service - (GamingCenter) - C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchServGM.exe (sign: 'Uniwill Technology Inc.')
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHDCPSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Service R2: Intel(R) Extreme Tuning Utility Service - (XTU3SERVICE) - C:\Program Files\OEM\Monster Kontrol Merkezi\XtuService.exe (sign: 'Intel(R) Extreme Tuning Utility')
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (sign: 'NVIDIA Corporation')
O23 - Service R2: On Screen Display Service - (OSD) - C:\Program Files (x86)\OEM\OSD\OSDSrv.exe (not signed - no company - 59EBAE004B212637EF411831314D0707D31C2FF2)
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: TFSPEQService - C:\Windows\TFSPEQService.exe (not signed - Creative Technology Ltd - 34873C7A0DCC5D012F8FE9A35CAD8BA5F0CEE5FB)
O23 - Service R2: UWP RPC Service - (UWPService) - C:\Windows\SysWOW64\Creative.UWPRPCService.exe (sign: 'Microsoft')
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHeciSvc.exe (sign: 'Intel Corporation')
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (sign: 'Intel Corporation')
O23 - Service R3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (sign: 'Intel Corporation')
O23 - Service R3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S2: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: AsusROGLSLService Download ROGLSLoader - (AsusROGLSLService) - C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe -runservice (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe (sign: 'Intel Corporation')
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\24.050.0310.0001\FileSyncHelper.exe (sign: 'Microsoft')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe (sign: 'Intel Corporation')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\24.050.0310.0001\OneDriveUpdaterService.exe (sign: 'Microsoft')
O23 - Service S3: ProtonVPN Service - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe (sign: 'Proton Technologies AG')
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe "C:\ProgramData\ProtonVPN\WireGuard\ProtonVPN.conf" (sign: 'Proton Technologies AG')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"  (sign: 'Intel Corporation')
O23 - Driver R1: AsIO - C:\Windows\SysWow64\drivers\AsIO.sys (sign: 'ASUSTeK Computer Inc.')
O23 - Driver R2: IDMWFP - C:\Windows\system32\DRIVERS\idmwfp.sys (sign: 'Tonec Inc.')
O23 - Driver R2: inpoutx64 - C:\Windows\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R2: Intel HAXM Service - (IntelHaxm) - C:\Windows\system32\DRIVERS\IntelHaxm.sys (sign: 'Microsoft' - Intel  Corporation)
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: ___ Windows 10 64 Bit için Intel(R) Wireless Bağdaştırıcı Sürücüsü  - (Netwtw08) - C:\Windows\System32\drivers\Netwtw08.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: igfx - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\igdkmd64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Display Audio - (IntcDAud) - C:\Windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_718877413f6508de\IntcDAud.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_c22251d5ea82b3c3\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Wireless Bluetooth(R) - (ibtusb) - C:\Windows\System32\DriverStore\FileRepository\ibtusb.inf_amd64_9668d272428b3212\ibtusb.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBfilt - C:\Windows\system32\drivers\MBfilt64.sys (sign: 'Microsoft' - Creative Technology Ltd.)
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: semav6msr64 - C:\Windows\system32\drivers\semav6msr64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: TAP-ProtonVPN Windows Adapter V9 - (tapprotonvpn) - C:\Windows\System32\drivers\tapprotonvpn.sys (+safe mode) (sign: 'Microsoft' - The OpenVPN Project)
O23 - Driver R3: Wintun - (wintun) - C:\Windows\system32\DRIVERS\wintun.sys (+safe mode) (sign: 'Microsoft' - WireGuard LLC)
O23 - Driver S3: Apple Lower Filter Driver - (AppleLowerFilter) - C:\Windows\System32\drivers\AppleLowerFilter.sys (sign: 'Microsoft' - Apple Inc.)
O23 - Driver S3: BERT Reader Service - (bertreader) - C:\Windows\System32\drivers\bertreader.sys (sign: 'Intel Corporation')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: ProtonVPN Callout - (ProtonVPNCallout) - C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys (+safe mode) (sign: 'Microsoft' - Proton Technologies AG)
O23 - Driver S3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Driver S3: TAP-Windows Adapter V9 - (tap0901) - C:\Windows\System32\drivers\tap0901.sys (+safe mode) (not signed - The OpenVPN Project - DAEBE266073616E5FC931C319470FCF42A06867A)
O23 - Driver S3: WireGuard - C:\Windows\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Netwtw08'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'ProtonVPNCallout'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tap0901'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tapprotonvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'wintun'


