HijackThis Log Paylaşımı ve Çözümleri

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.14

Platform:  x64 Windows 10 (Enterprise), 10.0.19043.1415 (ReleaseId: 2009, 21H1), Service Pack: 0
Time:      08.01.2022 - 12:11 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Recep Can Yıldırım    (group: Administrators) on RECEP, FirstRun: yes

Chrome:  97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
   1  C:\Program Files (x86)\Rampage Gaming Headset\Rampage Gaming Headset.exe
   1  C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe
   1  C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
  11  C:\Program Files\Google\Chrome\Application\chrome.exe
   1  C:\Program Files\PC Remote Receiver\MonectServer.exe
   1  C:\Program Files\PC Remote Receiver\MonectServerService.exe
   1  C:\Program Files\Riot Vanguard\vgtray.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\taskkurvafaezm\tasketcurv.exe
   1  C:\tasktwcacbrcwe\taskwintuu.exe
   1  C:\Users\Recep Can Yıldırım\Desktop\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\System32\amdfendrsr.exe
   1  C:\Windows\System32\AudioDeviceService.exe
   1  C:\Windows\System32\audiodg.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atiesrxx.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   2  C:\Windows\System32\RtkAudUService64.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  72  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   3  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\Recep Can Yıldırım\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (file missing) (2020/12/08)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2020/12/26)
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O4-32 - HKLM\..\Run: [BCSSync] = C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4-32 - HKLM\..\Run: [Rampage Gaming Headset] = C:\Program Files (x86)\Rampage Gaming Headset\Rampage Gaming Headset.exe -boot
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-2014669194-791579289-1044259415-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-2014669194-791579289-1044259415-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Task: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Task: AMDRyzenMasterSDKTask - C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Task: StartAUEP - C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartCNBM - C:\Program Files\AMD\CNext\CNext\cncmd.exe benchmark
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0374383.inf_amd64_12cfd68385ecddd5\B374323\atiesrxx.exe
O23 - Service R2: AMD User Experience Program Data Uploader - (AUEPLauncher) - C:\Program Files\AMD\CIM\..\Performance Profile Client\AUEPDU.exe
O23 - Service R2: AudioDeviceService - C:\WINDOWS\system32\AudioDeviceService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: MonectServerService - C:\Program Files\PC Remote Receiver\MonectServerService.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe
O23 - Service R2: tasketcurv - C:\taskkurvafaezm\tasketcurv.exe
O23 - Service R2: taskwintuu - C:\tasktwcacbrcwe\taskwintuu.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: KMService - C:\WINDOWS\system32\srvany.exe (file missing)
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: tasklogvcj - C:\taskvfoosotlqm\tasklogvcj.exe
O23 - Service S3: tasksysgza - C:\taskpbvabufsch\tasksysgza.exe
O23 - Service S3: tasksysvyz - C:\tasknvfuafhbzs\tasksysvyz.exe
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe


--
End of file - Time spent: 30 sec. - 23142 bytes, CRC32: FFFFFFFF. Sign: 禍狷

O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Ozan Aydın\AppData\Local\Discord\Update.exe --processStart Discord.exe (file missing) (2021/10/05)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Ozan Aydın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Crack.lnk    ->    C:\Users\Ozan Aydın\Desktop\Crack (2021/09/04)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Ozan Aydın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GTA IV crack.lnk    ->    C:\Users\OZANAY~1\AppData\Local\Temp\RarSFX0\GTA IV Crack (2021/09/04)
O4 - Startup: C:\Users\Ozan Aydın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System32 (folder)
O22 - BITS Job: (download) {E40004E4-E177-4362-B093-72578E32A016} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/czka5fc33qq67ao7g67evi5jte_9.32.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.32.0_all_hkbbg5yepfmg4tn57zz6rpfdiy.crx3 -> C:\Users\OZANAY~1\AppData\Local\Temp\chrome_BITS_4364_1323952862\gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.32.0_all_hkbbg5yepfmg4tn57zz6rpfdiy.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft) (user missing)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\CompatTelRunner.exe -maintenance (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\Windows\system32\WSqmCons.exe -u (Microsoft)

O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Ozan Aydın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Crack.lnk    ->    C:\Users\Ozan Aydın\Desktop\Crack (2021/09/04)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Ozan Aydın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GTA IV crack.lnk    ->    C:\Users\OZANAY~1\AppData\Local\Temp\RarSFX0\GTA IV Crack (2021/09/04)
O4 - HKLM\..\StartupApproved\Run: [Intel Driver & Support Assistant] = C:\Program Files\Intel\Driver and Support Assistant\DSATray.exe (2021/10/17)
O4 - Startup: C:\Users\Ozan Aydın\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\System32 (folder)
O22 - BITS Job: (download) {E40004E4-E177-4362-B093-72578E32A016} - http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/czka5fc33qq67ao7g67evi5jte_9.32.0/gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.32.0_all_hkbbg5yepfmg4tn57zz6rpfdiy.crx3 -> C:\Users\OZANAY~1\AppData\Local\Temp\chrome_BITS_4364_1323952862\gcmjkmgdlgnkkcocmoeiminaijmmjnii_9.32.0_all_hkbbg5yepfmg4tn57zz6rpfdiy.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft) (user missing)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\CompatTelRunner.exe -maintenance (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\Windows\system32\WSqmCons.exe -u (Microsoft)

