Rehber HijackThis Log Paylaşımı ve Çözümleri

1543056134722.png


Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir.



Kullanımı:

1) Bir geliştirici tarafından yeni özellikler kazandırılan güncel sürümünü buradan indirip, arşiv dosyasından masaüstüne uygulamayı çıkartın.

HiJackThis

Program, zararlı temizliğinde imza veritabanı kullanmadan sezgisel tespite dayalı bir yöntemle kullanılır. Çok hızlı bir tarama ile, zararlı bulaşmamış bir sistemden farklı olarak çalışan işlemlerin bir listesini çıkartır. Bu işlemlerin tamamı...
www.technopat.net www.technopat.net

Alternatif: Download HiJackThis Fork - MajorGeeks

Eski Sürüm: HiJackThis | Free software downloads at SourceForge.net

2) Bilgisayarınızı yeniden başlatın 3 dk işlem yapmadan bekleyin.

3) HijackThis yazılımına sağ tıklayıp yönetici olarak çalıştırın (XP için geçerli değil).

1543056459730.png


4) Açılan arayüzde, "Do a system scan and save a log file" butonuna tıklayın.

1543053000396.png


5) Otomatik olarak Hijackthis taraması başlayacak, taramanın tamamlanması sürece fare ve klavyeyi kullanmayın.
1543053111358.png


6) Tarama tamamlandığında HijackThis raporunu içeren bir Log dosyası karşınıza gelecektir.

1543053449185.png



*7) Log dosyasını incelememiz için buraya cevaplama bölümünden eklemeniz gerekmektedir.

1543053710016.png

Kod'a tıklayın.

1543053809056.png


Log'da yazanları mavi bölmenin içine yapıştırıp "Devam Et" butonuna basın.

Uyarı: Sitede kod eklemede sorun yaşarsanız kod paylaşımlarını altta verilen sitelerden birine yapıştırıp linki paylaşmanız gerekmektedir. Bu durumda *7. seçeneği şu anlık kullanmayın.

Paste ofCode

8) Ayrıca sisteminizde var olan sorunu detaylıca (Performans düşüşü, Malware varlığı şüphesi vb.) belirterek konuyu cevaplayın.
(Bunu yapmayana cevap verilmeyecektir)

Fixleme:

Konuda şahsım tarafından veya uzman kişilerden geri dönüş yapıldığında Hijackthis uygulama arayüzünden söylediğimiz satırların başlarına tik işareti koyun. Ardından "Fix checked" butonuna basın.
1543054420492.png
 
Son düzenleme:
Genişletmek için tıkla...
Murat5038 dedi:
C:\ProgramData\ClpHtt
Bu klasör içi şüpheli.

E:\Program Files (x86)\Driver Booster
Sürücü bulucu kullanmışssın sebeplerden biri bu.

Tavsiye edilmeyen adı bile az bilinen programlar yüklemişssiniz mümkün oldukça kaldırın:
E:\Zona
C:\Program Files\Visual Subst
Avira\System Speedup
Free Download Manager

Bunları fixleyin:
Kod: 
O22 - Tasks: VisualSubstUAC - C:\Program Files\Visual Subst\VSubst.exe /UACTASK (sign: 'NTWIND LLC')
O22 - Tasks: \Diagnostic\Service - C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.exe "C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.dat" (file missing)
O22 - Tasks_Migrated: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)
O22 - Tasks: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)

Bunları yaptıktan sonra Kaspersky ile tam tarama yapmanızı da tavsiye ederim.


MBAM ve Kaspersky aktif kullanılamaz. MBAM kaldırın eğer Kaspersky lisanslı kullanıyorsanız.
CCleaner da smart teknoloji özelliğini kapatın.
Temiz önyükleme yapın ve gerekli olmadığında IDM ve arka planda açık program bırakmayın.
Sürücü güncellemelerinizi de kontrol edin.

Bunları fixleyin:
Kod: 
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/05/17)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_E8C4207C584F2FB0A77218D53CE2B382] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start (2023/12/29)
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\System32\LogiLDA.dll C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\StartupApproved\Run32: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (2023/04/20)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/01/17)
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e88f95aa-daa4-4c9e-af8e-9c9a1c54b6e0" --version "6.39.0.11548" --silent
O22 - Task: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe


PowerToys kullanıyorsunuz bu güzel araçlar içerse de bilinçsiz kulalnımda sistem kararsızlıklarına yol açar. Güncelliğini de devamlı kontrol etmeniz gerekir. Kullanmıyorsanız kaldırın.
Bunları fixleyin.:
Kod: 
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\ersin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2024/11/02) (invalid sign: TRUST_E_BAD_DIGEST - Spotify Ltd - 00BB4C8738992C41C051AA088E2F5D6CF290C4C0)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_AEEA7D26E10C80D803D1467811869685] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/09/11) (sign: 'Microsoft')
O22 - Tasks: infatica_p2b - C:\Program Files (x86)\Infatica P2B\infatica_agent.exe (sign: 'Infatica Pte. Ltd.')
Genişletmek için tıkla...
Teşekkürler, iyi çalışmalar.

Murat5038 dedi:
C:\ProgramData\ClpHtt
Bu klasör içi şüpheli.

E:\Program Files (x86)\Driver Booster
Sürücü bulucu kullanmışssın sebeplerden biri bu.

Tavsiye edilmeyen adı bile az bilinen programlar yüklemişssiniz mümkün oldukça kaldırın:
E:\Zona
C:\Program Files\Visual Subst
Avira\System Speedup
Free Download Manager

Bunları fixleyin:
Kod: 
O22 - Tasks: VisualSubstUAC - C:\Program Files\Visual Subst\VSubst.exe /UACTASK (sign: 'NTWIND LLC')
O22 - Tasks: \Diagnostic\Service - C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.exe "C:\Users\PC\AppData\Roaming\dktduyxoul\mecsev.dat" (file missing)
O22 - Tasks_Migrated: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)
O22 - Tasks: FreeDownloadManagerHelperService - C:\Program Files\Softdeluxe\Free Download Manager\helperservice.exe (not signed - Softdeluxe - 01799AB981BC716DCA62356CBA194843C0B1323D)

Bunları yaptıktan sonra Kaspersky ile tam tarama yapmanızı da tavsiye ederim.


MBAM ve Kaspersky aktif kullanılamaz. MBAM kaldırın eğer Kaspersky lisanslı kullanıyorsanız.
CCleaner da smart teknoloji özelliğini kapatın.
Temiz önyükleme yapın ve gerekli olmadığında IDM ve arka planda açık program bırakmayın.
Sürücü güncellemelerinizi de kontrol edin.