--
End of file - Time spent: 30,1 sec. - 78176 bytes, CRC32: FFFFFFFF. Sign: 聥훬

Merhaba, ilk önce discord hesabıma girildi, oradan bütün mesaj yazılabilecek her yerden steam 50usd kod spam mesajı atılmış. daha sonrasında, linkedin hesabıma girildi ve profil fotoğrafı değişti maili geldi sonra onu kurtarabildim, spotify'a girildi onu da kurtardım. 3 tane gmail, 1 tane hotmail hesabıma da erişim sağladılar. ben dün sürekli şifre değiştirmekle meşguldum. Aklima gelebilecek çoğu şifreyi değiştirdim. En başında Malwarebytes ile tarama yaptım, orada bir kaç tane crackten kaynaklı vs bir şeyler buldu onu temizledim. sonra Artık bitti diyordum fakat bugun Trendyol hesabıma da giriş yapılmaya çalışıldı hesap korumaya almış. Google üzerinden sanırım kaydet diye kaydettiğim tüm şifrelere eriştiler diye düşünüyorum. Technopata bakıyım derken bu konuyu gördüm. Yardımcı olabilir misiniz? Formatlamam gerekiyorsa onu da yapayım ama yani gerekmiyorsa tabi daha iyi olur, tavsiyelerinizi bekliyorum teşekkürler.

(ek olarak bilgisayar performansımda eskiye göre düşüş var ama ben bayadır bakımını vs aksattığım için diye düşünüyordum bundan kaynaklı olabilir, bir de geçen hafta adobe cracki için uğraşmıştım ondan kaynaklı da olabilir)

Şimdi mega.nz dosya indirme sitesinde bulunan hesabima giris yapildi, ona da 2fa açtım. Girebilecekleri her yeri deniyorlar @Murat5038

Kod:
Logfile of HiJackThis+ (Plus) build 2024-03-24 Alpha v.3.4.0.8

Platform:  x64 Windows 10 (Home), 10.0.19045.4170 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      05.04.2024 - 21:27 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    2440 MiB Free. Loading RAM (70 %), CPU (9 %)
Elevated:  Yes
Ran by:    osman    (group: Administrators; type: Microsoft) on DESKTOP-N954N3M, FirstRun: yes

Chrome:  123.0.6312.106
Internet Explorer: 11.0.19041.3636
Default: C:\Windows\system32\OpenWith.exe "%1" (Bir uygulama seçin)

Boot mode: Normal (Secure Boot: On)

