when i open my browser, or sometimes it opens itself, it self directs to Ak.Hetapugs.com

[miracdemirhan3]

i tried 4 antiviruses and adware removers, searched reddit for more than an hour, nothing fixed it

 

[icotonev]

Hello..! Welcome to MalwareTips..!

My name is icotonev and I'm here to help you remove malware ..! Before we begin, please note the following:

• First, please keep in mind most of us at MalwareTips volunteer our assistance for your benefit in your time of need. Logs from malware diagnostic or removal programs can take some time to get analyzed. Also, have in mind that all the experts here are volunteers and may not be available to assist when you post. Please, be patient, while I analyze your logs.
• It is important to not run any tools or take any steps other than those I will provide for you.Also, do not uninstall or install any software during the procedure, unless I ask you to do so.
• Cracked or pirated programs are not only illegal, but also can make your computer a malware target. Having such programs installed, is the easiest way to get infected. Thus, no need to clean the computer, since, soon or later, it will get infected again. If you have such programs, please uninstall them now, before we start the cleaning procedure.
• Please perform all steps in the order they are listed. If things are not clear or you experience problems be sure to stop and let me know.
• Please attach all logs into your post unless otherwise requested.
• When your computer is clean I will let you know, provide instructions to remove tools and reports, and offer you information about how you can combat future infections.
• If you do not reply to your topic after 3 days I will assume it has been abandoned and I will close it.

Please follow the following instruction ..:

Download Farbar Recovery Scan Tool and save it to your desktop. --> IMPORTANT

If your antivirus software detects the tool as malicious, it’s safe to allow FRST to run. It is a false-positive detection.
If English is not your primary language, right click on FRST.exe/FRST64.exe and rename to FRSTEnglish.exe/FRST64English.exe

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

• Double-click the FRST icon to run the tool. When the tool opens click Yes to disclaimer.
• Press Scan button and wait for a while.
• The scanner will produced two logs on your Desktop: FRST.txt and Addition.txt.
• Please attach the content of these two logs in your next reply.

---------------------------------------------------

In your next reply, please include:

• FRST.txt
• Addition.txt

 

[miracdemirhan3]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 23-11-2024
Ran by VICTUS (administrator) on LAPTOP-JM81EGBK (HP Victus by HP Laptop 16-d0xxx) (24-11-2024 21:55:52)
Running from C:\Users\VICTUS\AppData\Local\Temp\scoped_dir5672_611869633\FRST64.exe
Loaded Profiles: VICTUS
Platform: Microsoft Windows 11 Home Single Language Version 23H2 22631.4460 (X64) Language: Türkçe (Türkiye)
Default browser: "C:\Users\VICTUS\AppData\Local\Programs\Opera GX\opera.exe" -noautoupdate -- "%1"
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eguiProxy.exe
(C:\Program Files\ESET\ESET Security\ekrn.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\eOppFrame.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\rundll32.exe
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe <3>
(C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe ->) (Facebook Technologies, LLC -> Meta Platforms Technologies LLC) C:\Program Files\Oculus\Support\oculus-remote-desktop\RemoteDesktopCompanion.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Facebook Technologies, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe
(C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe ->) (Facebook Technologies, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe
(C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_2.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_2.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityHost.exe
(C:\Program Files\WindowsApps\Microsoft.GamingServices_25.95.1001.0_x64__8wekyb3d8bbwe\gamingservices.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\System32\xgamehelper.exe
(C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe <6>
(C:\Users\VICTUS\AppData\Local\Programs\Opera GX\opera.exe ->) (Opera Norway AS -> Opera Software) C:\Users\VICTUS\AppData\Local\Programs\Opera GX\114.0.5282.159\opera_crashreporter.exe
(DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxEMN.exe
(DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\BridgeCommunication.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_2.1.4.0_x64__v10z8vjag6ke6\SystemEventUtility\HPSystemEventUtilityBackground.exe
(ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe
(explorer.exe ->) (Opera Norway AS -> Opera Software) C:\Users\VICTUS\AppData\Local\Programs\Opera GX\opera.exe <22>
(NVIDIA Corporation -> Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(Oracle America, Inc. -> Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(SECOMN64.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOCL64.exe
(services.exe ->) (Cloudflare, Inc. -> ) C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\efwd.exe
(services.exe ->) (ESET, spol. s r.o. -> ESET) C:\Program Files\ESET\ESET Security\ekrn.exe
(services.exe ->) (Facebook Technologies, LLC -> Facebook Technologies, LLC) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPCommRecovery\HPCommRecovery.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe
(services.exe ->) (HP Inc. -> HP Inc.) C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_3c97e435117f8c16\x64\OmenCap\OmenCap.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_6673c5322430fc8a\igfxCUIServiceN.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_3befaa646f991169\jhi_service.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iastorvd.inf_amd64_74e28d819fb21cc3\RstMwService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_a687edda40db3316\OneApp.IGCC.WinService.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_0fdf6ce291234272\IntelCpHDCPSvc.exe
(services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_d51901c26227fb29\WMIRegistrationService.exe
(services.exe ->) (Intel Corporation -> Intel(R) Corporation) C:\Windows\SysWOW64\XtuService.exe
(services.exe ->) (Intel Corporation -> Intel) C:\Windows\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe
(services.exe ->) (Intel(R) Wireless Connectivity Solutions -> Intel Corporation) C:\Windows\System32\ibtsiva.exe
(services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(services.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.) C:\Windows\System32\SECOMN64.exe
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe <3>
(services.exe ->) (NVIDIA Corporation -> NVIDIA Corporation) C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe <2>
(services.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d112d8236d7f1b57\RtkAudUService64.exe <3>
(services.exe ->) (Sophos BV -> Sophos B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(services.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnhService.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> DesktopExtension) C:\Program Files\WindowsApps\AD2F1837.myHP_38.52440.1105.0_x64__v10z8vjag6ke6\win32\DesktopExtension.exe
(sihost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.) C:\Program Files\WindowsApps\AD2F1837.OMENLightStudio_1.0.52.0_x64__v10z8vjag6ke6\LightStudio-ui\LightStudio-background.exe
(sihost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24102.48.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
(svchost.exe ->) (24803D75-212C-471A-BC57-9EF86AB91435 -> ) C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2445.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> ) C:\Program Files\WindowsApps\AD2F1837.myHP_38.52440.1105.0_x64__v10z8vjag6ke6\HP.myHP.exe
(svchost.exe ->) (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP) C:\Program Files\WindowsApps\AD2F1837.BOAudioControl_1.44.301.0_x64__v10z8vjag6ke6\BOAudioControl.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe
(svchost.exe ->) (HP Inc. -> HP Inc.) C:\Program Files\HP\Overlay\OverlayHelper.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teamsupdate.exe
(svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\VICTUS\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\BackgroundTransferHost.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\dllhost.exe <3>
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\wlanext.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.AppRep.ChxApp_cw5n1h2txyewy\CHXSmartScreen.exe
(svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\UUS\Packages\Preview\amd64\MoUsoCoreWorker.exe
(SynTPEnhService.exe ->) (Synaptics Incorporated -> Synaptics Incorporated) C:\Windows\System32\SynTPEnh.exe

==================== Registry (Whitelisted) ===================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtkAudUService] => C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_d112d8236d7f1b57\RtkAudUService64.exe [1916816 2023-08-14] (Realtek Semiconductor Corp. -> Realtek Semiconductor)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Security\ecmds.exe [196520 2024-10-28] (ESET, spol. s r.o. -> ESET)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [752216 2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [HPSEU_Host_Launcher] => C:\System.sav\util\HPSEU\HpseuHostLauncher.exe [539152 2024-05-26] (HP Inc. -> HP Inc.)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [YandexDisk2] => C:\Users\VICTUS\AppData\Roaming\Yandex\YandexDisk2\3.2.34.4962\YandexDisk2.exe -autostart (No File)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [utweb] => "C:\Users\VICTUS\AppData\Roaming\uTorrent Web\utweb.exe" /MINIMIZED (No File)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [MicrosoftEdgeAutoLaunch_7EB487E3792CF6736872E4A8B5B5CC95] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --win-session-start [3911240 2024-11-21] (Microsoft Corporation -> Microsoft Corporation)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [RiotClient] => C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (No File)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [Discord] => C:\Users\VICTUS\AppData\Local\Discord\Update.exe [1526552 2024-05-13] (Discord Inc. -> GitHub)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [Lunar Client] => C:\Users\VICTUS\AppData\Local\Programs\launcher\Lunar Client.exe [182068272 2024-11-08] (Moonsworth, LLC -> Moonsworth LLC)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [Opera GX Stable] => C:\Users\VICTUS\AppData\Local\Programs\Opera GX\opera.exe [1493400 2024-11-12] (Opera Norway AS -> Opera Software)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [Opera GX Browser Assistant] => C:\Users\VICTUS\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe [3291288 2021-02-01] (Opera Software AS -> Opera Software)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [Overwolf] => C:\Program Files (x86)\Overwolf\OverwolfLauncher.exe [1842944 2024-11-03] (Overwolf Ltd -> Overwolf Ltd.)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [4412512 2024-11-12] (Valve Corp. -> Valve Corporation)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [com.electron.Guilded] => C:\Users\VICTUS\AppData\Local\Programs\Guilded\Guilded.exe [176354360 2024-09-09] (GUILDED LLC -> Guilded, Inc.)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [ProtonVPN] => C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe [17389368 2024-08-12] (Proton AG -> ProtonVPN)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [EpicGamesLauncher] => C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe [36770792 2024-10-04] (Epic Games Inc. -> Epic Games, Inc.)
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Run: [VICTUS] => cmd.exe /c start www.url-advertisement.org (No File) <==== ATTENTION
HKLM\Software\Microsoft\Active Setup\Installed Components: [{8A69D345-D564-463c-AFF1-A69D9E530F96}] -> C:\Program Files\Google\Chrome\Application\125.0.6422.112\Installer\chrmstp.exe [2024-05-24] (Google LLC -> Google LLC)
HKLM\Software\...\Authentication\Credential Providers: [{C885AA15-1764-4293-B82A-0586ADD46B35}] ->
Startup: C:\Users\VICTUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote'a Gönder.lnk [2024-09-22]
ShortcutTarget: OneNote'a Gönder.lnk -> C:\Program Files\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation -> Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Cloudflare WARP.lnk [2024-09-29]
ShortcutTarget: Cloudflare WARP.lnk -> C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare)
BootExecute: autocheck autochk * bootdelete

==================== Scheduled Tasks (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {FD15C3C6-7DCA-4A0B-A671-86777B649602} - System32\Tasks\GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem127.0.6490.0{4F2DBE21-064C-44E4-A81B-4896406AFF97} => "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --wake --system (No File)
Task: {6A6CC6B9-4B50-45F4-9412-55F3498C8E09} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Update Notice => C:\Program Files (x86)\HP\HP Support Framework\Resources\BingPopup\BingPopup.exe [1003016 2024-11-13] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {A8631691-75C7-462D-A9C5-AFA22D6F5C2F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe [138328 2024-11-13] (HP Inc. -> HP Inc.)
Task: {DE1E63A2-55AB-40A7-AF8B-7AFE321A2E93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPPrinterLowInk => C:\Program Files (x86)\HP\HP Support Framework\Resources\HPPrinterLowInk\HPPrinterLowInk.exe [231944 2024-11-13] (HP Inc. -> HP Inc.) -> C:\Program Files (x86)\HP\HP Support Framework\\/show
Task: {3E678046-5C97-4AAD-8650-585E6B323C47} - System32\Tasks\HP\Consent Manager Launcher => C:\windows\system32\sc.exe [98304 2022-05-07] (Microsoft Windows -> Microsoft Corporation) -> start hptouchpointanalyticsservice
Task: {B0034F36-DF9F-43A3-ADFF-9B2A5DA1AE8B} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-10-29] (HP Inc. -> HP Inc.)
Task: {2126494B-226B-4FA3-83CB-30325E8BEE3D} - System32\Tasks\HP\HP Print Scan Doctor\Printer Health Monitor Logon => C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe [64976 2024-10-29] (HP Inc. -> HP Inc.)
Task: {5DD77537-9EB7-4048-B0EF-D1B81E0A3303} - System32\Tasks\HPAudioSwitch => C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe [1651032 2020-11-05] (HP Inc. -> HP Inc.)
Task: {F983973F-69A5-4271-8593-9A3278C7F57A} - System32\Tasks\Microsoft\Office\Office Automatic Updates 2.0 => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28644032 2024-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {B436248D-F06C-49E1-8013-ECB4DE0A6606} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [28644032 2024-11-09] (Microsoft Corporation -> Microsoft Corporation)
Task: {5B61CF45-94BD-47FD-9D3E-01A25693B0D4} - System32\Tasks\Microsoft\Office\Office Feature Updates => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312408 2024-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {80F3B109-FB26-4178-A41A-3F3F2FB8018C} - System32\Tasks\Microsoft\Office\Office Feature Updates Logon => C:\Program Files\Microsoft Office\root\Office16\sdxhelper.exe [312408 2024-11-17] (Microsoft Corporation -> Microsoft Corporation)
Task: {B359C14E-4310-4506-9641-9BCF1E8D57F9} - System32\Tasks\Microsoft\Office\Office Performance Monitor => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\operfmon.exe [187600 2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Task: {CCDFC0B8-01A3-4E74-A820-4F13F51D269E} - System32\Tasks\Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser => %SystemRoot%\System32\MbaeParserTask.exe (No File)
Task: {57364DD2-AA0B-48B6-974F-493C7E3EDD5F} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\MusUx_LogonUpdateResults => %systemroot%\system32\MusNotification.exe LogonUpdateResults (No File)
Task: {EFEBB619-16E0-46C5-AA68-3F4118C76930} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_AC => %systemroot%\system32\MusNotification.exe /RunOnAC Reboot (No File)
Task: {72DA4053-FB5F-4065-B222-DABACCF72639} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot_Battery => %systemroot%\system32\MusNotification.exe /RunOnBattery Reboot (No File)
Task: {E0F10DCF-44AD-40E8-9370-FB5DA59F93FB} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker => %systemroot%\system32\MusNotification.exe (No File)
Task: {73DEEEF1-EF6A-47D0-82F3-47D3D03B74A6} - System32\Tasks\NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
Task: {DD11218D-4A3B-4532-AA77-9C3B88BA5198} - System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [903024 2021-05-04] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files\NVIDIA Corporation\NvContainer\-d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
Task: {0E704A91-A3A8-4AC7-9CD1-998E46E92C4F} - System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe [3339120 2021-06-15] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {C03D1769-CE3E-4328-BE3F-435B36BC68D0} - System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe [645488 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation) -> C:\Program Files (x86)\NVIDIA Corporation\NvNode\--launcher=TaskScheduler
Task: {8EEE7D91-B073-44A4-BB98-C94F214EA2BB} - System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {6671717F-605D-47CE-8EB3-ED947567BDDA} - System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe [905072 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {5E680A1B-A81C-4D0A-9424-CDC230C2D61D} - System32\Tasks\NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {04262357-443A-4C06-87E9-15724C4FC7CB} - System32\Tasks\NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {34EADC54-8C99-4812-83D4-330D995D8FDB} - System32\Tasks\NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {CF8DDF4A-704A-44C8-BDF1-8500AD4D6630} - System32\Tasks\NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} => C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe [1261424 2021-06-09] (NVIDIA Corporation -> NVIDIA Corporation)
Task: {F69B5E9C-2A54-4870-9F2E-C68A62D74341} - System32\Tasks\OmenInstallMonitor => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [71120 2024-11-13] (HP Inc. -> HP Inc.)
Task: {8FB56684-C438-4D32-8C78-618DD4618B75} - System32\Tasks\OmenInstallMonitorCustomEvent => C:\Program Files\HP\OmenInstallMonitor\OmenInstallMonitor.exe [71120 2024-11-13] (HP Inc. -> HP Inc.)
Task: {4924A923-F46D-4036-A63E-7545A7113FC3} - System32\Tasks\OmenOverlay => C:\Program Files\HP\Overlay\OverlayHelper.exe [66512 2024-11-13] (HP Inc. -> HP Inc.)
Task: {DB0B1AB0-08BD-4FBF-9E41-0B33770046CA} - System32\Tasks\OmenOverlayCustomEvent => C:\Program Files\HP\Overlay\OverlayHelper.exe [66512 2024-11-13] (HP Inc. -> HP Inc.)
Task: {8B163BE7-35E8-47C2-854F-E15B083D5B40} - System32\Tasks\Opera GX scheduled assistant Autoupdate 1718732992 => C:\Users\VICTUS\AppData\Local\Programs\Opera GX\launcher.exe [1493400 2024-11-12] (Opera Norway AS -> Opera Software) -> --scheduledautoupdate --component-name=assistant --component-path="C:\Users\VICTUS\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
Task: {F8C4002E-9702-45A7-BF25-7CDCEB4BCBF0} - System32\Tasks\Opera GX scheduled Autoupdate 1717527624 => C:\Users\VICTUS\AppData\Local\Programs\Opera GX\autoupdate\opera_autoupdate.exe [5819288 2024-11-06] (Opera Norway AS -> Opera Software)
Task: {82158E61-9AA0-45FD-A67A-0B7D9E4A6DE3} - System32\Tasks\Opera scheduled Autoupdate 1703686592 => C:\Users\VICTUS\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (No File)
Task: {F2CF91FE-9C58-4BB9-834C-09E34AFBB325} - System32\Tasks\Overwolf Updater Task => C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2393344 2024-11-03] (Overwolf Ltd -> Overwolf LTD) -> C:\Program Files (x86)\Overwolf\/RunningFrom Schedule