Bunları fixleyin:
Kod: 
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2024/05/17)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_E8C4207C584F2FB0A77218D53CE2B382] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start (2023/12/29)
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\System32\LogiLDA.dll C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKLM\..\StartupApproved\Run32: [Lightshot] = C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe (2023/04/20)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/01/17)
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "e88f95aa-daa4-4c9e-af8e-9c9a1c54b6e0" --version "6.39.0.11548" --silent
O22 - Task: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe


PowerToys kullanıyorsunuz bu güzel araçlar içerse de bilinçsiz kulalnımda sistem kararsızlıklarına yol açar. Güncelliğini de devamlı kontrol etmeniz gerekir. Kullanmıyorsanız kaldırın.
Bunları fixleyin.:
Kod: 
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\ersin\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2024/11/02) (invalid sign: TRUST_E_BAD_DIGEST - Spotify Ltd - 00BB4C8738992C41C051AA088E2F5D6CF290C4C0)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_AEEA7D26E10C80D803D1467811869685] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/09/11) (sign: 'Microsoft')
O22 - Tasks: infatica_p2b - C:\Program Files (x86)\Infatica P2B\infatica_agent.exe (sign: 'Infatica Pte. Ltd.')
Genişletmek için tıkla...
Teşekkürler iyi çalışmalar..
 
Öncelikle selamlar, bilgisayımı yüke soktuğumda veya özellikle ağır oyunlar oynarken bazı zamanlarda ardı ardına oyun donuyor, Windows donuyor, sesler kesiliyor, bilgisayar soğuduğu için fanlar yavaşlıyor ve birden düzeliyor, bazen de oyun donuyor, görev çubuğunu bile açamıyorum, sesler birbirine karışıyor ve drrrrrrr sesi geliyor, kapatma butonu işe yaramıyor, Power tuşuna 5 saniye basılı tutup kapatmak zorunda kalıyorum, crack program kullanmıyorum, Hitman-Pro tarama sonuçları temiz, bütün driverlerim güncel ve elle kendim kurdum, sıcaklıklar 70C altında, format atmayı denedim disk sağlıklarım %100 ve Windows RAM testinde arıza görünmüyor, iyi çalışmalar :)

Kod: 
Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17

Platform: x64 Windows 11 (Home), 10.0.26100.6725 (ReleaseId: 2009, 24H2), Service Pack: 0
Time: 01.10.2025 - 22:30 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory: 10,67 GiB Free / 16. Loading RAM (32 %), CPU (9 %)
Disk C: 298,72 GiB Free / 465 (SSD, GPT)
Elevated: Yes.
Ran by: yusuf (group: Administrators; type: Microsoft) on YUSUFPC, FirstRun: no.

Internet Explorer: 11.0.26100.1882
Default: "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1 (Brave)

Boot mode: Normal (Secure Boot: On) (Code Integrity: On)