Running processes:
Number | Path
   1  C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
   1  C:\Program Files (x86)\AnyDesk\AnyDesk.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Crash Processor.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\13.2.0.9150\AdskLicensingService\AdskLicensingService.exe
   1  C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
   1  C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.363\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
   7  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   1  C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\OEM\OSD\OSD.exe
   1  C:\Program Files (x86)\OEM\OSD\OSDSrv.exe
   1  C:\Program Files\Adobe\Acrobat DC\Acrobat\acrotray.exe
   2  C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
   1  C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
   1  C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
   4  C:\Program Files\Autodesk\AdODIS\V1\Setup\ui-launcher\AdskAccessUIHost.exe
   1  C:\Program Files\Autodesk\AdskIdentityManager\1.10.4.0\AdskIdentityManager.exe
   1  C:\Program Files\Autodesk\Autodesk AdSSO\AdSSO.exe
   4  C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Creative Cloud UI Helper.exe
   1  C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
   1  C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
   1  C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
  10  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\Malwarebytes.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Microsoft OneDrive\24.050.0310.0001\Microsoft.SharePoint.exe
   1  C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
   1  C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\nvrla.exe
   2  C:\Program Files\NVIDIA Corporation\FrameViewSDK\bin\PresentMon_x64.exe
   1  C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\GamingCenter.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\GamingCenterTray.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchServGM.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\OOBE\OOBEI2CTpOnOffDetect.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\OSDTpDetect.exe
   1  C:\Program Files\OEM\Monster Kontrol Merkezi\XtuService.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2412.4.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\AcrobatNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
   1  C:\Program Files\WindowsApps\AdobeNotificationClient_3.0.1.1_x86__enpm4xejd91yc\AdobeNotificationClient.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2401.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\HxOutlook.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21854.0_x64__8wekyb3d8bbwe\HxTsr.exe
   1  C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBar.exe
   1  C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.3191.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MsMpEng.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\NisSrv.exe
   1  C:\Users\osman\AppData\Local\Microsoft\BingSvc\BingSvc.exe
   2  C:\Users\osman\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe
   1  C:\Users\osman\AppData\Roaming\Autodesk\ADPSDK\bin\ADPClientService.exe
   1  C:\Users\osman\OneDrive\Masaüstü\hijack\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\audiodg.exe
   8  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxEM.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHDCPSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHeciSvc.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\MoUsoCoreWorker.exe
   1  C:\Windows\System32\MusNotifyIcon.exe
   2  C:\Windows\System32\RtkAudUService64.exe
  10  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
   1  C:\Windows\System32\sppsvc.exe
  88  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wlanext.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SysWOW64\Creative.UWPRPCService.exe
   1  C:\Windows\TFSPEQService.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = hxxps://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm-prd-da1.licenses.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate-da1.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O1 - Hosts: 127.0.0.1 uds.licenses.adobe.com
O1 - Hosts: 127.0.0.1 license.adobe.com
O1 - Hosts: 127.0.0.1 helpexamples.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 genuine.adobe.com
O1 - Hosts: 127.0.0.1 prod.adobegenuine.com
O1 - Hosts.ICS: 192.168.137.1 DESKTOP-N954N3M.mshome.net # 2027 7 0 18 12 44 37 712
O1 - Hosts.ICS: 192.168.137.19 MI8-MI8.mshome.net # 2022 7 2 26 12 44 37 712
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll (sign: 'Adobe Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\123.0.6312.106\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] = C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe (sign: 'Adobe Inc.')
O4 - HKCU\..\Run: [BingSvc] = C:\Users\osman\AppData\Local\Microsoft\BingSvc\BingSvc.exe (sign: 'Microsoft')
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1234850CEE8F329C765747D804E12799] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_8BE5DCD6BEB35ECCD48AED73486FB62C] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe  --component-updater=url-source=hxxps://go-updater.brave.com/extensions --disable-domain-reliability --enable-distillability-service --enable-dom-distiller --lso-url=hxxps://no-thanks.invalid --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=hxxps://sync-v2.brave.com/v2 --variations-insecure-server-url=hxxps://variations.brave.com/seed --variations-server-url=hxxps://variations.brave.com/seed --restore-last-session --restart (file missing)