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{139b8264-ba5a-4895-bbaf-f941c901b3c5}: [NameServer] 1.1.1.1,1.1.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}: [DhcpDomain] station
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\255646D69602132334: [DhcpNameServer] 192.168.243.92
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\4435D4142545F5633443930383: [NameServer] 1.1.1.1,1.1.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\4435D4142545F5633443930383: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\4435D4142545F5633443930383: [DhcpDomain] home
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\4456D69627023416E602960586F6E656910257: [NameServer] 1.1.1.1,1.1.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\4456D69627023416E602960586F6E656910257: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\567656566656: [DhcpNameServer] 193.192.98.8 212.154.100.18
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\6496265627847475F5450583647314: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\6496265627847475F5A54574051433F523E2437484A7: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\6496265627847475F5A54574051433F523E2437484A7: [DhcpDomain] local
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\6594255535: [NameServer] 1.1.1.1,1.1.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\6594255535: [DhcpNameServer] 192.168.1.1 0.0.0.0
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\84551475549402050237D6162747: [DhcpNameServer] 192.168.43.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\960586F6E656: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\B414450223: [DhcpNameServer] 192.168.16.1 8.8.8.8
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\B4144523025374: [DhcpNameServer] 192.168.16.1 8.8.8.8
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\D49425143402537484A5: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{6ec0c27a-c889-4dd8-8e3b-ff3a3068e032}\D49425143402537484A5: [DhcpDomain] station

Edge:
=======
Edge Profile: C:\Users\VICTUS\AppData\Local\Microsoft\Edge\User Data\Default [2024-11-23]
Edge StartupUrls: Default -> "hxxp://www.google.com/"
Edge DefaultSearchURL: Default -> {bing:baseURL}search?q={searchTerms}&{bing:cvid}{bing:msb}{google:assistedQueryStats}
Edge Extension: (Google Dokümanlar Çevrimdışı) - C:\Users\VICTUS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2024-09-16]
Edge Extension: (Edge relevant text changes) - C:\Users\VICTUS\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2024-02-04]
Edge HKLM\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [bojobppfploabceghnmlahpoonbcbacn]
Edge HKLM-x32\...\Edge\Extension: [nkapkmklnmidbbgjaipbgpcnbomnaakc]

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.431.2 -> C:\Program Files\Java\jre1.8.0_431\bin\dtplugin\npDeployJava1.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.431.2 -> C:\Program Files\Java\jre1.8.0_431\bin\plugin2\npjp2.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2024-05-24] (Microsoft Corporation -> Microsoft Corporation)

Chrome:
=======
CHR DefaultProfile: Default
CHR Profile: C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Default [2024-11-22]
CHR Notifications: Default -> hxxps://aternos.org
CHR Extension: (RoPro - Roblox Deneyiminizi Geliştirin) - C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\adbacgifemdbhdkfppmeilbgppmhaobf [2024-11-12]
CHR Extension: (BTRoblox - Making Roblox Better) - C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbkpclpemjeibhioopcebchdmohaieln [2024-11-12]
CHR Extension: (Roblox+) - C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfbnmfgkohlfclfnplnlenbalpppohkm [2024-07-28]
CHR Extension: (RoGold - Level Up Roblox) - C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\mafcicncghogpdpaieifglifaagndbni [2024-11-12]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2022-03-22]
CHR Profile: C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Profile 1 [2024-09-30]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2024-06-03]
CHR Profile: C:\Users\VICTUS\AppData\Local\Google\Chrome\User Data\System Profile [2024-11-12]
CHR HKLM\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]
CHR HKLM-x32\...\Chrome\Extension: [ihcjicgdanjaechkgeegckofjjedodee]

Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-2954904617-222500736-1971499326-1002) Opera GXStable - "C:\Users\VICTUS\AppData\Local\Programs\Opera GX\opera.exe"

==================== Services (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [18663720 2024-08-29] (BattlEye Innovations e.K. -> )
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [13652176 2024-11-09] (Microsoft Corporation -> Microsoft Corporation)
R2 CloudflareWARP; C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe [36288576 2024-09-26] (Cloudflare, Inc. -> )
R2 efwd; C:\Program Files\ESET\ESET Security\efwd.exe [5563760 2024-10-28] (ESET, spol. s r.o. -> ESET)
R2 ekrn; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-28] (ESET, spol. s r.o. -> ESET)
R3 ekrnEpfw; C:\Program Files\ESET\ESET Security\ekrn.exe [4240120 2024-10-28] (ESET, spol. s r.o. -> ESET)
S3 EpicOnlineServices; C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe [934352 2023-08-02] (Epic Games Inc. -> Epic Games, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [154928 2024-11-23] (Sophos BV -> Sophos B.V.)
R2 HP Comm Recover; C:\Program Files\HPCommRecovery\HPCommRecovery.exe [891256 2020-07-30] (HP Inc. -> HP Inc.)
R2 HPAppHelperCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\AppHelperCap.exe [912480 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPDiagsCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\DiagsCap.exe [910944 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPNetworkCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\NetworkCap.exe [906848 2024-11-10] (HP Inc. -> HP Inc.)
R2 HPOmenCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_3c97e435117f8c16\x64\OmenCap\OmenCap.exe [755248 2024-10-25] (HP Inc. -> HP Inc.)
R2 HPPrintScanDoctorService; C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe [243664 2024-10-29] (HP Inc. -> HP Inc.)
R2 HPSysInfoCap; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_8a181b75f1f43801\x64\SysInfoCap.exe [911480 2024-11-10] (HP Inc. -> HP Inc.)
R2 IntelAudioService; C:\WINDOWS\System32\DriverStore\FileRepository\intcoed.inf_amd64_29fd1afabcf5470c\AS\IAS\IntelAudioService.exe [530520 2023-10-18] (Intel Corporation -> Intel)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9433496 2024-11-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MBVpnTunnelService; C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe [3073888 2024-11-23] (Malwarebytes Inc. -> Malwarebytes)
S3 MDCoreSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe [1447680 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\Display.NvContainer\NVDisplay.Container.exe [1274904 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
S3 OverwolfUpdater; C:\Program Files (x86)\Common Files\Overwolf\OverwolfUpdater.exe [2393344 2024-11-03] (Overwolf Ltd -> Overwolf LTD)
S3 OVRLibraryService; C:\Program Files\Oculus\Support\oculus-librarian\OVRLibraryService.exe [146680 2024-11-19] (Facebook Technologies, LLC -> Facebook Technologies, LLC)
R2 OVRService; C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe [428792 2024-11-19] (Facebook Technologies, LLC -> Facebook Technologies, LLC)
S3 ProtonVPN Service; C:\Program Files\Proton\VPN\v3.3.2\ProtonVPNService.exe [474848 2024-08-12] (Proton AG -> ProtonVPN)
S3 ProtonVPN WireGuard; C:\Program Files\Proton\VPN\v3.3.2\ProtonVPN.WireGuardService.exe [474336 2024-08-12] (Proton AG -> ProtonVPN)
S3 Rockstar Service; C:\Program Files\Rockstar Games\Launcher\RockstarService.exe [4537328 2024-09-20] (Rockstar Games, Inc. -> Rockstar Games)
R2 SECOMNService; C:\WINDOWS\System32\SECOMN64.exe [743400 2022-03-07] (Microsoft Windows Hardware Compatibility Publisher -> Sound Research, Corp.)
S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe [3199672 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S3 WinDefend; C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe [141952 2024-10-30] (Microsoft Windows Publisher -> Microsoft Corporation)
S2 GoogleUpdaterInternalService127.0.6490.0; "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update-internal [X]
S2 GoogleUpdaterService127.0.6490.0; "C:\Program Files (x86)\Google\GoogleUpdater\127.0.6490.0\updater.exe" --system --windows-service --service=update [X]

===================== Drivers (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 eamonm; C:\WINDOWS\System32\DRIVERS\eamonm.sys [220520 2024-10-28] (ESET, spol. s r.o. -> ESET)
R0 edevmon; C:\WINDOWS\System32\DRIVERS\edevmon.sys [121864 2024-10-28] (Microsoft Windows Hardware Compatibility Publisher -> ESET)
S0 eelam; C:\WINDOWS\System32\DRIVERS\eelam.sys [16336 2024-10-24] (Microsoft Windows Early Launch Anti-malware Publisher -> ESET)
R1 ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [268568 2024-10-28] (ESET, spol. s r.o. -> ESET)
R2 ekbdflt; C:\WINDOWS\system32\DRIVERS\ekbdflt.sys [57872 2024-10-28] (ESET, spol. s r.o. -> ESET)
R1 epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [87784 2024-10-28] (ESET, spol. s r.o. -> ESET)
R1 epfwwfp; C:\WINDOWS\system32\DRIVERS\epfwwfp.sys [128552 2024-10-28] (ESET, spol. s r.o. -> ESET)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [158640 2024-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 GlPciSD; C:\WINDOWS\System32\drivers\GlPciSD.sys [233776 2023-01-06] (GENESYS LOGIC, INC. -> Genesys Logic)
S3 Hamachi; C:\WINDOWS\system32\DRIVERS\Hamdrv.sys [45680 2024-03-25] (Microsoft Windows Hardware Compatibility Publisher -> LogMeIn Inc.)
R3 HPCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpcustomcapdriver.inf_amd64_1421dec2010cc057\x64\hpcustomcapdriver.sys [18984 2024-05-07] (Microsoft Windows Hardware Compatibility Publisher -> HP Inc.)
R3 HPOmenCustomCapDriver; C:\WINDOWS\System32\DriverStore\FileRepository\hpomencustomcapdriver.inf_amd64_ca73a0631db38b6a\x64\hpomencustomcapdriver.sys [25072 2024-06-19] (HP Inc. -> HP Inc.)
R2 HpReadHWData; C:\WINDOWS\system32\drivers\HpReadHWData.sys [57952 2024-11-13] (HP Inc. -> Windows (R) Win 7 DDK provider)
R3 iaLPSS2_GPIO2_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_gpio2_tgl.inf_amd64_2546dafe2183e972\iaLPSS2_GPIO2_TGL.sys [131224 2021-07-19] (Intel Corporation -> Intel Corporation)
R3 iaLPSS2_I2C_TGL; C:\WINDOWS\System32\DriverStore\FileRepository\ialpss2_i2c_tgl.inf_amd64_1308f85f1b0adf27\iaLPSS2_I2C_TGL.sys [204440 2021-07-19] (Intel Corporation -> Intel Corporation)
R0 iaStorVD; C:\WINDOWS\System32\drivers\iaStorVD.sys [1605320 2022-12-23] (Intel Corporation -> Intel Corporation)
S3 IntcUSB; C:\WINDOWS\System32\DriverStore\FileRepository\intcusb.inf_amd64_2a3cc0b2d56e7a64\IntcUSB.sys [889936 2022-04-25] (Intel Corporation -> Intel(R) Corporation)
R3 IntelGNA; C:\WINDOWS\System32\DriverStore\FileRepository\gna.inf_amd64_04d4eecc5838a558\gna.sys [88776 2022-06-22] (Intel Corporation -> Intel Corporation)
R2 mbamchameleon; C:\WINDOWS\System32\Drivers\MbamChameleon.sys [232024 2024-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
S0 MbamElam; C:\WINDOWS\System32\DRIVERS\MbamElam.sys [21480 2024-11-23] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\DRIVERS\farflt11.sys [234168 2024-11-23] (Malwarebytes Inc. -> Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\DRIVERS\mbam.sys [80448 2024-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\System32\Drivers\mbamswissarmy.sys [239568 2024-11-23] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\DRIVERS\mwac.sys [189776 2024-11-23] (Malwarebytes Inc. -> Malwarebytes)
R3 nvpcf; C:\WINDOWS\System32\drivers\nvpcf.sys [246272 2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
R3 oculusvad_oculusvad; C:\WINDOWS\System32\drivers\oculusvad.sys [73400 2024-08-05] (Microsoft Windows Hardware Compatibility Publisher -> Windows (R) Win 7 DDK provider)
R3 Oculus_ViGEmBus; C:\WINDOWS\System32\drivers\Oculus_ViGEmBus.sys [32856 2024-08-05] (Oculus VR, LLC -> Facebook Inc.)
S3 ProtonVPNCallout; C:\Program Files\Proton\VPN\v3.3.2\Resources\ProtonVPN.CalloutDriver.sys [37768 2024-07-30] (Proton AG -> Proton Technologies AG)
R3 rt68cx21; C:\WINDOWS\System32\DriverStore\FileRepository\rt68cx21x64.inf_amd64_0942876b93fc9223\rt68cx21x64.sys [727960 2023-05-23] (Realtek Semiconductor Corp. -> Realtek)
R1 rtf64; C:\WINDOWS\system32\DRIVERS\rtf64x64.sys [67496 2023-03-23] (Realtek Semiconductor Corp. -> Realtek)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [48800 2022-02-23] (SteelSeries ApS -> SteelSeries ApS)
R3 ViGEmBus; C:\WINDOWS\System32\DriverStore\FileRepository\vigembus.inf_amd64_8a927fc43d8a7838\x64\ViGEmBus.sys [91432 2020-04-21] (HP Inc. -> Benjamin Hoeglinger-Stelzer)
S3 WdBoot; C:\WINDOWS\system32\drivers\wd\WdBoot.sys [22104 2024-10-30] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation)
U5 WdDevFlt; C:\Windows\System32\Drivers\WdDevFlt.sys [169232 2022-05-07] (Microsoft Windows -> Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\wd\WdFilter.sys [606624 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\drivers\wd\WdNisDrv.sys [105888 2024-10-30] (Microsoft Windows -> Microsoft Corporation)
R2 WinRing0x64; C:\WINDOWS\System32\Drivers\WinRing0x64.sys [14544 2024-05-24] (Noriyuki MIYAZAKI -> OpenLibSys.org)
S3 wintun; C:\WINDOWS\System32\drivers\wintun.sys [29592 2024-08-13] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
S3 WireGuard; C:\WINDOWS\System32\drivers\wireguard.sys [489368 2024-09-25] (Microsoft Windows Hardware Compatibility Publisher -> WireGuard LLC)
R3 WirelessButtonDriver64; C:\WINDOWS\System32\drivers\WirelessButtonDriver64.sys [40200 2023-11-17] (HP Inc. -> HP)
S1 WinSetupMon; system32\DRIVERS\WinSetupMon.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One month (created) (Whitelisted) =========