Running processes:
Number | Path.
 7 C:\Program Files (x86)\ASUS\ArmouryDevice\asus_framework.exe
 1 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe
 1 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\ArmourySocketServer.exe
 1 C:\Program Files (x86)\ASUS\ArmouryDevice\dll\SwAgent\ArmourySwAgent.exe
 1 C:\Program Files (x86)\ASUS\AsusCertService\1.2.40\AsusCertService.exe
 1 C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.54\AsusFanControlService.exe
 1 C:\Program Files (x86)\ASUS\AXSP\4.06.06\atkexComSvc.exe
 1 C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe
 1 C:\Program Files (x86)\LightingService\LightingService.exe
 1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
 12 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\140.0.3485.94\msedgewebview2.exe
 2 C:\Program Files\ASUS\AacMB\Aac3572MbHal_x86.exe
 1 C:\Program Files\ASUS\Armoury Crate Service\ArmouryCrate.Service.exe
 1 C:\Program Files\ASUS\Armoury Crate Service\ArmouryCrate.UserSessionHelper.exe
 1 C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe
 1 C:\Program Files\GX30 Pro\CPL\XearAudioCenter_x64.exe
 1 C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
 1 C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
 1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2539.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
 1 C:\Program Files\WindowsApps\B9ECED6F.ArmouryCrate_6.3.4.0_x64__qmba6cd70vzyy\ArmouryCrate.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_31.105.23001.0_x64__8wekyb3d8bbwe\gamingservices.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_31.105.23001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
 1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.14.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
 1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.24401.50.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
 1 C:\Program Files\WireSock Secure Connect\bin\wiresock-client.exe
 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
 1 C:\Users\yusuf\Downloads\HiJackThis\HiJackThis.exe
 1 C:\Windows\explorer.exe
 1 C:\Windows\System32\audiodg.exe
 1 C:\Windows\System32\conhost.exe
 2 C:\Windows\System32\csrss.exe
 2 C:\Windows\System32\ctfmon.exe
 1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe
 1 C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0a29c6938d49066\RstMwService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_b966ea70c5407e74\WMIRegistrationService.exe
 2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fe5f369669db2f36\Display.NvContainer\NVDisplay.Container.exe
 1 C:\Windows\System32\dwm.exe
 2 C:\Windows\System32\fontdrvhost.exe
 1 C:\Windows\System32\LsaIso.exe
 1 C:\Windows\System32\lsass.exe
 1 C:\Windows\System32\msiexec.exe
 1 C:\Windows\System32\NgcIso.exe
 5 C:\Windows\System32\RuntimeBroker.exe
 1 C:\Windows\System32\SearchIndexer.exe
 1 C:\Windows\System32\SearchProtocolHost.exe
 1 C:\Windows\System32\services.exe
 1 C:\Windows\System32\ShellHost.exe
 1 C:\Windows\System32\sihost.exe
 1 C:\Windows\System32\smartscreen.exe
 1 C:\Windows\System32\smss.exe
 1 C:\Windows\System32\spoolsv.exe
 1 C:\Windows\System32\sppsvc.exe
 41 C:\Windows\System32\svchost.exe
 2 C:\Windows\System32\taskhostw.exe
 1 C:\Windows\System32\wbem\unsecapp.exe
 1 C:\Windows\System32\wbem\WmiApSrv.exe
 2 C:\Windows\System32\wbem\WmiPrvSE.exe
 1 C:\Windows\System32\wininit.exe
 1 C:\Windows\System32\winlogon.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\CrossDeviceResume.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_461\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_461\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\140.1.82.172\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\yusuf\AppData\Local\Discord\Update.exe --processStart Discord.exe (2025/08/24) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2025/08/06) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [FACEIT] = C:\Users\yusuf\AppData\Local\FACEIT\update.exe --processStart "FACEIT.exe" (2025/08/01) (sign: 'ESL Gaming GmbH')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_F5C1F868577C050B1FE977BE638A6254] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/08/01) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = E:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2025/09/20) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2025/08/01) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [GX30 Pro] = C:\Program Files\GX30 Pro\CPL\XearAudioCenter_x64.exe /h /d /i (invalid sign - no company - BC3F0F4027D1C8FF60B747F45E92FDDB980A62F2)
O4 - HKLM\..\StartupApproved\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (2025/09/20) (sign: 'Riot Games, Inc.')
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2025/08/01) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/08/17) (sign: 'Oracle America, Inc.')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4f254d47-4fef-4eec-8e40-164862a979e8}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{4f254d47-4fef-4eec-8e40-164862a979e8}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Device Setup\Driver Recovery on Reboot - {452f6ddc-7930-4b57-8794-19cd7420241d} - C:\WINDOWS\System32\DeviceSetupManagerAPI.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Servicing\OOBEFodSetup - C:\WINDOWS\system32\OOBEFodSetup.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\SharedPC\Account Cleanup - {7750564D-D61C-4557-8A9D-7DF56BDCFF96} - C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsAI\Recall\InitialConfiguration - {709FD5EF-7296-4154-BD3A-E9830FCFA60A} - C:\WINDOWS\system32\ShellConfigTask.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser Exp - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun express (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Sustainability\SustainabilityTelemetry - {6EE41D75-D091-4FB7-9AD5-018760DD25D4} - C:\WINDOWS\system32\EcoScoreTask.dll (sign: 'Microsoft')
O22 - Tasks: \ASUS\AcPowerNotification - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\AcPowerNotification\AcPowerNotification.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ArmourySocketServer - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ArmourySocketServer\TaskSchedulerTool_ArmourySocketServer.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineCore1dc02af731f45a0 - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /c (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\ASUSUpdateTaskMachineUA - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /ua /installsource scheduler (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\NoiseCancelingEngine - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\MBLedSDK\NoiseCancelingEngine.exe (sign: 'ASUSTeK COMPUTER INC.')
O22 - Tasks: \ASUS\P508PowerAgent_sdk - C:\Program Files (x86)\ASUS\ArmouryDevice\dll\ShareFromArmouryIII\Mouse\ROG STRIX CARRY\P508PowerAgent.exe (file missing)
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AccountHealth\RecoverabilityToastTask - {B7F5B442-EBF8-46CD-9F0B-D8E45ED43492},-flow showtoast -checkup recoverability - C:\WINDOWS\system32\AccountHealth.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Diagnosis\UnexpectedCodepath - C:\WINDOWS\system32\UCConfigTask.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\GovernedFeatureUsageProcessing - {866F38A9-0302-4926-A36F-E4BAABAAE116} - C:\WINDOWS\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\ReconcileConfigs - {15F5ECE1-4550-4A92-8E26-984FD1DA54FA} - C:\WINDOWS\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver - {D4C0420F-76BD-4F66-A91F-918A93ABEBEB} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Hotpatch\Monitoring - C:\WINDOWS\system32\cmd.exe /d /c C:\WINDOWS\system32\hpatchmonTask.cmd (sign: '')