O4 - HKCU\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\osman\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (2022/04/24) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2022/07/18) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\osman\AppData\Local\Programs\Opera\opera.exe (2023/08/28) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [ProtonVPN] = C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (2023/02/13) (sign: 'Proton Technologies AG')
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\osman\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2022/04/24) (sign: 'Spotify AB')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2022/07/19) (sign: 'Valve Corp.')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\osman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EOS Utility.lnk    ->    C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe /AutoStartUp (2022/08/10) (sign: 'Canon Inc.')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\osman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monster Kontrol Merkezi.lnk    ->    C:\Program Files\OEM\Monster Kontrol Merkezi\CallGM.exe 1 (2022/06/08) (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (sign: 'Adobe Systems Incorporated')
O4 - HKLM\..\Run: [Autodesk Access] = C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe --minimizedUi --autoLaunch (sign: 'Autodesk, Inc.')
O4 - HKLM\..\Run: [Monster Kontrol Merkezi] = C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchCtrlGM.exe -R (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [OOBEI2CTpOnOffDetect.exe] = C:\Program Files\OEM\Monster Kontrol Merkezi\OOBE\OOBEI2CTpOnOffDetect.exe (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [OSDTpDetect.exe] = C:\Program Files\OEM\Monster Kontrol Merkezi\OSDTpDetect.exe (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\Windows\System32\RtkAudUService64.exe -background (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\osman\AppData\Local\Temp\CoreSync.dll_TEMP -> DELETE
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2023/04/17) (sign: 'Adobe Inc.')
O4 - HKLM\..\StartupApproved\Run: [pac] = C:\Program Files\Autodesk\Personal Accelerator for Revit\RevitAccelerator.exe (2022/06/08) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Autodesk Genuine Service ] = C:\Program Files\Autodesk\Genuine Service\GenuineService.exe (2022/04/24) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk    ->    C:\Program Files (x86)\AnyDesk\AnyDesk.exe --control (2023/08/28) (sign: 'AnyDesk Software GmbH')
O4 - HKU\S-1-5-18\..\RunOnce: [Application Restart #0] = C:\Program Files (x86)\OEM\OSD\OSD.exe /RestartByRestartManager:2B9938DC-1141-42bc-B5A5-2303B1CB5062 (User 'LocalSystem') (not signed - OEM - F6FBBDF201D6991E679970F16F3865C73D688CE2)
O4 - HKU\S-1-5-18\..\RunOnce: [Application Restart #1] = C:\Program Files (x86)\OEM\OSD\OSD.exe /RestartByRestartManager:B7A6ADBE-5875-4079-B338-BA957D6E9223 (User 'LocalSystem') (not signed - OEM - F6FBBDF201D6991E679970F16F3865C73D688CE2)
O4-32 - HKLM\..\Run: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [Adobe Creative Cloud] = C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (sign: 'Adobe Inc.')
O4-32 - HKLM\..\Run: [OSD] = C:\Program Files (x86)\OEM\OSD\OSDCtrl.exe -R (not signed - OEM - 20818F4618AFF6EF4375223095B5AD2A0A88A7D2)
O4-32 - HKLM\..\Run: [TeamsMachineInstaller] = C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (file missing)
O5 - Applet: C:\Windows\System32\plotman.cpl (sign: 'Autodesk, Inc.')
O5 - Applet: C:\Windows\System32\styleman.cpl (sign: 'Autodesk, Inc.')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (not signed - no company - 1A49C5F7A98580F8002AC1D6115AB39CB753975B)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O15 - Trusted Zone: hxxps://iyte365-files.sharepoint.com
O15 - Trusted Zone: hxxps://iyte365-myfiles.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (sign: 'Adobe Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O22 - BITS Job: (download) {26D23F9B-5635-4428-8251-CC0885AC6D25} - MicrosoftMapsBingGeoStore - (no URL)
O22 - BITS Job: Fix all (including legit)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\Windows\system32\MusNotification.exe /RunOnAC Reboot (sign: 'Microsoft')
O22 - Tasks: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\Windows\system32\MusNotification.exe /RunOnBattery Reboot (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-2938348060-641186788-2289696801-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore1d8576ca50a672f - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: Adobe-Genuine-Software-Integrity-Scheduler-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe (sign: 'Adobe Inc.')
O22 - Tasks: GoogleUpdateTaskMachineCore{65F8B88B-8813-44AB-B350-81AF5F75692E} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA{3B59B983-2134-4E34-AF9A-BB088A07751D} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Tasks: Launch Adobe CCXProcess - C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (sign: 'Adobe Inc.')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'NVIDIA Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-2938348060-641186788-2289696801-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: Opera scheduled Autoupdate 1692004591 - C:\Users\osman\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')
O23 - Service R2: Adobe Genuine Software Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe (sign: 'Adobe Inc.')
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe (sign: 'Adobe Inc.')
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service (sign: 'AnyDesk Software GmbH')
O23 - Service R2: Autodesk Access Service Host - C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Autodesk Desktop Licensing Service - (AdskLicensingService) - C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" (sign: 'Intel Corporation')
O23 - Service R2: FlexNet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (sign: 'Flexera Software LLC')
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (sign: 'Flexera Software LLC')