O23 - Service R2: tasketcurv - C:\taskkurvafaezm\tasketcurv.exe
O23 - Service R2: taskwintuu - C:\tasktwcacbrcwe\taskwintuu.exe
O23 - Service S3: tasklogvcj - C:\taskvfoosotlqm\tasklogvcj.exe
O23 - Service S3: tasksysgza - C:\taskpbvabufsch\tasksysgza.exe
O23 - Service S3: tasksysvyz - C:\tasknvfuafhbzs\tasksysvyz.exe
O23 - Service R2: MonectServerService - C:\Program Files\PC Remote Receiver\MonectServerService.exe

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.14

Platform:  x64 Windows 10 (Pro), 10.0.19044.1379 (ReleaseId: 2009, 21H2), Service Pack: 0
Time:      09.01.2022 - 12:13 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    engin    (group: Administrators) on ENGIN, FirstRun: yes

Chrome:  97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\NextDNS\dnsunleak.exe
   1  C:\Program Files (x86)\NextDNS\NextDNS.exe
   1  C:\Program Files (x86)\NextDNS\NextDNSService.exe
   7  C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
   1  C:\Program Files (x86)\Steam\steam.exe
  13  C:\Program Files\Google\Chrome\Application\chrome.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\WinRAR\WinRAR.exe
   2  C:\Windows\explorer.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\MoUsoCoreWorker.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
  19  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
   1  C:\Windows\SysWOW64\cmd.exe
   1  F:\Desktop\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R0 - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R0 - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R0 - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 ars.smartscreen.microsoft.com
O1 - Hosts: 0.0.0.0 az361816.vo.msecnd.net
O1 - Hosts: 0.0.0.0 az512334.vo.msecnd.net
O1 - Hosts: 0.0.0.0 blob.weather.microsoft.com
O1 - Hosts: 0.0.0.0 candycrushsoda.king.com
O1 - Hosts: 0.0.0.0 cdn.content.prod.cms.msn.com
O1 - Hosts: 0.0.0.0 cdn.onenote.net
O1 - Hosts: 0.0.0.0 choice.microsoft.com
O1 - Hosts: 0.0.0.0 choice.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 client.wns.windows.com
O1 - Hosts: 0.0.0.0 client-s.gateway.messenger.live.com
O1 - Hosts: 0.0.0.0 clientconfig.passport.net
O1 - Hosts: 0.0.0.0 deploy.static.akamaitechnologies.com
O1 - Hosts: 0.0.0.0 device.auth.xboxlive.com
O1 - Hosts: 0.0.0.0 dmd.metaservices.microsoft.com
O1 - Hosts: 0.0.0.0 dns.msftncsi.com
O1 - Hosts: 0.0.0.0 feedback.microsoft-hohm.com
O1 - Hosts: 0.0.0.0 feedback.search.microsoft.com
O1 - Hosts: 0.0.0.0 feedback.windows.com
O1 - Hosts: 0.0.0.0 img-s-msn-com.akamaized.net
O1 - Hosts: 0.0.0.0 insiderppe.cloudapp.net
O1 - Hosts: 0.0.0.0 licensing.mp.microsoft.com
O1 - Hosts: 0.0.0.0 mediaredirect.microsoft.com
O1 - Hosts: 0.0.0.0 msftncsi.com
O1 - Hosts: 0.0.0.0 officeclient.microsoft.com
O1 - Hosts: 0.0.0.0 oneclient.sfx.ms
O1 - Hosts: 0.0.0.0 pti.store.microsoft.com
O1 - Hosts: 0.0.0.0 query.prod.cms.rt.microsoft.com
O1 - Hosts: 0.0.0.0 register.cdpcs.microsoft.com
O1 - Hosts: 0.0.0.0 s0.2mdn.net
O1 - Hosts: 0.0.0.0 sO.2mdn.net
O1 - Hosts: 0.0.0.0 search.msn.com
O1 - Hosts: 0.0.0.0 settings-ssl.xboxlive.com
O1 - Hosts: 0.0.0.0 static.2mdn.net
O1 - Hosts: 0.0.0.0 store-images.s-microsoft.com
O1 - Hosts: 0.0.0.0 storeedgefd.dsx.mp.microsoft.com
O1 - Hosts: 0.0.0.0 support.microsoft.com
O1 - Hosts: 0.0.0.0 tile-service.weather.microsoft.com
O1 - Hosts: 0.0.0.0 time.windows.com
O1 - Hosts: 0.0.0.0 tk2.plt.msn.com
O1 - Hosts: 0.0.0.0 urs.smartscreen.microsoft.com
O1 - Hosts: 0.0.0.0 wdcp.microsoft.com
O1 - Hosts: 0.0.0.0 wdcpalt.microsoft.com
O1 - Hosts: 0.0.0.0 win10-trt.msedge.net
O1 - Hosts: 0.0.0.0 wscont.apps.microsoft.com
O1 - Hosts: 0.0.0.0 www.msftconnecttest.com
O1 - Hosts: 0.0.0.0 www.msftncsi.com
O1 - Hosts: 0.0.0.0 a-0001.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0001.dc-msedge.net
O1 - Hosts: 0.0.0.0 a-0002.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0003.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0004.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0005.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0006.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0007.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0008.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0009.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0010.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0011.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0012.a-msedge.net