O22 - Tasks: \Microsoft\Windows\Input\RemoteMouseSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteMouseSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemotePenSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemotePenSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\RemoteTouchpadSyncDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},RemoteTouchpadSyncDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\MemoryDiagnostic\AutomaticOfflineMemoryDiagnostic - {44f6c389-604a-4363-b09a-f38da08e6079} - C:\WINDOWS\System32\MemoryDiagnostic.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Network Connectivity Status Indicator\NcsiIdentifyUserProxies - {706B965A-8308-4CD4-9900-87C2D79C121B} - C:\Windows\System32\netprofm.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PCRPF\PCR Prediction Framework Firmware Update Task - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\pcrpf.dll,NotifyFirmwareUpdateStaged (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PerformanceTrace\RequestTrace - {9efeb182-2ee3-4af9-affa-521410d110d1} - C:\WINDOWS\system32\PerformanceTraceHandler.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PerformanceTrace\WhesvcToast - {c34546ad-2e37-41d9-8e23-277837b7a234} - C:\WINDOWS\system32\PerformanceTraceHandler.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Pluton\Pluton-Ksp-Provisioning - {997e11e1-0eff-40bd-9b25-8da694816600},PlutonKspProvision - C:\WINDOWS\system32\PlutonTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ReFsDedupSvc\Initialization - {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} - C:\WINDOWS\System32\ReFsDedupSvc.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Sustainability\PowerGridForecastTask - {251E5B1F-E370-4E12-B5BD-B7AD2A8EE810} - C:\WINDOWS\system32\PowerGridForecastTask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TPM\Tpm-PreAttestationHealthCheck - {5014B7C8-934E-4262-9816-887FA745A6C4},TpmPreAttestationHealthCheck - C:\WINDOWS\system32\TpmTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\UIEOrchestrator - C:\WINDOWS\system32\UIEOrchestrator.exe /SendHeartbeat (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\UUS Failover Task - C:\WINDOWS\System32\MLEngineStub.exe HandleUusFailoverEvaluationSignalFromWnf (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UsageAndQualityInsights\UsageAndQualityInsights-MaintenanceTask - C:\Windows\System32\Microsoft.Data.UsageAndQualityInsights.MaintenanceTask.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsAI\Recall\PolicyConfiguration - {0BE6820D-B667-4CB6-931B-C153A77DA895} - C:\WINDOWS\system32\ShellConfigTask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsAI\Settings\InitialConfiguration - {2886e5fb-4f01-4a89-9a0e-5d6a9c8048ac} - C:\WINDOWS\system32\SettingsConfigTask.dll (sign: 'Microsoft')
O22 - Tasks: BraveSoftwareUpdateTaskMachineCore{ABE6EAD9-6862-459E-B2F2-1273969E0C7C} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA{9C1D6E48-A3AB-489B-BA8D-2229B8F59716} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic (sign: 'Intel Corporation')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process -WindowStyle Hidden task.bat" (sign: 'Microsoft')
O22 - Tasks: WireSockRefresh - C:\Program Files\SplitWire-Turkey\res\wiresock_refresh.bat (not signed - no company - 541E453A151F3B3DAF346B4E200919794D13EDC1)
O23 - Service R2: Armoury Crate Service - (ArmouryCrateService) - C:\Program Files\ASUS\Armoury Crate Service\ArmouryCrate.Service.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS AURA SYNC lighting service - (LightingService) - C:\Program Files (x86)\LightingService\LightingService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Certificate Service - (AsusCertService) - C:\Program Files (x86)\ASUS\AsusCertService\1.2.40\AsusCertService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: ASUS Com Service - (asComSvc) - C:\Program Files (x86)\ASUS\AXSP\4.06.06\atkexComSvc.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: AsusFanControlService - C:\Program Files (x86)\ASUS\AsusFanControlService\2.03.54\AsusFanControlService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start" (sign: 'Intel Corporation')
O23 - Service R2: GameSDK Service - C:\Program Files (x86)\ASUS\GameSDK Service\GameSDK.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_31.105.23001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_31.105.23001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_8a3f88e34f6b8385\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_b966ea70c5407e74\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Storage Middleware Service - (RstMwService) - C:\WINDOWS\System32\DriverStore\FileRepository\iastorvd.inf_amd64_d0a29c6938d49066\RstMwService.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe (sign: 'Intel Corporation')
O23 - Service R2: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fe5f369669db2f36\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fe5f369669db2f36\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: ROG Live Service - C:\Program Files\ASUS\ROG Live Service\ROGLiveService.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service R2: WireSock WireGuard VPN Client Service - (wiresock-client-service) - C:\Program Files\WireSock Secure Connect\bin\wiresock-client.exe service -config "C:\Program Files\SplitWire-Turkey\res\wgcf-profile.conf" -log-level "none" (sign: 'The Anti-Cloud Corporation')
O23 - Service S2: ASUS Güncelleme Hizmeti (asus) - (asus) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /svc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: AsusUpdateCheck - C:\WINDOWS\System32\AsusUpdateCheck.exe (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: Intel(R) Platform License Manager Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_740dc8aba9846dbb\lib\PlatformLicenseManagerService.exe (sign: 'Intel Corporation')
O23 - Service S3: ASUS Güncelleme Hizmeti (asusm) - (asusm) - C:\Program Files (x86)\ASUS\Update\AsusUpdate.exe /medsvc (sign: 'ASUSTeK COMPUTER INC.')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\140.1.82.172\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: EAAntiCheatService - C:\Program Files\EA\AC\eaanticheat.gameservice.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe -start (sign: 'Electronic Arts, Inc.')
O23 - Service S3: FACEITService - C:\Program Files\FACEIT AC\faceitservice.exe (sign: 'ESL FACEIT Group Ltd.')
O23 - Service S3: GameInput Redist Service - (GameInputRedistService) - C:\Program Files\Microsoft GameInput\x64\GameInputRedistService.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe (sign: 'Intel Corporation')
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (sign: 'Rockstar Games, Inc.')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process" (sign: 'Intel Corporation')
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe (sign: 'Riot Games, Inc.')
O23 - Driver R: ASUS Kernel Mode Driver for NT - C:\WINDOWS\system32\drivers\IOMap64.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R0: Intel(R) Chipset VMD RST Controller service - (iaStorVD) - C:\WINDOWS\System32\drivers\iaStorVD.sys (sign: 'Intel Corporation')
O23 - Driver R1: Asusgio3 - C:\WINDOWS\system32\drivers\AsIO3.sys (sign: 'ASUSTeK COMPUTER INC.')
O23 - Driver R1: FACEIT - C:\Program Files\FACEIT AC\FACEIT_AC.sys (sign: 'Microsoft' - no company)
O23 - Driver R1: vgk - C:\Program Files\Riot Vanguard\vgk.sys (sign: 'Riot Games, Inc.')
O23 - Driver R1: WireSock VPN Client Filter Driver - (ndiswgc) - C:\WINDOWS\system32\DRIVERS\ndiswgc.sys (+safe mode) (sign: 'The Anti-Cloud Corporation')
O23 - Driver R3: ACSEHIDRemap Service - (ACSEHIDRemap) - C:\WINDOWS\System32\drivers\ACSEHIDRemap.sys (sign: 'Microsoft' - no company)
O23 - Driver R3: ACSEVirtualBus Service - (ACSEVirtualBus) - C:\WINDOWS\System32\drivers\ACSEVirtualBus.sys (sign: 'Microsoft' - no company)
O23 - Driver R3: G600 - C:\WINDOWS\System32\drivers\G600.sys (sign: 'Microsoft' - C-Media Electronics, Inc.)
O23 - Driver R3: Intel(R) Management Engine Interface - (MEIx64) - C:\WINDOWS\System32\DriverStore\FileRepository\heci.inf_amd64_90341c97d9948f6b\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) PRO/1000 PCI Express Network Connection Driver D - (e1dexpress) - C:\WINDOWS\System32\DriverStore\FileRepository\e1d.inf_amd64_dded470da430edc1\e1d.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO GPIO Driver v2 - (iaLPSS2_GPIO2_ADL) - C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_adl.inf_amd64_6f8ae740d22247ce\iaLPSS2_GPIO2_ADL.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C_ADL) - C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_adl.inf_amd64_563fbcd35feb69a6\iaLPSS2_I2C_ADL.sys (+safe mode) (sign: 'Intel Corporation')
O23 - Driver R3: nvlddmkm - C:\WINDOWS\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_fe5f369669db2f36\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: semav6msr64 - C:\WINDOWS\system32\drivers\semav6msr64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\WINDOWS\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: WireSock - C:\WINDOWS\System32\drivers\WireSock.sys (+safe mode) (sign: 'The Anti-Cloud Corporation')
O23 - Driver S3: Apple Lower Filter Driver - (AppleLowerFilter) - C:\WINDOWS\System32\drivers\AppleLowerFilter.sys (sign: 'Apple Inc.')
O23 - Driver S3: BERT Reader Service - (bertreader) - C:\WINDOWS\System32\drivers\bertreader.sys (sign: 'Intel Corporation')
O23 - Driver S3: cpuz159 - C:\WINDOWS\temp\cpuz159\cpuz159_x64.sys (sign: 'Microsoft' - CPUID)
O23 - Driver S3: EAAntiCheat - C:\WINDOWS\system32\drivers\eaanticheat.sys (file missing)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: Wintun - (wintun) - C:\WINDOWS\System32\drivers\wintun.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'e1dexpress'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'ndiswgc'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'WireSock'.
O27 - Account: (AutoLogon) HKLM\..\Winlogon: YUSUFPC\yusuf (type: Microsoft)