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-11-24 21:55 - 2024-11-24 21:56 - 000000000 ____D C:\FRST
2024-11-24 21:54 - 2024-11-24 21:55 - 002402816 _____ (Farbar) C:\Users\VICTUS\Desktop\FRST64.exe
2024-11-23 23:01 - 2024-11-23 23:01 - 000002355 _____ C:\Users\VICTUS\Desktop\Microsoft Edge.lnk
2024-11-23 22:18 - 2024-11-23 22:18 - 000751106 _____ C:\WINDOWS\system32\perfh01F.dat
2024-11-23 22:18 - 2024-11-23 22:18 - 000165162 _____ C:\WINDOWS\system32\perfc01F.dat
2024-11-23 22:10 - 2024-11-23 22:10 - 000234168 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt11.sys
2024-11-23 22:10 - 2024-11-23 22:10 - 000189776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2024-11-23 13:57 - 2024-11-23 13:57 - 000002023 _____ C:\Users\Public\Desktop\ESET Güvenli Bankacılık ve Gezinme.lnk
2024-11-23 13:55 - 2024-11-23 13:55 - 000000000 ____D C:\Users\VICTUS\AppData\Local\ESET
2024-11-23 13:55 - 2024-11-23 13:55 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2024-11-23 13:55 - 2024-11-23 13:55 - 000000000 ____D C:\ProgramData\ESET
2024-11-23 13:55 - 2024-11-23 13:55 - 000000000 ____D C:\Program Files\ESET
2024-11-23 13:52 - 2024-11-23 13:52 - 010687344 _____ (ESET) C:\Users\VICTUS\Downloads\eset_smart_security_premium_live_installer.exe
2024-11-23 13:47 - 2024-11-23 13:47 - 008790880 _____ (Malwarebytes) C:\Users\VICTUS\Downloads\adwcleaner.exe
2024-11-23 13:47 - 2024-11-23 13:47 - 000000000 ____D C:\AdwCleaner
2024-11-23 13:44 - 2024-11-23 13:44 - 000159398 _____ C:\WINDOWS\system32\.crusader
2024-11-23 13:41 - 2024-11-23 13:41 - 000001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2024-11-23 13:41 - 2024-11-23 13:41 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2024-11-23 13:41 - 2024-11-23 13:41 - 000000000 ____D C:\Program Files\HitmanPro
2024-11-23 13:40 - 2024-11-23 13:44 - 000000000 ____D C:\ProgramData\HitmanPro
2024-11-23 13:39 - 2024-11-23 13:42 - 014290472 _____ (Sophos B.V.) C:\Users\VICTUS\Downloads\HitmanPro_x64.exe
2024-11-23 13:33 - 2024-11-23 23:12 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Malwarebytes
2024-11-23 13:33 - 2024-11-23 13:33 - 000002100 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk
2024-11-23 13:33 - 2024-11-23 13:33 - 000002088 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2024-11-23 13:33 - 2024-11-23 13:33 - 000000000 ____D C:\ProgramData\Malwarebytes
2024-11-23 13:32 - 2024-11-23 13:33 - 000000000 ____D C:\Program Files\Malwarebytes
2024-11-23 13:32 - 2024-11-23 13:32 - 002744320 _____ (Malwarebytes) C:\Users\VICTUS\Downloads\MBSetup.exe
2024-11-23 13:17 - 2024-11-23 13:17 - 000000000 ____D C:\Users\VICTUS\AppData\Local\OneDrive
2024-11-22 19:40 - 2024-11-22 19:40 - 000000676 _____ C:\Users\VICTUS\Downloads\Villager Enslavement.zip
2024-11-22 15:02 - 2024-11-22 15:02 - 000004510 _____ C:\Users\VICTUS\Downloads\model.bbmodel
2024-11-19 20:19 - 2024-11-24 21:52 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Oculus Remote Desktop
2024-11-19 20:19 - 2024-11-19 20:19 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Meta Quest Remote Desktop
2024-11-15 18:09 - 2024-11-15 18:09 - 047327186 _____ C:\Users\VICTUS\Downloads\WhatsApp Video 2024-11-15 saat 18.08.28_998e9700.mp4
2024-11-13 14:18 - 2024-11-13 14:18 - 000026650 _____ C:\WINDOWS\SysWOW64\IntegratedServicesRegionPolicySet.json
2024-11-13 14:17 - 2024-11-13 14:17 - 000026650 _____ C:\WINDOWS\system32\IntegratedServicesRegionPolicySet.json
2024-11-12 01:22 - 2024-11-12 01:45 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Altera PlayLabs
2024-11-12 01:22 - 2024-11-12 01:22 - 000002431 _____ C:\Users\VICTUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Altera PlayLabs.lnk
2024-11-12 01:22 - 2024-11-12 01:22 - 000002423 _____ C:\Users\VICTUS\Desktop\Altera PlayLabs.lnk
2024-11-12 01:22 - 2024-11-12 01:22 - 000000000 ____D C:\Users\VICTUS\AppData\Local\minecraft-bot-fe-updater
2024-11-12 01:22 - 2024-11-12 01:22 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Altera PlayLabs
2024-11-12 01:20 - 2024-11-12 01:21 - 345114864 _____ (Altera) C:\Users\VICTUS\Downloads\Altera PlayLabs Setup 0.3.3.exe
2024-11-11 23:43 - 2024-11-11 23:43 - 000000000 ____D C:\Users\VICTUS\Downloads\Smooth Pierce (1.0)-4323-1-0-1730151358
2024-11-11 23:43 - 2024-11-11 23:43 - 000000000 ____D C:\Users\VICTUS\Downloads\Realistic Bleeding Nomad 1.0 (v1.1.2)-4332-1-1-2-1730162370
2024-11-11 23:39 - 2024-11-11 23:39 - 000342919 _____ C:\Users\VICTUS\Downloads\ksicraft.mp4
2024-11-11 23:39 - 2024-11-11 23:39 - 000000759 _____ C:\Users\VICTUS\Downloads\Gürkan - Kişisel - Kısayol.lnk
2024-11-11 23:36 - 2024-11-11 23:36 - 000041673 _____ C:\Users\VICTUS\Downloads\Realistic Bleeding Nomad 1.0 (v1.1.2)-4332-1-1-2-1730162370.zip
2024-11-11 23:33 - 2024-11-11 23:33 - 000005015 _____ C:\Users\VICTUS\Downloads\Smooth Pierce (1.0)-4323-1-0-1730151358.zip
2024-11-11 20:55 - 2024-11-11 20:55 - 000000989 _____ C:\Users\VICTUS\Downloads\skibidi.zip
2024-11-11 15:22 - 2024-11-11 15:22 - 000000000 ____D C:\Users\VICTUS\Desktop\Powerful Punches-4314-1-0-1730141327
2024-11-11 15:22 - 2024-11-11 15:22 - 000000000 ____D C:\Users\VICTUS\Desktop\Assassins Arsenal v1.4.1-4311-1-4-1-1730975411
2024-11-09 21:07 - 2024-11-09 21:08 - 000000000 ____D C:\Users\VICTUS\Downloads\Updated PC map
2024-11-09 15:48 - 2024-11-22 12:06 - 000000000 ____D C:\Users\VICTUS\AppData\Local\essential-installer
2024-11-09 15:43 - 2024-11-09 15:43 - 000000739 _____ C:\Users\VICTUS\Downloads\civil war.zip
2024-11-09 15:33 - 2024-11-09 15:33 - 000000746 _____ C:\Users\VICTUS\Downloads\qwe.zip
2024-11-09 15:25 - 2024-11-09 15:25 - 033465893 _____ C:\Users\VICTUS\Downloads\Updated PC map.zip
2024-11-09 12:14 - 2024-11-09 12:14 - 000009059 _____ C:\Users\VICTUS\Downloads\Powerful Punches-4314-1-0-1730141327.zip
2024-11-09 12:14 - 2024-11-09 12:14 - 000000000 ____D C:\Users\VICTUS\Downloads\Powerful Punches-4314-1-0-1730141327
2024-11-09 12:11 - 2024-11-09 12:11 - 000000000 ____D C:\Users\VICTUS\Downloads\Assassins Arsenal v1.4.1-4311-1-4-1-1730975411
2024-11-09 12:07 - 2024-11-09 12:08 - 021495895 _____ C:\Users\VICTUS\Downloads\Assassins Arsenal v1.4.1-4311-1-4-1-1730975411.zip
2024-11-09 11:06 - 2024-11-09 11:06 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Goldberg SteamEmu Saves
2024-11-09 11:06 - 2024-11-09 11:06 - 000000000 ____D C:\Users\VICTUS\AppData\Local\BeamNG.drive
2024-11-09 01:07 - 2024-11-09 01:08 - 000000000 ____D C:\Users\VICTUS\Downloads\BeamNG.drive-Oyunindir.vip
2024-11-09 00:37 - 2024-11-09 01:07 - 3936027804 _____ C:\Users\VICTUS\Downloads\BeamNG.drive-Oyunindir.vip.rar
2024-11-01 20:46 - 2024-11-01 20:46 - 000000222 _____ C:\Users\VICTUS\Desktop\SteamVR.url
2024-11-01 20:37 - 2024-11-01 20:37 - 037874456 _____ C:\Users\VICTUS\Downloads\Create Lets get moving.zip
2024-10-31 18:52 - 2024-10-31 18:52 - 000000000 ____D C:\Program Files\Common Files\DESIGNER
2024-10-30 19:54 - 2024-10-30 19:54 - 006670036 _____ C:\Users\VICTUS\Downloads\6.Sınıf 1.Dönem 1.Yazılı Hazırlık Fasikülü 2025.pdf
2024-10-30 19:53 - 2024-10-30 19:53 - 006670036 _____ C:\Users\VICTUS\Documents\6.Sınıf 1.Dönem 1.Yazılı Hazırlık Fasikülü 2025.pdf
2024-10-30 15:42 - 2024-10-30 15:42 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Sony Corporation
2024-10-30 15:41 - 2024-10-30 15:41 - 003886776 _____ (Sony Interactive Entertainment Inc.) C:\Users\VICTUS\Downloads\RemotePlayInstaller.exe
2024-10-28 16:53 - 2024-10-28 16:53 - 000268568 _____ (ESET) C:\WINDOWS\system32\Drivers\ehdrv.sys
2024-10-28 16:53 - 2024-10-28 16:53 - 000220520 _____ (ESET) C:\WINDOWS\system32\Drivers\eamonm.sys
2024-10-28 16:53 - 2024-10-28 16:53 - 000128552 _____ (ESET) C:\WINDOWS\system32\Drivers\epfwwfp.sys
2024-10-28 16:53 - 2024-10-28 16:53 - 000087784 _____ (ESET) C:\WINDOWS\system32\Drivers\epfw.sys
2024-10-28 16:53 - 2024-10-28 16:53 - 000057872 _____ (ESET) C:\WINDOWS\system32\Drivers\ekbdflt.sys

==================== One month (modified) ==================

(If an entry is included in the fixlist, the file/folder will be moved.)