O23 - Service R2: GamingCenter Service - (GamingCenter) - C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchServGM.exe (sign: 'Uniwill Technology Inc.')
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHDCPSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Service R2: Intel(R) Extreme Tuning Utility Service - (XTU3SERVICE) - C:\Program Files\OEM\Monster Kontrol Merkezi\XtuService.exe (sign: 'Intel(R) Extreme Tuning Utility')
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_401fde8782680631\OneApp.IGCC.WinService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_5207db0559876a61\igfxCUIService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24030.9-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (sign: 'NVIDIA Corporation')
O23 - Service R2: On Screen Display Service - (OSD) - C:\Program Files (x86)\OEM\OSD\OSDSrv.exe (not signed - no company - 59EBAE004B212637EF411831314D0707D31C2FF2)
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\Windows\System32\RtkAudUService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: TFSPEQService - C:\Windows\TFSPEQService.exe (not signed - Creative Technology Ltd - 34873C7A0DCC5D012F8FE9A35CAD8BA5F0CEE5FB)
O23 - Service R2: UWP RPC Service - (UWPService) - C:\Windows\SysWOW64\Creative.UWPRPCService.exe (sign: 'Microsoft')
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\IntelCpHeciSvc.exe (sign: 'Intel Corporation')
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe (sign: 'Intel Corporation')
O23 - Service R3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (sign: 'Intel Corporation')
O23 - Service R3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S2: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: AsusROGLSLService Download ROGLSLoader - (AsusROGLSLService) - C:\Program Files (x86)\ASUS\AsusROGLSLService\AsusROGLSLService.exe -runservice (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe (sign: 'Intel Corporation')
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\24.050.0310.0001\FileSyncHelper.exe (sign: 'Microsoft')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\123.0.6312.106\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe (sign: 'Intel Corporation')
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe (sign: 'Malwarebytes Inc.')
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\24.050.0310.0001\OneDriveUpdaterService.exe (sign: 'Microsoft')
O23 - Service S3: ProtonVPN Service - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe (sign: 'Proton Technologies AG')
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.WireGuardService.exe "C:\ProgramData\ProtonVPN\WireGuard\ProtonVPN.conf" (sign: 'Proton Technologies AG')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"  (sign: 'Intel Corporation')
O23 - Driver R1: AsIO - C:\Windows\SysWow64\drivers\AsIO.sys (sign: 'ASUSTeK Computer Inc.')
O23 - Driver R2: IDMWFP - C:\Windows\system32\DRIVERS\idmwfp.sys (sign: 'Tonec Inc.')
O23 - Driver R2: inpoutx64 - C:\Windows\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R2: Intel HAXM Service - (IntelHaxm) - C:\Windows\system32\DRIVERS\IntelHaxm.sys (sign: 'Microsoft' - Intel  Corporation)
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: ___ Windows 10 64 Bit için Intel(R) Wireless Bağdaştırıcı Sürücüsü  - (Netwtw08) - C:\Windows\System32\drivers\Netwtw08.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: igfx - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_b260c545909302e9\igdkmd64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Display Audio - (IntcDAud) - C:\Windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_718877413f6508de\IntcDAud.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_c22251d5ea82b3c3\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Wireless Bluetooth(R) - (ibtusb) - C:\Windows\System32\DriverStore\FileRepository\ibtusb.inf_amd64_9668d272428b3212\ibtusb.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBfilt - C:\Windows\system32\drivers\MBfilt64.sys (sign: 'Microsoft' - Creative Technology Ltd.)
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nvtfi.inf_amd64_ee3ad7a43fb68dcc\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\Windows\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\Windows\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: semav6msr64 - C:\Windows\system32\drivers\semav6msr64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: TAP-ProtonVPN Windows Adapter V9 - (tapprotonvpn) - C:\Windows\System32\drivers\tapprotonvpn.sys (+safe mode) (sign: 'Microsoft' - The OpenVPN Project)
O23 - Driver R3: Wintun - (wintun) - C:\Windows\system32\DRIVERS\wintun.sys (+safe mode) (sign: 'Microsoft' - WireGuard LLC)
O23 - Driver S3: Apple Lower Filter Driver - (AppleLowerFilter) - C:\Windows\System32\drivers\AppleLowerFilter.sys (sign: 'Microsoft' - Apple Inc.)
O23 - Driver S3: BERT Reader Service - (bertreader) - C:\Windows\System32\drivers\bertreader.sys (sign: 'Intel Corporation')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: ProtonVPN Callout - (ProtonVPNCallout) - C:\Program Files (x86)\Proton Technologies\ProtonVPN\x64\Win10\ProtonVPN.CalloutDriver.sys (+safe mode) (sign: 'Microsoft' - Proton Technologies AG)
O23 - Driver S3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Driver S3: TAP-Windows Adapter V9 - (tap0901) - C:\Windows\System32\drivers\tap0901.sys (+safe mode) (not signed - The OpenVPN Project - DAEBE266073616E5FC931C319470FCF42A06867A)
O23 - Driver S3: WireGuard - C:\Windows\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'Netwtw08'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'ProtonVPNCallout'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tap0901'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'tapprotonvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'wintun'