--
End of file - Time spent: 21,4 sec. - 58378 bytes, CRC32: FFFFFFFF. Sign: 묁颺
 
@quarest Senin sorunun farklı mavi ekran alıyorsun büyük ihtimal minidump dosyaları var mı kontrol edin.

Gereksiz Asus yazılımlarını kaldırın.

Yine de bunları fixleyin:
Kod: 
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2025/08/06) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_F5C1F868577C050B1FE977BE638A6254] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/08/01) (sign: 'Microsoft')
O4 - HKLM\..\Run: [GX30 Pro] = C:\Program Files\GX30 Pro\CPL\XearAudioCenter_x64.exe /h /d /i (invalid sign - no company - BC3F0F4027D1C8FF60B747F45E92FDDB980A62F2)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/08/17) (sign: 'Oracle America, Inc.')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process -WindowStyle Hidden task.bat" (sign: 'Microsoft')
O22 - Tasks: WireSockRefresh - C:\Program Files\SplitWire-Turkey\res\wiresock_refresh.bat (not signed - no company - 541E453A151F3B3DAF346B4E200919794D13EDC1)
 
Murat5038 dedi:
@quarest Senin sorunun farklı mavi ekran alıyorsun büyük ihtimal minidump dosyaları var mı kontrol edin.

Gereksiz Asus yazılımlarını kaldırın.

Yine de bunları fixleyin:
Kod: 
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2025/08/06) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_F5C1F868577C050B1FE977BE638A6254] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/08/01) (sign: 'Microsoft')
O4 - HKLM\..\Run: [GX30 Pro] = C:\Program Files\GX30 Pro\CPL\XearAudioCenter_x64.exe /h /d /i (invalid sign - no company - BC3F0F4027D1C8FF60B747F45E92FDDB980A62F2)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2025/08/17) (sign: 'Oracle America, Inc.')
O22 - Tasks: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -Command "Start-Process -WindowStyle Hidden task.bat" (sign: 'Microsoft')
O22 - Tasks: WireSockRefresh - C:\Program Files\SplitWire-Turkey\res\wiresock_refresh.bat (not signed - no company - 541E453A151F3B3DAF346B4E200919794D13EDC1)
Genişletmek için tıkla...
mavi ekran almıyorum, donuyor ve 30 saniye sonra düzeliyor veya düzelmiyor, teşekkür ederim deneyeceğim
 
Merhaba,

Bilgisayarımda ciddi bir yavaşlama var. Sebebini bulamadım. Bunun için ve zararlı kontrolü için paylaşıyorum.

Teşekkürler.

Kod: 
Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17

Platform:  x64 Windows 10 (Home Single Language), 10.0.19045.6456 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      30.10.2025 - 23:21 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    26,87 GiB Free / 32. Loading RAM (15 %), CPU (48 %)
Disk C:    70,21 GiB Free / 700 (SSD, GPT)
Elevated:  Yes
Ran by:    Alkandras    (group: Administrators; type: Local) on DESKTOP-U1AU4G2, FirstRun: yes

Chrome:  141.0.7390.123
Firefox: 144.0.2.575
Internet Explorer: 11.0.19041.5794
Default: "C:\Program Files\BraveSoftware\Brave-Browser\Application\brave.exe" --single-argument %1 (Brave)

Boot mode: Normal (Secure Boot: Off)