2024-11-24 21:55 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemTemp
2024-11-24 21:53 - 2023-05-14 17:05 - 000003622 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA
2024-11-24 21:53 - 2023-05-14 17:05 - 000003498 _____ C:\WINDOWS\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore
2024-11-24 21:52 - 2024-08-09 20:30 - 000000000 ____D C:\ProgramData\Cloudflare
2024-11-24 21:52 - 2022-05-07 08:24 - 000000000 ___HD C:\Program Files\WindowsApps
2024-11-24 21:52 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\AppReadiness
2024-11-24 21:52 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2024-11-24 21:52 - 2022-03-22 14:43 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Packages
2024-11-24 21:52 - 2021-08-24 12:32 - 000000000 ____D C:\ProgramData\Packages
2024-11-24 00:06 - 2023-09-14 22:14 - 000000000 ____D C:\Users\VICTUS\AppData\Local\OGH
2024-11-23 23:25 - 2024-09-20 22:36 - 000000000 ____D C:\Program Files (x86)\Steam
2024-11-23 23:00 - 2023-05-14 17:01 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2024-11-23 22:46 - 2022-03-22 14:43 - 000000000 ____D C:\Users\VICTUS\AppData\Local\D3DSCache
2024-11-23 22:25 - 2023-01-27 04:30 - 000000000 ____D C:\Users\VICTUS\AppData\Local\CrashDumps
2024-11-23 22:18 - 2023-05-14 17:10 - 001851542 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2024-11-23 22:18 - 2022-05-07 08:22 - 000000000 ____D C:\WINDOWS\INF
2024-11-23 22:16 - 2024-05-25 10:38 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\CurseForge
2024-11-23 22:16 - 2024-05-24 22:13 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\.minecraft
2024-11-23 22:16 - 2021-08-24 12:36 - 000000000 ____D C:\ProgramData\NVIDIA
2024-11-23 22:10 - 2024-06-03 17:39 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Oculus
2024-11-23 22:10 - 2023-05-14 17:05 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2024-11-23 22:10 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ServiceState
2024-11-23 22:10 - 2022-05-07 08:17 - 001048576 _____ C:\WINDOWS\system32\config\BBI
2024-11-23 22:10 - 2022-03-22 14:43 - 000000000 __SHD C:\Users\VICTUS\IntelGraphicsProfiles
2024-11-23 22:10 - 2021-04-30 10:25 - 000000000 ____D C:\Intel
2024-11-23 22:10 - 2020-05-06 11:58 - 000012288 ___SH C:\DumpStack.log.tmp
2024-11-23 18:41 - 2024-06-05 12:35 - 000000000 ____D C:\Users\VICTUS\Desktop\EVERY THING almost
2024-11-23 13:55 - 2022-05-07 08:24 - 000000000 ___HD C:\WINDOWS\ELAMBKUP
2024-11-23 13:44 - 2021-04-30 10:31 - 000000000 ____D C:\ProgramData\HP
2024-11-23 13:27 - 2024-05-24 20:05 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\discord
2024-11-23 13:27 - 2023-05-14 17:02 - 000000000 ____D C:\Users\VICTUS
2024-11-23 13:27 - 2022-03-22 19:42 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Microsoft\MMC
2024-11-23 13:15 - 2024-05-24 20:05 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Discord
2024-11-23 13:15 - 2021-04-30 10:25 - 000002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk
2024-11-23 13:14 - 2021-04-30 10:31 - 000000000 ____D C:\Program Files\HP
2024-11-23 02:12 - 2024-07-23 19:58 - 000002326 _____ C:\Users\VICTUS\Desktop\Thunderstore Mod Manager.lnk
2024-11-23 02:12 - 2024-07-23 19:58 - 000000000 ____D C:\Program Files (x86)\Overwolf
2024-11-23 02:12 - 2024-05-25 10:38 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Overwolf
2024-11-22 16:32 - 2024-05-28 19:57 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Blockbench
2024-11-21 19:29 - 2024-09-17 19:30 - 000001399 _____ C:\Users\VICTUS\Desktop\Roblox Player.lnk
2024-11-21 19:29 - 2024-05-24 21:56 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Roblox
2024-11-19 20:19 - 2024-08-05 00:20 - 000000000 ____D C:\Program Files\Oculus
2024-11-19 19:23 - 2023-05-14 17:05 - 000003588 _____ C:\WINDOWS\system32\Tasks\OneDrive Reporting Task-S-1-5-21-2954904617-222500736-1971499326-1002
2024-11-19 19:23 - 2023-05-14 17:05 - 000003380 _____ C:\WINDOWS\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-2954904617-222500736-1971499326-1002
2024-11-19 19:23 - 2022-03-22 14:43 - 000002363 _____ C:\Users\VICTUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2024-11-17 12:45 - 2022-05-07 08:24 - 000000000 ____D C:\Program Files\Common Files\microsoft shared
2024-11-17 12:45 - 2021-04-30 10:33 - 000000000 ____D C:\Program Files\Microsoft Office
2024-11-16 23:56 - 2022-05-07 08:24 - 000000000 ____D C:\ProgramData\USOPrivate
2024-11-15 19:31 - 2024-06-30 21:02 - 000000370 _____ C:\Users\VICTUS\Documents\E-mail2.txt
2024-11-14 20:13 - 2022-03-23 12:36 - 000000000 ____D C:\Users\VICTUS\AppData\Local\HP_Inc
2024-11-14 10:20 - 2024-02-17 20:57 - 000004292 _____ C:\WINDOWS\system32\Tasks\OmenInstallMonitorCustomEvent
2024-11-14 10:20 - 2024-02-03 13:27 - 000004232 _____ C:\WINDOWS\system32\Tasks\OmenOverlayCustomEvent
2024-11-14 10:20 - 2023-09-14 22:14 - 000003890 _____ C:\WINDOWS\system32\Tasks\OmenInstallMonitor
2024-11-14 10:20 - 2023-09-14 22:14 - 000003830 _____ C:\WINDOWS\system32\Tasks\OmenOverlay
2024-11-14 10:17 - 2023-05-14 17:01 - 000595056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2024-11-14 10:16 - 2023-10-11 07:30 - 000000000 ____D C:\WINDOWS\system32\Microsoft-Edge-WebView
2024-11-14 10:16 - 2023-05-14 16:55 - 000000000 ____D C:\WINDOWS\HoloShell
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ___SD C:\WINDOWS\system32\UNP
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\PrintDialog
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\setup
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SysWOW64\Dism
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\SystemResources
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\ShellExperiences
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Sgrm
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\setup
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\PerceptionSimulation
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\oobe
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\HealthAttestationClient
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\Dism
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\system32\appraiser
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellExperiences
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\ShellComponents
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\DiagTrack
2024-11-14 10:16 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\bcastdvr
2024-11-14 10:16 - 2022-05-07 08:17 - 000000000 ____D C:\WINDOWS\servicing
2024-11-13 14:24 - 2022-05-07 08:17 - 000000000 ____D C:\WINDOWS\CbsTemp
2024-11-13 14:23 - 2021-10-12 21:39 - 000000000 ____D C:\WINDOWS\system32\MRT
2024-11-13 14:21 - 2021-10-12 21:39 - 202035632 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2024-11-13 14:14 - 2024-01-07 22:15 - 000057952 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\HpReadHWData.sys
2024-11-12 16:23 - 2024-06-04 22:00 - 000004284 _____ C:\WINDOWS\system32\Tasks\Opera GX scheduled Autoupdate 1717527624
2024-11-12 16:23 - 2024-06-04 22:00 - 000001425 _____ C:\Users\VICTUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Opera GX tarayıcı.lnk
2024-11-12 00:19 - 2024-08-09 17:01 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\SideQuest
2024-11-12 00:19 - 2024-06-03 17:51 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\OculusClient
2024-11-09 23:00 - 2022-05-07 08:24 - 000000000 ____D C:\WINDOWS\LiveKernelReports
2024-11-09 20:52 - 2024-06-09 18:16 - 000000000 ____D C:\Users\VICTUS\Desktop\gartic phone
2024-11-09 11:07 - 2022-12-15 01:15 - 000124456 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamehelper.exe
2024-11-09 11:07 - 2022-12-15 01:15 - 000075304 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgamecontrol.exe
2024-11-09 11:07 - 2021-12-13 15:19 - 000243240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamelaunchhelper.dll
2024-11-09 11:07 - 2021-09-14 13:17 - 002872896 _____ (Microsoft Corporation) C:\WINDOWS\system32\xgameruntime.dll
2024-11-09 11:07 - 2021-09-14 13:17 - 000775720 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameplatformservices.dll
2024-11-09 11:07 - 2021-09-14 13:17 - 000243240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameconfighelper.dll
2024-11-09 11:07 - 2021-09-14 13:17 - 000153152 _____ (Microsoft Corporation) C:\WINDOWS\system32\gamingtcuihelpers.dll
2024-11-08 22:08 - 2024-08-15 13:14 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\lunarclient
2024-11-02 13:32 - 2024-07-18 16:47 - 000000000 ____D C:\Users\VICTUS\Desktop\gtag mods
2024-11-01 20:46 - 2023-05-31 21:21 - 000000000 ____D C:\Users\VICTUS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2024-10-31 18:37 - 2024-08-09 20:30 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Cloudflare
2024-10-30 23:03 - 2020-05-06 11:58 - 000000000 ____D C:\WINDOWS\system32\Drivers\wd
2024-10-29 11:41 - 2023-08-09 23:48 - 000000000 ____D C:\Program Files\HPPrintScanDoctor
2024-10-29 11:41 - 2023-05-14 17:05 - 000000000 ____D C:\WINDOWS\system32\Tasks\HP
2024-10-28 14:27 - 2024-06-03 21:48 - 000000140 _____ C:\Users\VICTUS\Downloads\tinytask.ini
2024-10-26 16:08 - 2024-05-24 21:56 - 000000000 ____D C:\Users\VICTUS\AppData\Local\Roblox

==================== Files in the root of some directories ========

2024-07-25 23:54 - 2024-07-25 23:56 - 000000271 _____ () C:\Users\VICTUS\AppData\Roaming\MelonLoader.Installer.cfg
2022-03-22 19:42 - 2022-03-22 19:42 - 000000017 _____ () C:\Users\VICTUS\AppData\Local\resmon.resmoncfg

==================== SigCheck ============================

(There is no automatic fix for files that do not pass verification.)

==================== End of FRST.txt ========================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2024
Ran by VICTUS (24-11-2024 21:58:21)
Running from C:\Users\VICTUS\AppData\Local\Temp\scoped_dir5672_611869633
Microsoft Windows 11 Home Single Language Version 23H2 22631.4460 (X64) (2023-05-14 14:05:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

(If an entry is included in the fixlist, it will be removed.)