--
End of file - Time spent: 30,1 sec. - 78176 bytes, CRC32: FFFFFFFF. Sign: 聥훬

Merhaba, ilk önce discord hesabıma girildi, oradan bütün mesaj yazılabilecek her yerden steam 50usd kod spam mesajı atılmış. daha sonrasında, linkedin hesabıma girildi ve profil fotoğrafı değişti maili geldi sonra onu kurtarabildim, spotify'a girildi onu da kurtardım. 3 tane gmail, 1 tane hotmail hesabıma da erişim sağladılar. ben dün sürekli şifre değiştirmekle meşguldum. Aklima gelebilecek çoğu şifreyi değiştirdim. En başında Malwarebytes ile tarama yaptım, orada bir kaç tane crackten kaynaklı vs bir şeyler buldu onu temizledim. sonra Artık bitti diyordum fakat bugun Trendyol hesabıma da giriş yapılmaya çalışıldı hesap korumaya almış. Google üzerinden sanırım kaydet diye kaydettiğim tüm şifrelere eriştiler diye düşünüyorum. Technopata bakıyım derken bu konuyu gördüm. Yardımcı olabilir misiniz? Formatlamam gerekiyorsa onu da yapayım ama yani gerekmiyorsa tabi daha iyi olur, tavsiyelerinizi bekliyorum teşekkürler.

(ek olarak bilgisayar performansımda eskiye göre düşüş var ama ben bayadır bakımını vs aksattığım için diye düşünüyordum bundan kaynaklı olabilir, bir de geçen hafta adobe cracki için uğraşmıştım ondan kaynaklı da olabilir)

Şimdi mega.nz dosya indirme sitesinde bulunan hesabima giris yapildi, ona da 2fa açtım. Girebilecekleri her yeri deniyorlar @Murat5038
Kardesim ve babamin maillerine ve hesaplarina da ulasmaya calisiyorlar. Suan sifre değiştirmekten baska bir sey yapamiyorum. Nasil engelleyecegim?
 
Son düzenleme:
Kardesim ve babamin maillerine ve hesaplarina da ulasmaya calisiyorlar. Suan sifre değiştirmekten baska bir sey yapamiyorum. Nasil engelleyecegim?
İlk olarak şifrelerinizi google kayıtlıysa mail vb. oradan açık kontrolü sağlayın.
Sıkıntılı olanları güvene alın. Bir yerde kullandığınız şifreyi başka yerde kullanmayın.
AV yazılımlarından birini kullanın. Modemi resetleyin/sıfırlayın ve yeniden yapılandırın.
Adobe yazılımlarını ücretli almadıysanız kaldırın.
ProtonVPN kaldırın.
Güncel olmayan yazılımlarınızı güncelleyin.
Temiz önyükleme gerçekeştirin.