Running processes:
Number | Path
   2  C:\AppServ\Apache24\bin\httpd.exe
   2  C:\AppServ\MySQL\bin\mysqld.exe
   1  C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe
   1  C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\11.0.0.4854\AdskLicensingService\AdskLicensingService.exe
   1  C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
   2  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\avpui.exe
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.99\msedgewebview2.exe
   1  C:\Program Files (x86)\RocketDock\RocketDock.exe
   1  C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
   1  C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe
   1  C:\Program Files\Bonjour\mDNSResponder.exe
   1  C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
   1  C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\LogiOptionsPlus\logioptionsplus_agent.exe
   1  C:\Program Files\LogiOptionsPlus\logioptionsplus_appbroker.exe
   1  C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
   1  C:\Program Files\Microsoft SQL Server\MSSQL16.ALKANDRAS\MSSQL\Binn\sqlceip.exe
   4  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   5  C:\Program Files\NVIDIA Corporation\NVIDIA app\CEF\NVIDIA Overlay.exe
   1  C:\Program Files\NVIDIA Corporation\NVIDIA app\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
   1  C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe
   1  C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe
   1  C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.17.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManager.exe
   1  C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.17.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerCore.exe
   1  C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.17.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe
   2  C:\SolidSQUAD_License_Servers\Bin\lmgrd.exe
   1  C:\SolidSQUAD_License_Servers\Bin\ugslmd.exe
   2  C:\SolidWorks_Flexnet_Server\lmgrd.exe
   1  C:\SolidWorks_Flexnet_Server\sw_d.exe
   1  C:\Users\Alkandras\Desktop\HiJackThis (1)\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\audiodg.exe
   3  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
   1  C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6cdc9372d41a2731\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  76  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\WirelessKB850NotificationService.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SysWOW64\dllhost.exe
   1  C:\Windows\SysWOW64\vmnat.exe
   1  C:\Windows\SysWOW64\vmnetdhcp.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = hxxps://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = hxxps://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O4 - ActiveSetup: HKLM\..\{49210152-871f-4ffa-961d-a172abcbc09d}: [StubPath] = C:\Program Files\Google\Chrome\Application\PlatformExperienceHelper\platform_experience_helper.exe --first-run (sign: 'Google LLC')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\141.0.7390.123\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\142.1.84.132\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\Run: [RocketDock] = C:\Program Files (x86)\RocketDock\RocketDock.exe (not signed - no company - 521E9198E3DC1D41FAC02EB01FB9F47F6D2A9855)
O4 - HKCU\..\Run: [Teams] = C:\Users\Alkandras\AppData\Local\Microsoft\WindowsApps\MSTeams_8wekyb3d8bbwe\ms-teams.exe msteams:system-initiated (not signed - no company - error getting hash)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2025/09/07) (sign: 'Gen Digital Inc.')
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Alkandras\AppData\Local\Discord\Update.exe --processStart Discord.exe (2024/04/17) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2023/06/05) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_5594F3D88385289021792D3510255E96] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2025/06/12) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Reverso] = C:\Users\Alkandras\AppData\Local\Reverso\Reverso\Reverso.exe -minimized (2024/08/03) (sign: 'REVERSO S.A.S.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\StartupApproved\Run: [Autodesk Access] = C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe --minimizedUi (2023/05/13) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (2023/05/13) (sign: 'Adobe Inc.')
O4 - HKLM\..\StartupApproved\Run32: [vmware-tray.exe] = C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (2025/08/17) (sign: 'VMware, Inc.')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SOLIDWORKS Arkaplan İndiricisi.lnk    ->    C:\Program Files (x86)\Common Files\SOLIDWORKS Kurulum Yöneticisi\BackgroundDownloading\sldBgDwld.exe /launch_from 0 (2023/05/13) (sign: 'Dassault Systemes SolidWorks Corp.')
O4 - HKU\S-1-5-80-2112811857-1935815863-106303011-3971001600-2138492649\..\RunOnce: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background /setautostart (User 'SQLTELEMETRY$ALKANDRAS') (sign: 'Microsoft')
O4 - HKU\S-1-5-80-2921752480-510962979-2728601011-883458541-4213520356\..\RunOnce: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background /setautostart (User 'MSSQL$ALKANDRAS') (sign: 'Microsoft')
O5 - Applet: C:\Windows\System32\plotman.cpl (sign: 'Autodesk, Inc.')
O5 - Applet: C:\Windows\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp.')
O5 - Applet: C:\Windows\System32\styleman.cpl (sign: 'Autodesk, Inc.')
O7 - KnownFolder:  (folder missing)
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll (sign: 'Apple Inc.')
O17 - DHCP DNS 1: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{cd79a6c8-55e3-4490-836b-f1e72c10fc26}: [NameServer] = 198.51.100.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{cd79a6c8-55e3-4490-836b-f1e72c10fc26}: [NameServer] = 198.51.100.2
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll (sign: 'Adobe Inc.')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Windows\system32\AcSignIcon.dll (sign: 'Autodesk, Inc.')
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe (sign: 'Microsoft')
O22 - Task (.job): (disabled) (Not scheduled) Intel PTT EK Recertification.job - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe (sign: 'Intel Corporation')
O22 - Task (.job): (Not scheduled) CCleanerClean.job - C:\Program Files\CCleaner\CCleaner.exe (sign: 'Gen Digital Inc.')
O22 - Task (.job): CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe (sign: 'Gen Digital Inc.')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{493D859B-3CC9-461B-BDB0-6A3C728EE1C1} - \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{52F548D7-7E32-4DC0-826D-B03F068B42D9} (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GoogleUserPEH (empty)
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-3558330945-3730327421-88870818-1002 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: (disabled) \Mozilla\Firefox Background Update S-1-5-21-3558330945-3730327421-88870818-1002 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: (disabled) \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: (disabled) BraveSoftwareUpdateTaskMachineCore{AFB67181-242D-4F88-B410-C3F7A30B1584} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: (disabled) BraveSoftwareUpdateTaskMachineUA{F9E69D53-E9A2-4B86-B986-6F7A8F2DE6A6} - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: (disabled) OneDrive Reporting Task-S-1-5-21-3558330945-3730327421-88870818-1002 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: (disabled) OneDrive Startup Task-S-1-5-21-3558330945-3730327421-88870818-1002 - C:\Program Files\Microsoft OneDrive\25.095.0518.0002\OneDriveLauncher.exe /startInstances (sign: 'Microsoft')
O22 - Tasks: (disabled) ZoomUpdateTaskUser-S-1-5-21-3558330945-3730327421-88870818-1002 - C:\Users\Alkandras\AppData\Roaming\Zoom\bin\Zoom.exe --action=UpdateSchedule (sign: 'Zoom Video Communications, Inc.')
O22 - Tasks: (telemetry) \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.0{446412C3-073D-490D-825B-111352117DBC} - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem143.0.7482.0{E4830174-0DDD-4AF5-8D5E-C416CB78F7C3} - C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Microsoft\Office\Office Actions Server - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe availabilitycheck (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Office\Office Background Push Maintenance - C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx64\Microsoft Shared\Office16\opushutil.exe /pushregistration (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipESU - C:\Windows\system32\clipesu.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipESUConsumer - C:\Windows\system32\ClipESUConsumer.exe -evaluateEligibility (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipESUConsumerProcessECUpdate - C:\Windows\system32\ClipESUConsumer.exe -persistEligibilityStatus (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder - C:\Windows\system32\ClipESUConsumer.exe -postProcessPreOrder (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund - C:\Windows\system32\ClipESUConsumer.exe -processRefund (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\EnableClipESU - C:\Windows\system32\clipesu.exe -e (sign: 'Microsoft')
O22 - Tasks: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe (sign: 'Gen Digital Inc.')
O22 - Tasks: CCleanerClean - C:\Program Files\CCleaner\CCleaner.exe /AUTOSC (sign: 'Gen Digital Inc.')
O22 - Tasks: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "078702d4-6fad-4b11-8780-bdc4684c6813" --version "6.39.0.11548" --silent (sign: 'Gen Digital Inc.')
O22 - Tasks: CCleanerSkipUAC - Alkandras - C:\Program Files\CCleaner\CCleaner.exe $(Arg0) (sign: 'Gen Digital Inc.')
O22 - Tasks: Intel PTT EK Recertification - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\IntelPTTEKRecertification.exe (sign: 'Intel Corporation')
O22 - Tasks: NVIDIA App SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA App\CEF\NVIDIA App.exe (sign: 'NVIDIA Corporation')
O23 - Service R2: Apache24 - C:\AppServ\Apache24\bin\httpd.exe -k runservice (not signed - Apache Software Foundation - 297A86BDF6E2EC31A2D7563DAA824AF409BD5949)
O23 - Service R2: Autodesk Desktop Licensing Service - (AdskLicensingService) - C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: AzureAttestService - C:\Windows\system32\svchost.exe -k AzureAttestService; "ServiceDll" = C:\Program Files\Microsoft\AzureAttestService\AzureAttestService.dll (sign: 'Microsoft')
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe (sign: 'Apple Inc.')
O23 - Service R2: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe (sign: 'Gen Digital Inc.')
O23 - Service R2: FlexNet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe (sign: 'Flexera Software LLC')
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (sign: 'Flexera Software LLC')
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe (sign: 'Intel Corporation')
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe (sign: 'Intel Corporation')
O23 - Service R2: Kaspersky Hizmeti 21.22 - (AVP21.22) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\avp.exe -r (sign: 'Microsoft')
O23 - Service R2: Logi Options+ - (OptionsPlusUpdaterService) - C:\Program Files\LogiOptionsPlus\logioptionsplus_updater.exe --run-as-service (sign: 'Logitech Inc')