Administrator (S-1-5-21-2954904617-222500736-1971499326-500 - Administrator - Disabled)
Guest (S-1-5-21-2954904617-222500736-1971499326-501 - Limited - Disabled)
VarsayılanHesap (S-1-5-21-2954904617-222500736-1971499326-503 - Limited - Disabled)
VICTUS (S-1-5-21-2954904617-222500736-1971499326-1002 - Administrator - Enabled) => C:\Users\VICTUS
WDAGUtilityAccount (S-1-5-21-2954904617-222500736-1971499326-504 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Malwarebytes (Enabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: ESET Security (Enabled - Up to date) {26E0861C-6FB9-CEF9-E4F0-531986211ACE}
FW: ESET Güvenlik Duvarı (Enabled) {1EDB0739-25D6-CFA1-CFAF-FA2C78F25DB5}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Altera PlayLabs 0.3.3 (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\c29971a3-9db1-5379-9656-55e4dba81af0) (Version: 0.3.3 - Altera)
Blockbench 4.11.2 (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\f73268a5-4451-5bb0-b2b7-a92a16ee01d9) (Version: 4.11.2 - JannisX11)
Bloxstrap (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Bloxstrap) (Version: 2.7.0 - pizzaboxer)
CapCut (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\CapCut) (Version: 4.1.0.1647 - Bytedance Pte. Ltd.)
Cloudflare WARP (HKLM\...\{6AB023D9-B5C5-40AF-B252-BA656A9B194F}) (Version: 24.8.458.0 - Cloudflare, Inc.)
Clownfish Voice Changer (HKLM\...\ClownfishVoiceChanger) (Version: - )
CurseForge 1.265.0-21056 (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\ca0e291c-abd4-5fc3-b6a0-3d4333eccbd7) (Version: 1.265.0-21056 - Overwolf)
Discord (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Discord) (Version: 1.0.9147 - Discord Inc.)
Epic Games Launcher (HKLM-x32\...\{83C468DA-FC24-43A8-98AB-5493AEBC1A49}) (Version: 1.3.93.0 - Epic Games, Inc.)
Epic Games Launcher Prerequisites (x64) (HKLM\...\{F9C5C994-F6B9-4D75-B3E7-AD01B84073E9}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Epic Online Services (HKLM-x32\...\{57A956AB-4BCC-45C6-9B40-957E4E125568}) (Version: 2.0.44.0 - Epic Games, Inc.)
ESET Security (HKLM\...\{2AE41595-0CB6-45AD-A2FA-E20798D8842F}) (Version: 18.0.12.0 - ESET, spol. s r.o.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 125.0.6422.112 - Google LLC)
HitmanPro 3.8 (HKLM\...\HitmanPro38) (Version: 3.8.36.332 - SurfRight B.V.)
HP Audio Switch (HKLM-x32\...\{0B1DA73D-0562-4DE1-B942-CEF286CF2EDD}) (Version: 1.0.211.0 - HP Inc.)
HP Connection Optimizer (HKLM-x32\...\{6468C4A5-E47E-405F-B675-A70A70983EA6}) (Version: 2.0.19.0 - HP Inc.)
HP Documentation (HKLM\...\HP_Documentation) (Version: 1.0.0.1 - HP Inc.)
Java 8 Update 431 (64-bit) (HKLM\...\{71024AE4-039E-4CA4-87B4-2F64180431F0}) (Version: 8.0.4310.10 - Oracle Corporation)
Launcher Prerequisites (x64) (HKLM-x32\...\{43a03b9c-4770-409c-a999-587b60700b63}) (Version: 1.0.0.0 - Epic Games, Inc.) Hidden
Malwarebytes version 5.2.2.154 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 5.2.2.154 - Malwarebytes)
Microsoft .NET Host - 6.0.31 (x64) (HKLM\...\{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Host FX Resolver - 6.0.31 (x64) (HKLM\...\{9992D04E-553E-4BC2-B0EC-4A394DD19986}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft .NET Runtime - 6.0.31 (x64) (HKLM\...\{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}) (Version: 48.124.15198 - Microsoft Corporation) Hidden
Microsoft 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.18129.20158 - Microsoft Corporation)
Microsoft 365 - tr-tr (HKLM\...\O365HomePremRetail - tr-tr) (Version: 16.0.18129.20158 - Microsoft Corporation)
Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 131.0.2903.63 - Microsoft Corporation)
Microsoft Edge WebView2 Çalışma Zamanı (HKLM-x32\...\Microsoft EdgeWebView) (Version: 131.0.2903.63 - Microsoft Corporation) Hidden
Microsoft GameInput (HKLM-x32\...\{1F2B6AF3-C260-8666-5950-E3FEDBC851D6}) (Version: 10.1.22621.3036 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\OneDriveSetup.exe) (Version: 24.211.1020.0001 - Microsoft Corporation)
Microsoft Teams Meeting Add-in for Microsoft Office (HKLM\...\{A7AB73A3-CB10-4AA5-9D38-6AEFFBDE4C91}) (Version: 1.24.19202 - Microsoft)
Microsoft Update Health Tools (HKLM\...\{C6FD611E-7EFE-488C-A0E0-974C09EF6473}) (Version: 5.72.0.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (HKLM\...\{37B8F9C7-03FB-3253-8781-2517C99D7C00}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (HKLM\...\{CF2BEA3C-26EA-32F8-AA9B-331F7E34BA97}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (HKLM-x32\...\{B175520C-86A2-35A7-8619-86DC379688B9}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (HKLM-x32\...\{BD95A8CD-1D9F-35AD-981A-3E7925026EBB}) (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005 (HKLM\...\{929FBD26-9020-399B-9A7A-751D61F0B942}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005 (HKLM\...\{A749D8E6-B613-3BE3-8F5F-045C84EBA29B}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (HKLM-x32\...\{F8CFEB22-A2E7-3971-9EDA-4B11EDEFC185}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (HKLM-x32\...\{13A4EE12-23EA-3371-91EE-EFB36DDFFF3E}) (Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2015-2022 Redistributable (x64) - 14.40.33810 (HKLM-x32\...\{5af95fd8-a22e-458f-acee-c61bd787178e}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2015-2022 Redistributable (x86) - 14.40.33810 (HKLM-x32\...\{47109d57-d746-4f8b-9618-ed6a17cc922b}) (Version: 14.40.33810.0 - Microsoft Corporation)
Microsoft Visual C++ 2022 X64 Additional Runtime - 14.40.33810 (HKLM\...\{59CED48F-EBFE-480C-8A38-FC079C2BEC0F}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X64 Minimum Runtime - 14.40.33810 (HKLM\...\{B8B3BB4A-A10D-4F51-91B7-A64FFAC31EA7}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Additional Runtime - 14.40.33810 (HKLM-x32\...\{5EA6C998-D5AC-4ED9-89C3-9F25B17CCD3D}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2022 X86 Minimum Runtime - 14.40.33810 (HKLM-x32\...\{0C3457A0-3DCE-4A33-BEF0-9B528C557771}) (Version: 14.40.33810 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM\...\{EFE53353-800E-4987-B965-1C968D0F23A4}) (Version: 48.124.15242 - Microsoft Corporation) Hidden
Microsoft Windows Desktop Runtime - 6.0.31 (x64) (HKLM-x32\...\{1a7abdc5-639b-4af0-87c6-dbc511750c6e}) (Version: 6.0.31.33720 - Microsoft Corporation)
NVIDIA Canvas 1.4.311 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Canvas) (Version: 1.4.311 - NVIDIA Corporation)
NVIDIA FrameView SDK 1.1.4923.29968894 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_FrameViewSdk) (Version: 1.1.4923.29968894 - NVIDIA Corporation)
NVIDIA GeForce Experience 3.23.0.74 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 3.23.0.74 - NVIDIA Corporation)
NVIDIA Grafik Sürücüsü 556.13 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 556.13 - NVIDIA Corporation)
NVIDIA PhysX Sistem Yazılımı 9.21.0713 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.21.0713 - NVIDIA Corporation)
OBS Studio (HKLM-x32\...\OBS Studio) (Version: 30.1.2 - OBS Project)
Oculus (HKLM\...\Oculus) (Version: 1.97.0 - Facebook Technologies, LLC)
Office 16 Click-to-Run Extensibility Component (HKLM\...\{90160000-008C-0000-1000-0000000FF1CE}) (Version: 16.0.18129.20100 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (HKLM\...\{90160000-007E-0000-1000-0000000FF1CE}) (Version: 16.0.18129.20158 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-0409-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (HKLM\...\{90160000-008C-041F-1000-0000000FF1CE}) (Version: 16.0.13127.20616 - Microsoft Corporation) Hidden
Opera GX Stable 114.0.5282.159 (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Opera GX 114.0.5282.159) (Version: 114.0.5282.159 - Opera Software)
Overwolf (HKLM-x32\...\Overwolf) (Version: 0.263.0.11 - Overwolf Ltd.)
Proton VPN (HKLM\...\Proton VPN_is1) (Version: 3.3.2 - Proton AG)
r2modman 3.1.49 (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\ac231ef6-6414-5f8d-b36f-3b57705721dd) (Version: 3.1.49 - ebkr)
Roblox Player for VICTUS (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\roblox-player) (Version: - Roblox Corporation)
Roblox Studio for VICTUS (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\roblox-studio) (Version: - Roblox Corporation)
Rockstar Games Launcher (HKLM-x32\...\Rockstar Games Launcher) (Version: 1.0.95.2152 - Rockstar Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 2.3.6.5 - Rockstar Games)
SideQuest 0.10.42 (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\4924ec51-3e48-5cb7-b145-2119467094c7) (Version: 0.10.42 - Shane Harris)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Stremio (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Stremio) (Version: 4.4.168 - Smart Code Ltd)
Thunderstore Mod Manager (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\Overwolf_ahpflogoookodlegojjphcjpjaejgghjnfcdjdmi) (Version: 1.66.0 - Overwolf app)
Uninstall Lunar Client (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\1fcec38f-e773-5444-8669-32b8eb41524b) (Version: 3.2.26-ow - Moonsworth LLC)
Update for Windows 10 for x64-based Systems (KB5001716) (HKLM\...\{82BD0A1C-815F-487F-9AE7-CE73DA413CFF}) (Version: 4.91.0.0 - Microsoft Corporation)
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-2) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Vulkan Run Time Libraries 1.0.65.1 (HKLM\...\VulkanRT1.0.65.1-3) (Version: 1.0.65.1 - LunarG, Inc.) Hidden
Windows PC Sistem Durumu Denetimi (HKLM\...\{069FF0BE-DDC4-41D8-8799-CEAA1A506840}) (Version: 3.6.2204.08001 - Microsoft Corporation)
Zoom (HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\ZoomUMX) (Version: 5.13.10 (13305) - Zoom Video Communications, Inc.)

Packages:
=========
AppUp.IntelGraphicsExperience -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5688.0_x64__8j3eq9eme6ctt [2024-11-13] (INTEL CORP) [Startup Task]
B＆O Audio Control -> C:\Program Files\WindowsApps\AD2F1837.BOAudioControl_1.44.301.0_x64__v10z8vjag6ke6 [2024-10-29] (HP Inc.)
ChatGPT -> C:\Program Files\WindowsApps\OpenAI.ChatGPT-Desktop_1.2024.315.0_x64__2p2nqsd0c76g0 [2024-11-13] (OpenAI)
Dropbox promotion -> C:\Program Files\WindowsApps\C27EB4BA.DropboxOEM_23.4.27.0_x64__xbfy0k16fey96 [2024-10-29] (Dropbox Inc.)
ESET Context Menu -> C:\Program Files\ESET\ESET Security [2024-11-23] (Sparse Package)
HP PC Hardware Diagnostics Windows -> C:\Program Files\WindowsApps\AD2F1837.HPPCHardwareDiagnosticsWindows_2.6.3.0_x64__v10z8vjag6ke6 [2024-10-09] (HP Inc.)
HP Privacy Settings -> C:\Program Files\WindowsApps\AD2F1837.HPPrivacySettings_1.3.7.0_x64__v10z8vjag6ke6 [2024-10-29] (HP Inc.)
HP QuickDrop -> C:\Program Files\WindowsApps\AD2F1837.HPQuickDrop_2.5.10921.0_x64__v10z8vjag6ke6 [2022-07-31] (HP Inc.)
HP Smart -> C:\Program Files\WindowsApps\AD2F1837.HPPrinterControl_156.1.1125.0_x64__v10z8vjag6ke6 [2024-10-29] (HP Inc.)
HP Support Assistant -> C:\Program Files\WindowsApps\AD2F1837.HPSupportAssistant_9.40.48.0_x64__v10z8vjag6ke6 [2024-11-22] (HP Inc.)
HP System Event Utility -> C:\Program Files\WindowsApps\AD2F1837.HPSystemEventUtility_2.1.4.0_x64__v10z8vjag6ke6 [2024-10-31] (HP Inc.)
Intel® Rapid Storage Technology Application -> C:\Program Files\WindowsApps\AppUp.IntelOptaneMemoryandStorageManagement_20.0.1019.0_x64__8j3eq9eme6ctt [2024-11-21] (INTEL CORP)
Microsoft Defender -> C:\Program Files\WindowsApps\Microsoft.6365217CE6EB4_102.2410.16002.0_x64__8wekyb3d8bbwe [2024-11-13] (Microsoft Corporation) [Startup Task]
Microsoft Family -> C:\Program Files\WindowsApps\MicrosoftCorporationII.MicrosoftFamily_0.2.40.0_x64__8wekyb3d8bbwe [2023-10-05] (Microsoft Corp.)
Microsoft Whiteboard -> C:\Program Files\WindowsApps\Microsoft.Whiteboard_54.20907.567.0_x64__8wekyb3d8bbwe [2024-10-29] (Microsoft Corporation)
Minecraft for Windows -> C:\Program Files\WindowsApps\Microsoft.MinecraftUWP_1.21.4401.0_x64__8wekyb3d8bbwe [2024-11-01] (Microsoft Studios)
Minecraft Launcher -> C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe [2024-11-02] (Microsoft Studios)
myHP -> C:\Program Files\WindowsApps\AD2F1837.myHP_38.52440.1105.0_x64__v10z8vjag6ke6 [2024-10-30] (HP Inc.) [Startup Task]
NVIDIA Control Panel -> C:\Program Files\WindowsApps\NVIDIACorp.NVIDIAControlPanel_8.1.966.0_x64__56jybvy8sckqj [2024-05-26] (NVIDIA Corp.)
OMEN Gaming Hub -> C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6 [2024-11-14] (HP Inc.) [Startup Task]
OMEN Light Studio -> C:\Program Files\WindowsApps\AD2F1837.OMENLightStudio_1.0.52.0_x64__v10z8vjag6ke6 [2024-09-16] (HP Inc.) [Startup Task]
Simple Solitaire -> C:\Program Files\WindowsApps\26720RandomSaladGamesLLC.SimpleSolitaire_7.5.22.0_x64__kx24dqmazqk8j [2024-10-29] (Random Salad Games LLC)
SpotifyAB.SpotifyMusic -> C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0 [2024-11-21] (Spotify AB) [Startup Task]
WhatsApp -> C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2445.7.0_x64__cv1g1gvanyjgm [2024-11-18] (WhatsApp Inc.) [Startup Task]
WinAppRuntime.Main.1.5 -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Main.1.5_5001.311.2039.0_x64__8wekyb3d8bbwe [2024-11-13] (Microsoft Corp.)
WinAppRuntime.Singleton -> C:\Program Files\WindowsApps\MicrosoftCorporationII.WinAppRuntime.Singleton_6000.318.2304.0_x64__8wekyb3d8bbwe [2024-11-21] (Microsoft Corp.)
Xbox Toaster -> C:\Program Files\WindowsApps\Microsoft.XboxToaster_1.0.4.0_x64__8wekyb3d8bbwe [2022-03-22] (Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2954904617-222500736-1971499326-1002_Classes\CLSID\{19A6E644-14E6-4A60-B8D7-DD20610A871D}\InprocServer32 -> C:\Users\VICTUS\AppData\Local\Microsoft\TeamsMeetingAdd-in\1.24.19202\x64\Microsoft.Teams.AddinLoader.dll (Microsoft Corporation -> Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-2954904617-222500736-1971499326-1002_Classes\CLSID\{50726f74-6f6e-2e56-504e-000000000000}\localserver32 -> C:\Program Files\Proton\VPN\v3.3.2\ProtonVPN.exe (Proton AG -> )
CustomCLSID: HKU\S-1-5-21-2954904617-222500736-1971499326-1002_Classes\CLSID\{eb1fdd5b-8f70-4b5a-b230-998a2dc19303}\localserver32 -> C:\Users\VICTUS\AppData\Local\Programs\Guilded\resources\app.asar.unpacked\node_modules\node-notifier\vendor\snoreToast\snoretoast-x64.exe => No File
CustomCLSID: HKU\S-1-5-21-2954904617-222500736-1971499326-1002_Classes\CLSID\{f9517764-05a4-a748-620a-95087d06a241}\localserver32 -> C:\Program Files\Cloudflare\Cloudflare WARP\Cloudflare WARP.exe (Cloudflare, Inc. -> Cloudflare)
ShellIconOverlayIdentifiers: [ OptaneIconOverlay] -> {A3AF6F6C-8BED-3D93-8B5D-33427B5D38E9} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ContextMenuHandlers1: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-10-28] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers2: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-10-28] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-11-23] (Malwarebytes Inc. -> Malwarebytes)
ContextMenuHandlers3: [OptaneContextMenu] -> {AD7EBB13-617D-3270-8FA8-46583499C4FB} => C:\WINDOWS\System32\DriverStore\FileRepository\iastorpinningcomponent.inf_amd64_651bb78e61d538aa\OptaneShellExt.dll [2021-08-26] (Intel Corporation -> )
ContextMenuHandlers5: [NvCplDesktopContext] -> {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} => C:\WINDOWS\System32\DriverStore\FileRepository\nvhm.inf_amd64_69784b7a3902e1a0\nvshext.dll [2024-08-05] (NVIDIA Corporation -> NVIDIA Corporation)
ContextMenuHandlers6: [ESET Security Shell] -> {B089FE88-FB52-11D3-BDF1-0050DA34150D} => C:\Program Files\ESET\ESET Security\shellExt.dll [2024-10-28] (ESET, spol. s r.o. -> ESET)
ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2024-11-23] (Malwarebytes Inc. -> Malwarebytes)

==================== Codecs (Whitelisted) ====================

==================== Shortcuts & WMI ========================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\VICTUS\Desktop\EVERY THING almost\MD Roblox'da - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC) -> --profile-directory="Default"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk -> C:\Program Files (x86)\Online Services\LastPass\WizLink.exe () -> hxxp://js.redirect.hp.com/jumpstation?bd=lastpass&c=*&locale=*&pf=*&s=*&tp=edge