Bunları fixleyin:
Kod:
O4 - HKCU\..\Run: [BingSvc] = C:\Users\osman\AppData\Local\Microsoft\BingSvc\BingSvc.exe (sign: 'Microsoft')
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_1234850CEE8F329C765747D804E12799] = C:\Program Files\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_8BE5DCD6BEB35ECCD48AED73486FB62C] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (sign: 'Microsoft')
O4 - HKCU\..\RunOnce: [Application Restart #1] = C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe  --component-updater=url-source=hxxps://go-updater.brave.com/extensions --disable-domain-reliability --enable-distillability-service --enable-dom-distiller --lso-url=hxxps://no-thanks.invalid --origin-trial-public-key=bYUKPJoPnCxeNvu72j4EmPuK7tr1PAC7SHh8ld9Mw3E=,fMS4mpO6buLQ/QMd+zJmxzty/VQ6B1EUZqoCU04zoRU= --sync-url=hxxps://sync-v2.brave.com/v2 --variations-insecure-server-url=hxxps://variations.brave.com/seed --variations-server-url=hxxps://variations.brave.com/seed --restore-last-session --restart (file missing)
O4 - HKCU\..\StartupApproved\Run: [ProtonVPN] = C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.exe (2023/02/13) (sign: 'Proton Technologies AG')
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\osman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monster Kontrol Merkezi.lnk    ->    C:\Program Files\OEM\Monster Kontrol Merkezi\CallGM.exe 1 (2022/06/08) (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [Monster Kontrol Merkezi] = C:\Program Files\OEM\Monster Kontrol Merkezi\LaunchCtrlGM.exe -R (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [OOBEI2CTpOnOffDetect.exe] = C:\Program Files\OEM\Monster Kontrol Merkezi\OOBE\OOBEI2CTpOnOffDetect.exe (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Run: [OSDTpDetect.exe] = C:\Program Files\OEM\Monster Kontrol Merkezi\OSDTpDetect.exe (sign: 'Uniwill Technology Inc.')
O4 - HKLM\..\Session Manager: [PendingFileRenameOperations] = C:\Users\osman\AppData\Local\Temp\CoreSync.dll_TEMP -> DELETE
O4 - HKU\S-1-5-18\..\RunOnce: [Application Restart #0] = C:\Program Files (x86)\OEM\OSD\OSD.exe /RestartByRestartManager:2B9938DC-1141-42bc-B5A5-2303B1CB5062 (User 'LocalSystem') (not signed - OEM - F6FBBDF201D6991E679970F16F3865C73D688CE2)
O4 - HKU\S-1-5-18\..\RunOnce: [Application Restart #1] = C:\Program Files (x86)\OEM\OSD\OSD.exe /RestartByRestartManager:B7A6ADBE-5875-4079-B338-BA957D6E9223 (User 'LocalSystem') (not signed - OEM - F6FBBDF201D6991E679970F16F3865C73D688CE2)
O4-32 - HKLM\..\Run: [OSD] = C:\Program Files (x86)\OEM\OSD\OSDCtrl.exe -R (not signed - OEM - 20818F4618AFF6EF4375223095B5AD2A0A88A7D2)
O22 - BITS Job: (download) {26D23F9B-5635-4428-8251-CC0885AC6D25} - MicrosoftMapsBingGeoStore - (no URL)
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\Windows\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs" (sign: 'Microsoft')
MBAM yerine sağlam bir AV kullanın. Diğer cihazlarınızda da güvenlik önlemlerinizi alın yukarıda söylediğim açık kontrolünü yapın.
 

Technopat Haberler

Yeni konular

Geri
Yukarı