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Malwarebytes Inc.') (+safe mode)
O23 - Service R2: Microsoft PC Manager Service - (PCManager Service Store) - C:\Program Files\WindowsApps\Microsoft.MicrosoftPCManager_3.17.14.0_x64__8wekyb3d8bbwe\PCManager\MSPCManagerService.exe (sign: 'Microsoft')
O23 - Service R2: mysql8 - C:\AppServ\MySQL\bin\mysqld.exe --defaults-file=C:\AppServ\MySQL\my.ini mysql8 (sign: 'Oracle America, Inc.')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6cdc9372d41a2731\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6cdc9372d41a2731\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'NVIDIA Corporation')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA Corporation\NVIDIA app\NvContainer\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000  -ert (sign: 'NVIDIA Corporation')
O23 - Service R2: SolidWorks Flexnet Server - C:\SolidWorks_Flexnet_Server\lmgrd.exe (sign: 'Flexera Software LLC')
O23 - Service R2: SQL Server CEIP service (ALKANDRAS) - (SQLTELEMETRY$ALKANDRAS) - C:\Program Files\Microsoft SQL Server\MSSQL16.ALKANDRAS\MSSQL\Binn\sqlceip.exe -Service ALKANDRAS (sign: 'Microsoft')
O23 - Service R2: SSQ FLEXLM Service - C:\SolidSQUAD_License_Servers\Bin\lmgrd.exe (sign: 'Flexera Software LLC')
O23 - Service R2: SWVisualize2022.BoostService - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize Boost\SWVisualize.BoostService.exe (sign: 'Dassault Systemes SolidWorks Corp.')
O23 - Service R2: SWVisualize2022.Queue.Server - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS Visualize\SWVisualize.Queue.Server.exe (sign: 'Dassault Systemes SolidWorks Corp.')
O23 - Service R2: VMware Authorization Service - (VMAuthdService) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe (sign: 'VMware, Inc.')
O23 - Service R2: VMware Autostart Service - (VmwareAutostartService) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-autostart.exe (sign: 'VMware, Inc.')
O23 - Service R2: VMware DHCP Service - (VMnetDHCP) - C:\Windows\SysWOW64\vmnetdhcp.exe (sign: 'VMware, Inc.')
O23 - Service R2: VMware NAT Service - C:\Windows\SysWOW64\vmnat.exe (sign: 'VMware, Inc.')
O23 - Service R2: Wireless Keyboard 850 Notification Service - (WirelessKB850NotificationService) - C:\Windows\system32\WirelessKB850NotificationService.exe (sign: 'Microsoft')
O23 - Service S2: Brave Güncelleme Hizmeti (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Google Güncelleyici Dahili Hizmeti (GoogleUpdaterInternalService143.0.7482.0) - (GoogleUpdaterInternalService143.0.7482.0) - C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S2: Google Güncelleyici Hizmeti (GoogleUpdaterService143.0.7482.0) - (GoogleUpdaterService143.0.7482.0) - C:\Program Files (x86)\Google\GoogleUpdater\143.0.7482.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: GoogleUpdater InternalService 127.0.6490.0 (GoogleUpdaterInternalService127.0.6490.0) - (GoogleUpdaterInternalService127.0.6490.0) - C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe --system --windows-service --service=update-internal (file missing)
O23 - Service S2: GoogleUpdater Service 127.0.6490.0 (GoogleUpdaterService127.0.6490.0) - (GoogleUpdaterService127.0.6490.0) - C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe --system --windows-service --service=update (file missing)
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\TPMProvisioningService.exe (sign: 'Intel Corporation')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\142.1.84.132\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Brave Güncelleme Hizmeti (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\141.0.7390.123\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe (sign: 'Intel Corporation')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.22 - (klvssbridge64_21.22) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: Kaspersky VPN Secure Connection Hizmeti 5.22 - (KSDE5.22) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.22\ksde.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service S3: Microsoft Defender Çekirdek Hizmeti - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25070.5-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: OpcEnum - C:\Windows\SysWOW64\OpcEnum.exe (sign: 'OPC Foundation, Inc.')
O23 - Service S3: SolidWorks Licensing Service - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (not signed - SolidWorks - A8176E9B8F210C6AEE3835804257E78727B421E0)
O23 - Service S3: SQL Server (ALKANDRAS) - (MSSQL$ALKANDRAS) - C:\Program Files\Microsoft SQL Server\MSSQL16.ALKANDRAS\MSSQL\Binn\sqlservr.exe -sALKANDRAS (sign: 'Microsoft')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Driver R: VMware virtual network driver (64-bit) - C:\Windows\system32\DRIVERS\VMNET.SYS (sign: 'VMware, Inc.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\Windows\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-22_arkmon - C:\Windows\System32\Drivers\klupd_K4W-21-22_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-22_klbg - C:\Windows\System32\Drivers\klupd_K4W-21-22_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: VMware VMCI Bus Driver - (vmci) - C:\Windows\System32\drivers\vmci.sys (+safe mode) (sign: 'Microsoft' - VMware, Inc.)
O23 - Driver R0: vSockets Virtual Machine Communication Interface Sockets driver - (vsock) - C:\Windows\system32\DRIVERS\vsock.sys (+safe mode) (sign: 'Microsoft' - VMware, Inc.)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\Windows\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-22 - (klif.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-22 - (klpd.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-22 - (klflt.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-22 - (klbackupdisk.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-22 - (klbackupflt.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-22 - (klkbdflt.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-22 - (klpnpflt.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-22 - (klgse.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-22 - (KLHK.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-22 - C:\Windows\system32\DRIVERS\K4W-21-22\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-22 - C:\Windows\system32\DRIVERS\K4W-21-22\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-22 - C:\Windows\system32\DRIVERS\K4W-21-22\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: LUMDriver - C:\Windows\system32\drivers\LUMDriver.sys (sign: 'IBM Polska Sp. z o.o.')
O23 - Driver R2: MBAMChameleon - (mbamchameleon) - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R2: Sentinel64 - C:\Windows\System32\Drivers\Sentinel64.sys (sign: 'SafeNet, Inc.')
O23 - Driver R2: VMware Bridge Protocol - (VMnetBridge) - C:\Windows\system32\DRIVERS\vmnetbridge.sys (+safe mode) (sign: 'VMware, Inc.')
O23 - Driver R2: VMware hcmon - (hcmon) - C:\Windows\system32\DRIVERS\hcmon.sys (sign: 'VMware, Inc.')
O23 - Driver R2: VMware Virtual Ethernet Userif for VMnet - (VMnetuserif) - C:\Windows\system32\DRIVERS\vmnetuserif.sys (+safe mode) (sign: 'VMware, Inc.')
O23 - Driver R2: VMware vmx86 - (vmx86) - C:\Windows\system32\DRIVERS\vmx86.sys (sign: 'Microsoft' - VMware, Inc.)
O23 - Driver R3: Intel(R) Management Engine Interface  - (MEIx64) - C:\Windows\System32\DriverStore\FileRepository\heci.inf_amd64_c8d995dde5a9d0cb\x64\TeeDriverW10x64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-22 - (klmouflt.K4W-21-22) - C:\Windows\system32\DRIVERS\K4W-21-22\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: Kaspersky VPN - (kltun) - C:\Windows\system32\DRIVERS\kltun.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-22 - C:\ProgramData\Kaspersky Lab\AVP21.22\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-22_klark - C:\Windows\System32\Drivers\klupd_K4W-21-22_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-22_mark - C:\Windows\System32\Drivers\klupd_K4W-21-22_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller - (e2xw10x64) - C:\Windows\System32\drivers\e2xw10x64.sys (+safe mode) (sign: 'Rivet Networks LLC')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\Windows\system32\drivers\nvvad64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_6cdc9372d41a2731\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\Windows\system32\drivers\nvhda64v.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: VMware Virtual Ethernet Adapter Driver - (VMnetAdapter) - C:\Windows\system32\DRIVERS\vmnetadapter.sys (+safe mode) (sign: 'VMware, Inc.')
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed - Microsoft Corporation - 02CBCC28C510E1C5349439DE78E322DAFF89D3D1)
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\Windows\System32\drivers\bthmodem.sys (not signed - Microsoft Corporation - AC74C36BA99C6F9D28AE50029FAAA9E52E1CE92F)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: NDIS Miniport Driver for Killer PCI-E Gigabit Ethernet Controller - (KillerEth) - C:\Windows\System32\drivers\e2xw10x64.sys (+safe mode) (sign: 'Rivet Networks LLC')
O23 - Driver S3: SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Connectivity Device Driver V2 - (ss_conn_usb_driver2) - C:\Windows\System32\Drivers\ss_conn_usb_driver2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: ThrottleStop - C:\Users\Alkandras\AppData\Local\Temp\ThrottleStop.sys (sign: 'TechPowerUp LLC')
O23 - Driver S3: VMware USB Client Driver - (vmusb) - C:\Windows\System32\drivers\vmusb.sys (sign: 'VMware, Inc.')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'e2xw10x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'KillerEth'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klim6'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'kltun'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klwtp.K4W-21-22'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'VMnetAdapter'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'VMnetuserif'
O26 - Office Addin: HKCU\..\Reverso.Addin - (Reverso) -> C:\Users\Alkandras\AppData\Local\Reverso\Reverso\Reverso.Addin.dll (sign: 'REVERSO S.A.S.')
O26 - Office Addin: HKLM\..\AccessAddin.DC - (Microsoft Access Outlook Add-in for Data Collection and Publishing) -> (no file)
O26 - Office Addin: HKLM\..\LightPDFWordAddin.Component - (LightPDF Word Addin) -> C:\Program Files (x86)\LightPDF\LightPDF Editor\wxpdfAddIn\WXPdfAddIn_X64.dll (not signed - Apowersoft - BC1124197DF24E4CC237D51B5B364C9E7FB4E656)
O26 - Office Addin: HKLM\..\MicrosoftDataStreamerforExcel - (Microsoft Data Streamer for Excel) -> C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.vsto (not signed - no company - A9DA61511D2073E5B80ED742394B35C61D96DE3A)
O26 - Office Addin: HKLM\..\OutlookKLAvPlg.Addin_318BC5AB-D0CB-4CEC-B373-F588E689538B - (Kaspersky4Win Outlook Anti-Virus Addin) -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\x64\mcou.dll (sign: 'AO Kaspersky Lab')
O26-32 - Office Addin: HKLM\..\LightPDFWordAddin.Component - (LightPDF Word Addin) -> C:\Program Files (x86)\LightPDF\LightPDF Editor\wxpdfAddIn\WXPdfAddIn.dll (not signed - Apowersoft - 504B5E9ECE2DD2F5C946DB5EB0E8C4776CED51BF)
O26-32 - Office Addin: HKLM\..\OutlookKLAvPlg.Addin_318BC5AB-D0CB-4CEC-B373-F588E689538B - (Kaspersky4Win Outlook Anti-Virus Addin) -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.22\mcou.dll (sign: 'AO Kaspersky Lab')