==================== Loaded Modules (Whitelisted) =============

2024-11-14 10:50 - 2024-11-14 10:50 - 000138240 _____ () [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Interop.IWs06dcaa36#\ec9fc1f624fec9a65396783f62d15899\Interop.IWshRuntimeLibrary.ni.dll
2024-11-14 10:33 - 2024-11-14 10:33 - 000139776 _____ (hardcodet.net) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Hardcodet.W6cab32f3#\0970b744ba784d1070792bedf214b1e1\Hardcodet.Wpf.TaskbarNotification.ni.dll
2024-11-14 10:50 - 2024-11-14 10:50 - 001716736 _____ (Mark Heath & Contributors) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\NAudio\0f1018c63ad9cb6531d69431d0fcc25a\NAudio.ni.dll
2024-11-14 10:50 - 2024-11-14 10:50 - 003088896 _____ (Newtonsoft) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Newtonsoft.Json\f03a41b8b10365f62dad9781d7680ad2\Newtonsoft.Json.ni.dll
2024-11-14 10:50 - 2024-11-14 10:50 - 000780288 _____ (The Apache Software Foundation) [File not signed] C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\log4net\2abd8d2a7fb372cf0711d9e423c0ba7b\log4net.ni.dll

==================== Alternate Data Streams (Whitelisted) ========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\desktop.ini:B1DA6C571C [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access.lnk:A1B76439FE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini:41964AA945 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel.lnk:B96E9B8455 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk:8096E45125 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Audio Switch.lnk:BD4A45E559 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Documentation.lnk:92B3809DA8 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass.lnk:F32536EEBE [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote.lnk:60EC9648C0 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook (classic).lnk:BE800952D3 [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Check.lnk:F20EF51E1F [3442]
AlternateDataStreams: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uninstall Meta Quest Link.lnkE33064E45 [3442]
AlternateDataStreams: C:\Users\VICTUS\Desktop\FRST64.exe:MBAM.Zone.Identifier [193]
AlternateDataStreams: C:\Users\VICTUS\Downloads\adwcleaner.exe:MBAM.Zone.Identifier [136]
AlternateDataStreams: C:\Users\VICTUS\Downloads\eset_smart_security_premium_live_installer.exe:MBAM.Zone.Identifier [205]
AlternateDataStreams: C:\Users\VICTUS\Downloads\HitmanPro_x64.exe:MBAM.Zone.Identifier [138]

==================== Safe Mode (Whitelisted) ==================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"

==================== Association (Whitelisted) =================

==================== Internet Explorer (Whitelisted) =============

SearchScopes: HKLM -> {94C126E3-A263-4EA4-BC7A-E61AE9DD6FFF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {94C126E3-A263-4EA4-BC7A-E61AE9DD6FFF} URL = hxxp://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_431\bin\ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_431\bin\jp2ssv.dll [2024-09-30] (Oracle America, Inc. -> Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2024-11-13] (HP Inc. -> HP Inc.)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2024-10-01] (Microsoft Corporation -> Microsoft Corporation)
BHO-x32: McAfee WebAdvisor -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll => No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2024-11-13] (HP Inc. -> HP Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2024-10-31] (Microsoft Corporation -> Microsoft Corporation)

==================== Hosts content: =========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2019-12-07 12:14 - 2019-12-07 12:12 - 000000824 _____ C:\WINDOWS\system32\drivers\etc\hosts

==================== Other Areas ===========================

(Currently there is no automatic fix for this section.)

HKLM\System\CurrentControlSet\Control\Session Manager\Environment\\Path -> C:\Program Files (x86)\Common Files\Oracle\Java\java8path;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Program Files\Oculus\Support\oculus-runtime;C:\windows\system32;C:\windows;C:\windows\System32\Wbem;C:\windows\System32\WindowsPowerShell\v1.0\;C:\windows\System32\OpenSSH\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Program Files\NVIDIA Corporation\NVIDIA NvDLISR;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\dotnet\;C:\Program Files\Cloudflare\Cloudflare WARP\
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\VICTUS\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\LocalCache\Microsoft\IrisService\3864790277197571934\133767713897829312.jpg
DNS Servers: 1.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

Network Binding:
=============
Wi-Fi: Intel(R) Wi-Fi 6 AX201 160MHz -> Netwtw10.sys
Ethernet: Realtek Gaming GbE Family Controller -> rt68cx21x64.sys

nt_rtf64: Realtek LightWeight Filter (NDIS6.40)

==================== MSCONFIG/TASK MANAGER disabled items ==

(If an entry is included in the fixlist, it will be removed.)

HKLM\...\StartupApproved\StartupFolder: => "Cloudflare WARP.lnk"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\StartupFolder: => "OneNote'a Gönder.lnk"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "MicrosoftEdgeAutoLaunch_7EB487E3792CF6736872E4A8B5B5CC95"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "YandexDisk2"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "utweb"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "RiotClient"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "Lunar Client"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "Opera GX Stable"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "Opera GX Browser Assistant"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "Discord"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "Overwolf"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "com.electron.Guilded"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "EpicGamesLauncher"
HKU\S-1-5-21-2954904617-222500736-1971499326-1002\...\StartupApproved\Run: => "ProtonVPN"

==================== FirewallRules (Whitelisted) ================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{47C87D15-C12E-4B16-B0D2-2368EDFD046D}] => (Allow) C:\Users\VICTUS\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{9AB32FFE-E293-48F1-8BD7-244345C9C8D6}] => (Allow) C:\Users\VICTUS\AppData\Roaming\Zoom\bin\airhost.exe => No File
FirewallRules: [{E98ECD74-09F4-471E-8866-7E0A13513D87}] => (Allow) C:\Users\VICTUS\AppData\Roaming\Zoom\bin\Zoom.exe (Zoom Video Communications, Inc. -> Zoom Video Communications, Inc.)
FirewallRules: [{624B2A05-4664-4145-B403-0358446F98DA}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{68B54EB9-09CA-4D87-9159-47DCB81BB7A0}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{0EEA5C22-CB12-4A16-B283-0A56A33B61D5}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe => No File
FirewallRules: [{C5ACF2DE-12F8-4EAF-BEA7-ED4259125F83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{6B446FE3-7C20-4C45-8258-2823B504F8A8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{8D4DF189-6BB5-4259-8265-69F7B9DFCF83}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{EDE08769-61F6-4DD4-854C-F7AD949775CE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe (NVIDIA Corporation -> NVIDIA Corporation)
FirewallRules: [{CD522149-E478-4E64-992E-770B2B461F4B}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FE29260E-A6A6-48FD-B8EF-788804CA93E4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{FEC94053-9EEA-483D-AEE8-66A8BF114FBA}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{CC34E85F-8812-4742-81C1-F9F0BBC149D8}] => (Allow) C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{06580C9B-6168-4A78-BBDA-BF11DCDEA7AE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{D29B45E7-354B-4C67-8146-69AD5483898B}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{63E53315-9EDE-45AE-8A62-52A42D9BE541}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{7B0D0AE5-A198-45B2-B4D0-DFD8636D39BE}] => (Allow) C:\Program Files\WindowsApps\Microsoft.SkypeApp_15.110.3218.0_x64__kzf8qxf38zg5c\Skype\Skype.exe (Skype Software Sarl -> Skype Technologies S.A.)
FirewallRules: [{DCF0A099-1095-469D-810C-6466B7AA574F}] => (Allow) C:\Users\VICTUS\AppData\Local\Programs\Opera\107.0.5045.21\opera.exe => No File
FirewallRules: [TCP Query User{5488B239-8245-4E72-AD4E-56DE782A2480}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [UDP Query User{EA27F4FE-5239-4328-9994-26B1FBB86F45}C:\riot games\riot client\riotclientelectron\riot client.exe] => (Block) C:\riot games\riot client\riotclientelectron\riot client.exe => No File
FirewallRules: [TCP Query User{79FF6A28-7520-45A4-8CAB-0A09C85BEAD1}C:\program files\epic games\f9b5d1f1a85e4a63acd3a4471cafed29\skullandbones.exe] => (Allow) C:\program files\epic games\f9b5d1f1a85e4a63acd3a4471cafed29\skullandbones.exe => No File
FirewallRules: [UDP Query User{2398BBD4-DBEA-467B-875B-DA53E0304952}C:\program files\epic games\f9b5d1f1a85e4a63acd3a4471cafed29\skullandbones.exe] => (Allow) C:\program files\epic games\f9b5d1f1a85e4a63acd3a4471cafed29\skullandbones.exe => No File
FirewallRules: [{66A28570-B119-429A-9081-2DBA8A0BB2CA}] => (Allow) C:\Users\VICTUS\AppData\Local\Programs\Opera\107.0.5045.36\opera.exe => No File
FirewallRules: [{44DD395E-E396-4228-A3BE-94A1C1CC304A}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe (Google LLC -> Google LLC)
FirewallRules: [TCP Query User{A587B70E-1CDE-46C1-ACD4-EDF56B83A279}C:\users\victus\appdata\local\programs\launcher\lunar client.exe] => (Allow) C:\users\victus\appdata\local\programs\launcher\lunar client.exe (Moonsworth, LLC -> Moonsworth LLC)
FirewallRules: [UDP Query User{D862C018-459B-4F56-A89A-03574A8A29DB}C:\users\victus\appdata\local\programs\launcher\lunar client.exe] => (Allow) C:\users\victus\appdata\local\programs\launcher\lunar client.exe (Moonsworth, LLC -> Moonsworth LLC)
FirewallRules: [{739A06A3-AA5A-4000-B156-B5460EEFCF15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lethal Company\Lethal Company.exe => No File
FirewallRules: [{46DBD23B-7FC5-4916-9C7E-153D129BF414}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Lethal Company\Lethal Company.exe => No File
FirewallRules: [TCP Query User{6A842346-AACE-463C-AF9A-09EDFBD3F42F}C:\users\victus\.lunarclient\jre\56e53accb20696f802d92bd011174126b5e3154e\zulu21.30.15-ca-jre21.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\victus\.lunarclient\jre\56e53accb20696f802d92bd011174126b5e3154e\zulu21.30.15-ca-jre21.0.1-win_x64\bin\javaw.exe
FirewallRules: [UDP Query User{0282AFBA-531E-424E-B4D1-0647671556D0}C:\users\victus\.lunarclient\jre\56e53accb20696f802d92bd011174126b5e3154e\zulu21.30.15-ca-jre21.0.1-win_x64\bin\javaw.exe] => (Allow) C:\users\victus\.lunarclient\jre\56e53accb20696f802d92bd011174126b5e3154e\zulu21.30.15-ca-jre21.0.1-win_x64\bin\javaw.exe
FirewallRules: [TCP Query User{A64D3AD7-BAA4-42C2-B9A5-4B64087DC866}C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [UDP Query User{F82209FC-54DD-4316-8252-D430FB5F2CCA}C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-gamma\windows-x64\java-runtime-gamma\bin\javaw.exe
FirewallRules: [{DC41090C-5F26-4416-909D-950438070AB8}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DELTARUNEdemo\DELTARUNE.exe => No File
FirewallRules: [{06B99735-844E-4E74-B774-A8BB86D27E01}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\DELTARUNEdemo\DELTARUNE.exe => No File
FirewallRules: [TCP Query User{4077A8B6-F964-46E2-A17E-165924A76E03}C:\users\victus\appdata\local\programs\blockbench\blockbench.exe] => (Allow) C:\users\victus\appdata\local\programs\blockbench\blockbench.exe (Jannis Tobias Petersen -> JannisX11)
FirewallRules: [UDP Query User{6D9B3317-CA83-4B46-A4E6-1CBF01F893B0}C:\users\victus\appdata\local\programs\blockbench\blockbench.exe] => (Allow) C:\users\victus\appdata\local\programs\blockbench\blockbench.exe (Jannis Tobias Petersen -> JannisX11)
FirewallRules: [{7B63045C-7B97-490B-96AF-8B17EBB32271}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{81BB6186-5F50-45F0-AA0B-16FF86AE9339}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForest.exe () [File not signed]
FirewallRules: [{615A216F-00FA-4CBE-A9A5-845A99A8F50F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [{B046BBAD-4772-4069-931A-4F3541E152C3}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Forest\TheForestVR.exe () [File not signed]
FirewallRules: [TCP Query User{43B905F1-6C14-4F02-9FC1-8EFECAE4EA69}C:\users\victus\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [UDP Query User{BB941CDB-1093-4243-97C7-2799CF684568}C:\users\victus\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\jre-legacy\windows-x64\jre-legacy\bin\javaw.exe
FirewallRules: [TCP Query User{452A4B5D-A5AE-4AF5-8A10-CCD864B33A11}C:\users\victus\appdata\local\programs\curseforge windows\curseforge.exe] => (Allow) C:\users\victus\appdata\local\programs\curseforge windows\curseforge.exe (Overwolf Ltd -> Overwolf)
FirewallRules: [UDP Query User{133C73CB-AAAB-46E3-A603-ED798D411BCE}C:\users\victus\appdata\local\programs\curseforge windows\curseforge.exe] => (Allow) C:\users\victus\appdata\local\programs\curseforge windows\curseforge.exe (Overwolf Ltd -> Overwolf)
FirewallRules: [{F5536D7E-48CD-4F02-A56D-7461E26D1854}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win64\vrserver.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{3202A8B4-84D6-4364-B7BD-A6F7E85B39C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win64\vrserver.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [TCP Query User{BDC8E607-3F26-4A93-BD6A-317A2D967DA1}C:\program files (x86)\steam\steamapps\common\vrchat\vrchat.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vrchat\vrchat.exe => No File
FirewallRules: [UDP Query User{B2CD3284-90C0-4605-8BCD-C7C10E7A52BE}C:\program files (x86)\steam\steamapps\common\vrchat\vrchat.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\vrchat\vrchat.exe => No File
FirewallRules: [TCP Query User{E540C5BC-544C-4637-A66E-785253AC7EDD}C:\users\victus\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\victus\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [UDP Query User{3843DE75-D11D-495B-B3E5-6754B3DE2123}C:\users\victus\appdata\local\programs\opera gx\opera.exe] => (Block) C:\users\victus\appdata\local\programs\opera gx\opera.exe (Opera Norway AS -> Opera Software)
FirewallRules: [TCP Query User{CDF8C6C9-FB20-404F-9472-FF6AEE129ED3}C:\users\victus\downloads\utbnp-v5.0.0\utbnp-v5.0.0\undertalebnp.exe] => (Allow) C:\users\victus\downloads\utbnp-v5.0.0\utbnp-v5.0.0\undertalebnp.exe => No File
FirewallRules: [UDP Query User{51FBCC6D-3DDA-4453-BAB2-65045A193783}C:\users\victus\downloads\utbnp-v5.0.0\utbnp-v5.0.0\undertalebnp.exe] => (Allow) C:\users\victus\downloads\utbnp-v5.0.0\utbnp-v5.0.0\undertalebnp.exe => No File
FirewallRules: [TCP Query User{59C78496-BA4A-470A-B2B9-C7A6E88B1CB1}C:\users\victus\desktop\undertale mod and original\undertalebnp\utbnp-v5.0.0 (1)\utbnp-v5.0.0\undertalebnp.exe] => (Allow) C:\users\victus\desktop\undertale mod and original\undertalebnp\utbnp-v5.0.0 (1)\utbnp-v5.0.0\undertalebnp.exe => No File
FirewallRules: [UDP Query User{8EFF102D-27BD-4954-AE23-42B826E4E957}C:\users\victus\desktop\undertale mod and original\undertalebnp\utbnp-v5.0.0 (1)\utbnp-v5.0.0\undertalebnp.exe] => (Allow) C:\users\victus\desktop\undertale mod and original\undertalebnp\utbnp-v5.0.0 (1)\utbnp-v5.0.0\undertalebnp.exe => No File
FirewallRules: [{0301AEAB-210C-47CD-84F7-DFC115F0C623}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe => No File
FirewallRules: [{80A3B07A-399F-4ADE-AB07-29B21005B9F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Muck\Muck.exe => No File
FirewallRules: [TCP Query User{0680EF10-D757-4EBA-9816-7949D95104D2}C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{6D916E96-697B-436B-9264-ED5A41D09BD4}C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [TCP Query User{2DD020DD-1ACC-455B-87B4-F5E9695058B6}C:\users\victus\appdata\local\discord\app-1.0.9151\discord.exe] => (Allow) C:\users\victus\appdata\local\discord\app-1.0.9151\discord.exe => No File
FirewallRules: [UDP Query User{C6854EAE-0BF2-4176-BD3B-6E28F9CE0FC7}C:\users\victus\appdata\local\discord\app-1.0.9151\discord.exe] => (Allow) C:\users\victus\appdata\local\discord\app-1.0.9151\discord.exe => No File
FirewallRules: [{98354D98-AF35-4A4A-B88E-55310C1CE63F}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{13F8FACD-B49F-4E65-9BCB-9BDC24DCEBEC}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\bin\win32\vrstartup.exe (Valve Corp. -> Valve Corporation)
FirewallRules: [{DCC32EFB-7E17-426E-BC19-953F03847478}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve Corp. -> )
FirewallRules: [{92D4EDB0-6B2E-4C43-B6A6-40ED04C5CA58}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtours.exe (Valve Corp. -> )
FirewallRules: [{3200EB87-4426-4391-97AF-D66E20478C84}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve Corp. -> )
FirewallRules: [{77ACD1E4-1648-4A01-BD7B-DC19F764B0C2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SteamVR\tools\steamvr_environments\game\bin\win64\steamtourscfg.exe (Valve Corp. -> )
FirewallRules: [{C2CECD50-3486-4D68-B07D-FE921FBB31A6}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\People Playground\People Playground.exe () [File not signed]
FirewallRules: [{9EEFF9E1-703C-4F69-BC1E-F8B9FE340776}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\People Playground\People Playground.exe () [File not signed]
FirewallRules: [TCP Query User{6D751A16-8B03-47E1-B98C-BC9F49FCBFF8}C:\users\victus\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\victus\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [UDP Query User{CA74300E-866D-4EBC-8132-AD4F6F1DFC0D}C:\users\victus\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe] => (Allow) C:\users\victus\appdata\local\packages\microsoft.4297127d64ec6_8wekyb3d8bbwe\localcache\local\runtime\java-runtime-delta\windows-x64\java-runtime-delta\bin\javaw.exe
FirewallRules: [{46702532-F4EC-48A4-B701-2F0DA91136EB}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Facebook Technologies, LLC -> Facebook Technologies, LLC)
FirewallRules: [{CED70699-7729-4F67-BE48-87E76AA54ECE}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServiceLauncher.exe (Facebook Technologies, LLC -> Facebook Technologies, LLC)
FirewallRules: [{45D25E10-269F-41B9-860A-22D1EBF47555}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Facebook Technologies, LLC -> Facebook Technologies, LLC)
FirewallRules: [{2E824D2A-4B13-421A-8246-324F2796F1CB}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRRedir.exe (Facebook Technologies, LLC -> Facebook Technologies, LLC)
FirewallRules: [{723352D8-12C6-4E40-A2AD-DD2C045208CC}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Facebook Technologies, LLC -> Facebook Technologies, LLC)
FirewallRules: [{B0CEB235-1C53-4E1C-BA2F-777D97B566EB}] => (Allow) C:\Program Files\Oculus\Support\oculus-runtime\OVRServer_x64.exe (Facebook Technologies, LLC -> Facebook Technologies, LLC)
FirewallRules: [{FCC6CC39-FEB9-4824-AF0C-9DEF8A5E4D2C}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Facebook Technologies, LLC -> )
FirewallRules: [{58D66C53-C15F-4875-8BDE-1E609BDAFDEB}] => (Allow) C:\Program Files\Oculus\Support\oculus-dash\dash\bin\OculusDash.exe (Facebook Technologies, LLC -> )
FirewallRules: [{287E78B7-D2B3-4B6A-9203-B79AC1AF365D}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [{4B3930C7-CD75-4936-959F-1E13057E5819}] => (Allow) C:\Program Files\Oculus\Support\oculus-client\OculusClient.exe (Oculus VR, LLC) [File not signed]
FirewallRules: [TCP Query User{DB63B39A-B86C-413F-A9DB-08E19A94DD30}C:\users\victus\appdata\local\discord\app-1.0.9156\discord.exe] => (Allow) C:\users\victus\appdata\local\discord\app-1.0.9156\discord.exe => No File
FirewallRules: [UDP Query User{FE28F22B-820F-4F57-A7A7-98E240CD6A43}C:\users\victus\appdata\local\discord\app-1.0.9156\discord.exe] => (Allow) C:\users\victus\appdata\local\discord\app-1.0.9156\discord.exe => No File
FirewallRules: [TCP Query User{B1E23B78-4C0E-4515-81F6-8A07CFFF4E98}C:\users\victus\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\victus\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Node.js) [File not signed]
FirewallRules: [UDP Query User{93410207-4677-43CB-B3D6-FC63B0A738CE}C:\users\victus\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe] => (Allow) C:\users\victus\appdata\local\programs\lnv\stremio-4\stremio-runtime.exe (Smart Code OOD -> Node.js) [File not signed]
FirewallRules: [{290BADFD-27A1-435F-AEB5-14E70306BC7A}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChainedTogether\ChainedTogether.exe => No File
FirewallRules: [{7C893359-0E66-42ED-9D3E-7D444DD4E5A4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\ChainedTogether\ChainedTogether.exe => No File
FirewallRules: [{424F4593-5A9E-4FAE-A834-463E8C0C60C5}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [{356AE973-E0D6-49A7-B79E-93039F3876A7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Grand Theft Auto V\PlayGTAV.exe => No File
FirewallRules: [TCP Query User{28F69FDF-02C9-4105-B765-C02A593939F3}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [UDP Query User{342E438B-5E1C-450E-B52A-754679ABB08B}C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\grand theft auto v\gta5.exe => No File
FirewallRules: [{B87A8054-6018-4E3F-8057-F932B7BC98D1}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24215.1106.3094.6606_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{11D13262-D6E6-43BF-97F2-98D59B1B2594}] => (Allow) C:\Program Files\WindowsApps\MicrosoftTeams_24215.1106.3094.6606_x64__8wekyb3d8bbwe\msteams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{E13C3E6F-ABA2-41B2-B31E-3203116C23F7}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe () [File not signed]
FirewallRules: [{5AE467FC-3563-4C31-B0A8-71E3DE2AAC42}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Human Fall Flat\Human.exe () [File not signed]
FirewallRules: [{654A1771-4FDA-4C0E-8A99-6BA5C86C5486}] => (Allow) C:\Program Files\Cloudflare\Cloudflare WARP\warp-svc.exe (Cloudflare, Inc. -> )
FirewallRules: [TCP Query User{8CF334EB-742E-4C90-A3D8-DD6345CB795D}C:\users\victus\downloads\ut-red-and-yellow\undertale.exe] => (Allow) C:\users\victus\downloads\ut-red-and-yellow\undertale.exe => No File
FirewallRules: [UDP Query User{CAA56D80-C97F-469F-A08F-617D9D513DA5}C:\users\victus\downloads\ut-red-and-yellow\undertale.exe] => (Allow) C:\users\victus\downloads\ut-red-and-yellow\undertale.exe => No File
FirewallRules: [{6061C507-A696-4351-B35B-2E6D6F72E969}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe () [File not signed]
FirewallRules: [{A55E2636-565B-44F1-81B7-80F287C117F9}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Undertale\UNDERTALE.exe () [File not signed]
FirewallRules: [{8190D650-31B9-45EA-9696-0FFA4D6DC61C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quarters\fnaf9.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{0AA3D029-6F66-4E64-AD17-F85183247662}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quarters\fnaf9.exe (Epic Games, Inc.) [File not signed]
FirewallRules: [{213A0F0C-06BC-48E9-A7CE-2D4F373FCC66}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cult of the Lamb\Cult Of The Lamb.exe () [File not signed]
FirewallRules: [{D1C39686-FF82-4267-BE43-69A53DBBBD45}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Cult of the Lamb\Cult Of The Lamb.exe () [File not signed]
FirewallRules: [{345743D8-F7F1-4C6F-8BCE-721DE79065DA}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{0AF8CE42-B8DB-44FE-BB5E-A624C48196F0}C:\program files (x86)\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) C:\program files (x86)\beamng.drive\bin64\beamng.drive.x64.exe => No File
FirewallRules: [UDP Query User{E0C8FDD3-ED4A-4B31-A147-8A474021F7CC}C:\program files (x86)\beamng.drive\bin64\beamng.drive.x64.exe] => (Allow) C:\program files (x86)\beamng.drive\bin64\beamng.drive.x64.exe => No File
FirewallRules: [{D1AD2581-0D3A-4D36-8D2C-9A189B355B17}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [{A8F2E336-6C18-4B7B-837F-64337F04307C}] => (Allow) C:\Program Files\WindowsApps\MSTeams_24295.605.3225.8804_x64__8wekyb3d8bbwe\ms-teams.exe (Microsoft Corporation -> Microsoft Corporation)
FirewallRules: [TCP Query User{DA732357-7482-4D87-BD50-6C9889700A4B}C:\users\victus\appdata\local\programs\altera playlabs\altera playlabs.exe] => (Allow) C:\users\victus\appdata\local\programs\altera playlabs\altera playlabs.exe (ALTERA.AL, INC. -> Altera)
FirewallRules: [UDP Query User{8C72478C-841A-44A7-A78C-B4AB76C60343}C:\users\victus\appdata\local\programs\altera playlabs\altera playlabs.exe] => (Allow) C:\users\victus\appdata\local\programs\altera playlabs\altera playlabs.exe (ALTERA.AL, INC. -> Altera)
FirewallRules: [TCP Query User{F3DB5E50-88A8-4730-8BB3-BE69EEBA9B03}C:\program files\java\jre1.8.0_431\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_431\bin\java.exe
FirewallRules: [UDP Query User{748C8884-1313-41A3-9328-8F678C57FE30}C:\program files\java\jre1.8.0_431\bin\java.exe] => (Allow) C:\program files\java\jre1.8.0_431\bin\java.exe
FirewallRules: [{8D7415BA-092C-4D04-AB59-F9B66A154FC1}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{1713285B-0714-4419-8D04-864CF2851936}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{41969744-F915-45E8-AC68-3328892E9351}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{290F51BA-87F4-4D31-A08A-138FC88BB263}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{72F57A70-CF26-4758-B5E0-C8DB2B8E91BA}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{F34E3E00-78D2-450A-98A5-23D6AEC14CE7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{78C1B03A-89AC-40CE-B0E7-C0409636DC09}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{9B96A2A4-32EA-43BD-A28A-61D12AF5A8A0}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{35A0F1AC-C709-4E33-97CD-359B11248B65}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B0A6E5CD-BE12-4148-AE55-AEF399A078F7}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{3BD1D9E4-3116-4256-98C4-76ED68BC17C3}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{C39FC93E-20D6-42BE-8B01-9140A0B1443A}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B910AF4C-672E-4144-AF35-7DD8C8F9AAC2}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{CBF7C520-8DF0-417A-921A-22285A0FA097}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\HP.Omen.OmenCommandCenter.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B2F3382A-DB73-47A1-AA2A-28C95EF83551}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{6561EEDD-C582-4BF7-9668-AF09E9A9749D}] => (Allow) C:\Program Files\WindowsApps\AD2F1837.OMENCommandCenter_1101.2411.3.0_x64__v10z8vjag6ke6\OmenCommandCenterApp\OmenCommandCenterBackground.exe (ED346674-0FA1-4272-85CE-3187C9C86E26 -> HP Inc.)
FirewallRules: [{B76CCB66-FB51-488A-8842-C7F340401BF1}] => (Allow) C:\Program Files (x86)\Overwolf\0.260.0.8\OverwolfBrowser.exe => No File
FirewallRules: [{7FE5C563-07DB-4FF0-8ACB-2D5809518E06}] => (Allow) C:\Program Files (x86)\Overwolf\0.260.0.8\OverwolfBrowser.exe => No File
FirewallRules: [{60D40F16-AD9F-46C7-8AA6-A2BEABED001C}] => (Block) C:\Program Files (x86)\Overwolf\0.260.0.8\OverwolfBrowser.exe => No File
FirewallRules: [{EA0E5051-9FCE-423F-A6F1-DB45B72E9248}] => (Block) C:\Program Files (x86)\Overwolf\0.260.0.8\OverwolfBrowser.exe => No File
FirewallRules: [{3DA82740-A5BA-405D-8195-46671229BDDE}] => (Allow) C:\Program Files (x86)\Overwolf\0.258.1.7\OverwolfBrowser.exe => No File
FirewallRules: [{9215D83C-3B3F-4730-BBB8-25EF08ADD82C}] => (Allow) C:\Program Files (x86)\Overwolf\0.258.1.7\OverwolfBrowser.exe => No File
FirewallRules: [{8D126AF4-1681-496A-B738-446A0EC13DBD}] => (Block) C:\Program Files (x86)\Overwolf\0.258.1.7\OverwolfBrowser.exe => No File
FirewallRules: [{7E642016-251E-4975-997D-0C63F2E8ADC9}] => (Block) C:\Program Files (x86)\Overwolf\0.258.1.7\OverwolfBrowser.exe => No File
FirewallRules: [{1B9E9B34-C301-4A0E-9D68-54EA18A0FA77}] => (Allow) C:\Program Files (x86)\Overwolf\0.263.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{20780C5F-6B8F-43EE-AC6C-C63C3CCC4283}] => (Allow) C:\Program Files (x86)\Overwolf\0.263.0.11\OverwolfBrowser.exe (Overwolf Ltd -> Overwolf LTD)
FirewallRules: [{A1C1CA6E-8679-4C2A-987E-8F5FE150E31D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{4168571F-CE09-4FCD-ABCC-12C7DB0A8C05}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{0FB055CA-91F2-44AC-BEBE-30D196722BF4}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{075DC6E7-4C7E-47FA-9E3B-E64222F3FB48}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{450B3084-98AA-4F77-9993-E574F1881358}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{BD6DC370-4AA7-4418-85A6-B739213A05EC}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{714A5121-613E-4428-9DED-6914101E8815}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{8E656C28-E7F8-496C-B886-3AB8E3736C67}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{F11720EE-53D7-489F-A08C-8747E7C5E55D}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [{02C174B0-85C1-4C66-85B8-983974CCD75B}] => (Allow) C:\Program Files\WindowsApps\SpotifyAB.SpotifyMusic_1.251.345.0_x64__zpdnekdrzrea0\Spotify.exe (453637B3-4E12-4CDF-B0D3-2A3C863BF6EF -> Spotify Ltd)
FirewallRules: [TCP Query User{F1FF21D6-46C1-4E30-A88E-1B848AF289BB}C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [UDP Query User{5F7812D1-90C7-45B5-AA3B-B8ACDC9A23B6}C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe] => (Allow) C:\users\victus\curseforge\minecraft\install\runtime\java-runtime-beta\windows-x64\java-runtime-beta\bin\javaw.exe
FirewallRules: [{0D09D7DB-28D7-48EC-90B1-67E1D33506BC}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\131.0.2903.63\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation)