Debug information:

- 30.10.2025 23:19:40 - modFile.OpenW - #0 LastDllError = 1920 () Cannot open file: C:\Users\Alkandras\AppData\Local\Microsoft\WindowsApps\MSTeams_8wekyb3d8bbwe\ms-teams.exe

--
End of file - Time spent: 140,3 sec. - 77310 bytes, CRC32: FFFFFFFF. Sign: Ề퀩
 

Benzer konular

taylaan
HijackThis Log Paylaşımı
Mesaj
0
Görüntüleme
560
taylaan
taylaan
Niyazi Taşcı
Android Silinmeyen Trojan Virüsü Temizleme
Mesaj
5
Görüntüleme
5.692
quarest
quarest
Egeeymen
Kaspersky silinmeyen trojan
Mesaj
2
Görüntüleme
1.006
acv
A
B
Kaspersky Security Cloud trojan buldu
2 3
Mesaj
21
Görüntüleme
3.012
Murat5038
Murat5038
2
  • Makale
Rehber  Kaspersky Virus Removal Tool ile Zararlı Yazılım Temizliği
Mesaj
7
Görüntüleme
14.581
Windows 11 Bükücü
Windows 11 Bükücü

Technopat Haberler

Yeni konular

Yeni mesajlar

Geri
Yukarı