==================== Restore Points =========================

21-11-2024 20:57:19 Dil Paketi Kaldırma
23-11-2024 13:43:27 HitmanPro Kontrol Noktası

==================== Faulty Device Manager Devices ============

==================== Event log errors: ========================

Application errors:
==================
Error: (11/23/2024 11:06:16 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002

Error: (11/23/2024 11:06:16 PM) (Source: Microsoft Security Client) (EventID: 2002) (User: )
Description: Event-ID 2002

Error: (11/23/2024 11:06:16 PM) (Source: Microsoft Security Client) (EventID: 2003) (User: )
Description: Event-ID 2003

Error: (11/23/2024 10:25:43 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-JM81EGBK)
Description: Hatalı uygulama adı: Minecraft.exe, sürüm: 1.0.1.0, zaman damgası: 0x66f48407
Hatalı modül adı: libcef.dll, sürüm: 127.3.5.0, zaman damgası: 0x66ba83b2
Özel durum kodu: 0x80000003
Hata uzaklığı 0x0000000005a8bed0
Hatalı işlem kimliği: 0x0xe28
Uygulama başlangıç zamanı: 0x0x1db3ddc3368145b
Hatalı uygulama yolu: C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe\Minecraft.exe
Hatalı modül yolu: C:\Users\VICTUS\AppData\Local\Packages\Microsoft.4297127D64EC6_8wekyb3d8bbwe\LocalCache\Local\game\libcef.dll
Rapor kimliği: fa092a80-e81c-4717-8577-2bf5cb63f6ea
Hatalı paket tam adı: Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe
Hatalı paketle ilgili uygulama kimliği: Minecraft

Error: (11/23/2024 10:10:50 PM) (Source: OVRServiceLauncher) (EventID: 0) (User: )
Description: Event-ID 0

Error: (11/23/2024 10:09:24 PM) (Source: Application Hang) (EventID: 1002) (User: NT AUTHORITY)
Description: 2020.3.1.43167 sürümlü People Playground.exe programı Windows ile etkileşimi durdurdu ve kapatıldı. Sorun hakkında daha fazla bilgi olup olmadığını görmek için Güvenlik ve Bakım denetim masasındaki sorun geçmişini kontrol edin.

Error: (11/23/2024 08:42:44 PM) (Source: Application Error) (EventID: 1000) (User: LAPTOP-JM81EGBK)
Description: Hatalı uygulama adı: Minecraft.exe, sürüm: 1.0.1.0, zaman damgası: 0x66f48407
Hatalı modül adı: libcef.dll, sürüm: 127.3.5.0, zaman damgası: 0x66ba83b2
Özel durum kodu: 0x80000003
Hata uzaklığı 0x0000000005a8bed0
Hatalı işlem kimliği: 0x0x47c4
Uygulama başlangıç zamanı: 0x0x1db3dc15903225c
Hatalı uygulama yolu: C:\Program Files\WindowsApps\Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe\Minecraft.exe
Hatalı modül yolu: C:\Users\VICTUS\AppData\Local\Packages\Microsoft.4297127D64EC6_8wekyb3d8bbwe\LocalCache\Local\game\libcef.dll
Rapor kimliği: 0a51f028-4a51-4f04-8edf-6a9d40631026
Hatalı paket tam adı: Microsoft.4297127D64EC6_2.1.3.0_x64__8wekyb3d8bbwe
Hatalı paketle ilgili uygulama kimliği: Minecraft

Error: (11/23/2024 06:52:40 PM) (Source: Microsoft Security Client) (EventID: 3002) (User: )
Description: Event-ID 3002


System errors:
=============
Error: (11/23/2024 10:59:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:34.2413960Z373

Error: (11/23/2024 10:59:34 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:34.1729533Z373

Error: (11/23/2024 10:59:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:33.2260978Z373

Error: (11/23/2024 10:59:33 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:33.1696344Z373

Error: (11/23/2024 10:59:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:32.2132947Z373

Error: (11/23/2024 10:59:32 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:32.1537469Z373

Error: (11/23/2024 10:59:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:31.1970580Z373

Error: (11/23/2024 10:59:31 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 88) (User: )
Description: 9\_TZ.TZ012024-11-23T19:59:31.1400605Z373


Windows Defender:
================
Date: 2024-11-20 20:56:12
Description:
Microsoft Defender Virüsten Koruma taraması tamamlanmadan durduruldu.
Tarama Kimliği: {20C89E07-B77E-4AC8-8322-97BF5B40B683}
Tarama Türü: Kötü Amaçlı Yazılımdan Koruma
Tarama Parametreleri: Hızlı Tarama
Kullanıcı: NT AUTHORITY\SYSTEM

Date: 2024-11-19 19:58:12
Description:
Microsoft Defender Virüsten Koruma taraması tamamlanmadan durduruldu.
Tarama Kimliği: {FC13E426-FA72-439E-A2F5-D723858FCC62}
Tarama Türü: Kötü Amaçlı Yazılımdan Koruma
Tarama Parametreleri: Hızlı Tarama
Kullanıcı: NT AUTHORITY\SYSTEM

Date: 2024-11-18 20:35:30
Description:
Microsoft Defender Virüsten Koruma taraması tamamlanmadan durduruldu.
Tarama Kimliği: {F3BEAC81-6AC4-4C3F-82A3-A16F59B8E9AC}
Tarama Türü: Kötü Amaçlı Yazılımdan Koruma
Tarama Parametreleri: Hızlı Tarama
Kullanıcı: NT AUTHORITY\SYSTEM

Date: 2024-11-17 18:50:24
Description:
Microsoft Defender Virüsten Koruma taraması tamamlanmadan durduruldu.
Tarama Kimliği: {6896B8F0-D834-45D2-952B-602E64B76D08}
Tarama Türü: Kötü Amaçlı Yazılımdan Koruma
Tarama Parametreleri: Hızlı Tarama
Kullanıcı: NT AUTHORITY\SYSTEM

Date: 2024-11-17 15:40:01
Description:
Microsoft Defender Virüsten Koruma taraması tamamlanmadan durduruldu.
Tarama Kimliği: {B0DCA97D-2103-4A73-9E99-C4D5A39F5FDD}
Tarama Türü: Kötü Amaçlı Yazılımdan Koruma
Tarama Parametreleri: Hızlı Tarama
Kullanıcı: NT AUTHORITY\SYSTEM
Event[0]

Date: 2024-10-14 19:23:13
Description:
Microsoft Defender Virüsten Koruma güvenlik bilgilerini güncelleştirmeye çalışırken bir hatayla karşılaştı.
Yeni güvenlik bilgileri Sürümü:
Önceki güvenlik bilgileri Sürümü: 1.419.472.0
Güncelleştirme Kaynağı: Microsoft Kötü Amaçlı Yazılımdan Koruma Merkezi
Güvenlik bilgileri Türü: Virüsten Koruma
Güncelleştirme Türü: Tam
Kullanıcı: NT AUTHORITY\SYSTEM
Geçerli Altyapı Sürümü:
Önceki Altyapı Sürümü: 1.1.24080.9
Hata Kodu: 0x80072ee7
Hata açıklaması: Sunucu adı veya adresi çözümlenemedi

Date: 2024-10-14 19:23:13
Description:
Microsoft Defender Virüsten Koruma güvenlik bilgilerini güncelleştirmeye çalışırken bir hatayla karşılaştı.
Yeni güvenlik bilgileri Sürümü:
Önceki güvenlik bilgileri Sürümü: 1.419.472.0
Güncelleştirme Kaynağı: Microsoft Kötü Amaçlı Yazılımdan Koruma Merkezi
Güvenlik bilgileri Türü: Casus Yazılım Önleme
Güncelleştirme Türü: Tam
Kullanıcı: NT AUTHORITY\SYSTEM
Geçerli Altyapı Sürümü:
Önceki Altyapı Sürümü: 1.1.24080.9
Hata Kodu: 0x80072ee7
Hata açıklaması: Sunucu adı veya adresi çözümlenemedi

Date: 2024-10-14 19:23:13
Description:
Microsoft Defender Virüsten Koruma güvenlik bilgilerini güncelleştirmeye çalışırken bir hatayla karşılaştı.
Yeni güvenlik bilgileri Sürümü:
Önceki güvenlik bilgileri Sürümü: 1.419.472.0
Güncelleştirme Kaynağı: Microsoft Kötü Amaçlı Yazılımdan Koruma Merkezi
Güvenlik bilgileri Türü: Virüsten Koruma
Güncelleştirme Türü: Tam
Kullanıcı: NT AUTHORITY\SYSTEM
Geçerli Altyapı Sürümü:
Önceki Altyapı Sürümü: 1.1.24080.9
Hata Kodu: 0x80072ee7
Hata açıklaması: Sunucu adı veya adresi çözümlenemedi

Date: 2024-10-14 19:23:13
Description:
Microsoft Defender Virüsten Koruma güvenlik bilgilerini güncelleştirmeye çalışırken bir hatayla karşılaştı.
Yeni güvenlik bilgileri Sürümü:
Önceki güvenlik bilgileri Sürümü: 1.419.472.0
Güncelleştirme Kaynağı: Microsoft Kötü Amaçlı Yazılımdan Koruma Merkezi
Güvenlik bilgileri Türü: Virüsten Koruma
Güncelleştirme Türü: Tam
Kullanıcı: NT AUTHORITY\SYSTEM
Geçerli Altyapı Sürümü:
Önceki Altyapı Sürümü: 1.1.24080.9
Hata Kodu: 0x80072ee7
Hata açıklaması: Sunucu adı veya adresi çözümlenemedi

Date: 2024-10-14 19:23:13
Description:
Microsoft Defender Virüsten Koruma güvenlik bilgilerini güncelleştirmeye çalışırken bir hatayla karşılaştı.
Yeni güvenlik bilgileri Sürümü:
Önceki güvenlik bilgileri Sürümü: 1.419.472.0
Güncelleştirme Kaynağı: Microsoft Kötü Amaçlı Yazılımdan Koruma Merkezi
Güvenlik bilgileri Türü: Casus Yazılım Önleme
Güncelleştirme Türü: Tam
Kullanıcı: NT AUTHORITY\SYSTEM
Geçerli Altyapı Sürümü:
Önceki Altyapı Sürümü: 1.1.24080.9
Hata Kodu: 0x80072ee7
Hata açıklaması: Sunucu adı veya adresi çözümlenemedi

CodeIntegrity:
===============
Date: 2024-11-24 21:58:33
Description:
Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\ESET\ESET Security\ekrn.exe) attempted to load \Device\HarddiskVolume3\Program Files\ESET\ESET Security\eamsi.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

BIOS: AMI F.25 10/04/2023
Motherboard: HP 88F9
Processor: 11th Gen Intel(R) Core(TM) i5-11400H @ 2.70GHz
Percentage of memory in use: 86%
Total physical RAM: 7829.98 MB
Available physical RAM: 1089.39 MB
Total Virtual: 32829.98 MB
Available Virtual: 23054.18 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:475.74 GB) (Free:139.25 GB) (Model: NVMe SAMSUNG MZVL2512HCJQ-00BH1) NTFS

\\?\Volume{b1f14013-6550-49f4-a6da-68dcbd0cb6e5}\ () (Fixed) (Total:0.92 GB) (Free:0.11 GB) NTFS
\\?\Volume{ef648428-7d24-42b9-843e-2f6ca5b9fafc}\ (SYSTEM) (Fixed) (Total:0.25 GB) (Free:0.16 GB) FAT32

==================== MBR & Partition Table ====================

==========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 80B63DEF)

Partition: GPT.

==================== End of Addition.txt =======================

Also some parts are turkish i think, if it causes problems, im sorry

 

[icotonev]

Hello...!

Remove Chrome extensions

• Open Chrome.
• At the top right choose More (the three vertical dots) > More Tools > Extensions
• Find all unknown extensions, and remove it, clicking on Remove.
• Confirm the action by clicking Remove once again.

Do the same for the second profile...

Remove an Edge extension

• Open Edge Settings and select Extensions.
• Find all unknown extensions , and remove it by clicking on the 3 horizontal dots beside it and choosing Remove from Edge.

Farbar Recovery Scan Tool - Fix

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Please download the attached file to the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the FRST.txt log you have submitted.

• Run FRST and click Fix only once and wait.
• The Computer will restart when the fix is completed.
• It will create a log (Fixlog.txt) please post it to your reply.

In your next reply, please include:

• Fixlog.txt

 

[miracdemirhan3]

dude im so scared right now, i want to do it but i dont want to

 

[miracdemirhan3]

like, i want to get rid of it, but it says "may cause damage to operating system that cant be undone"

 

[icotonev]

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system that cannot be undone

Hello..! If you are referring to this message...I think you have not understood it..! Please read it carefully...!

..to completely uninstall FRST, please do the following:

• Rename FRST64.exe to Uninstall.exe
• Double click on Uninstall.exeto launch it.
  • Your computer will reboot, and on reboot will remove FRST and all its files.

 

[icotonev]

This topic is now closed.