O1 - Hosts: 0.0.0.0 a-msedge.net
O1 - Hosts: 0.0.0.0 a.ads1.msn.com
O1 - Hosts: 0.0.0.0 a.ads2.msads.net
O1 - Hosts: 0.0.0.0 a.ads2.msn.com
O1 - Hosts: 0.0.0.0 a.rad.msn.com
O1 - Hosts: 0.0.0.0 ac3.msn.com
O1 - Hosts: 0.0.0.0 activity.windows.com
O1 - Hosts: 0.0.0.0 adnexus.net
O1 - Hosts: 0.0.0.0 adnxs.com
O1 - Hosts: 0.0.0.0 ads.msn.com
O1 - Hosts: 0.0.0.0 ads1.msads.net
O1 - Hosts: 0.0.0.0 ads1.msn.com
O1 - Hosts: 0.0.0.0 aidps.atdmt.com
O1 - Hosts: 0.0.0.0 aka-cdn-ns.adtech.de
O1 - Hosts: 0.0.0.0 array101-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array102-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array103-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array104-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array201-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array202-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array203-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array204-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array401-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array402-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array403-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array404-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array405-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array406-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array407-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array408-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 b.ads1.msn.com
O1 - Hosts: 0.0.0.0 b.ads2.msads.net
O1 - Hosts: 0.0.0.0 b.rad.msn.com
O1 - Hosts: 0.0.0.0 bingads.microsoft.com
O1 - Hosts: 0.0.0.0 bl3301-a.1drv.com
O1 - Hosts: 0.0.0.0 bl3301-c.1drv.com
O1 - Hosts: 0.0.0.0 bl3301-g.1drv.com
O1 - Hosts: 0.0.0.0 bn1304-e.1drv.com
O1 - Hosts: 0.0.0.0 bn1306-a.1drv.com
O1 - Hosts: 0.0.0.0 bn1306-e.1drv.com
O1 - Hosts: 0.0.0.0 bn1306-g.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor001.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor002.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn3p-cor001.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor003.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor004.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2wns1.wns.windows.com
O1 - Hosts: 0.0.0.0 bn3sch020022328.wns.windows.com
O1 - Hosts: 0.0.0.0 by3301-a.1drv.com
O1 - Hosts: 0.0.0.0 by3301-c.1drv.com
O1 - Hosts: 0.0.0.0 by3301-e.1drv.com
O1 - Hosts: 0.0.0.0 bs.serving-sys.com
O1 - Hosts: 0.0.0.0 c.atdmt.com
O1 - Hosts: 0.0.0.0 c.msn.com
O1 - Hosts: 0.0.0.0 c-0001.dc-msedge.net
O1 - Hosts: 0.0.0.0 ca.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 cache.datamart.windows.com
O1 - Hosts: 0.0.0.0 cdn.atdmt.com
O1 - Hosts: 0.0.0.0 cds1204.lon.llnw.net
O1 - Hosts: 0.0.0.0 cds1293.lon.llnw.net
O1 - Hosts: 0.0.0.0 cds20417.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20431.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20450.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20457.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20475.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds21244.lon.llnw.net
O1 - Hosts: 0.0.0.0 cds26.ams9.msecn.net
O1 - Hosts: 0.0.0.0 cds425.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds459.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds494.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds965.lon.llnw.net
O1 - Hosts: 0.0.0.0 ch1-cor001.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 ch1-cor002.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 ch3301-c.1drv.com
O1 - Hosts: 0.0.0.0 ch3301-e.1drv.com
O1 - Hosts: 0.0.0.0 ch3301-g.1drv.com
O1 - Hosts: 0.0.0.0 ch3302-c.1drv.com
O1 - Hosts: 0.0.0.0 ch3302-e.1drv.com
O1 - Hosts: 0.0.0.0 compatexchange.cloudapp.net
O1 - Hosts: 0.0.0.0 compatexchange1.trafficmanager.net
O1 - Hosts: 0.0.0.0 continuum.dds.microsoft.com
O1 - Hosts: 0.0.0.0 corp.sts.microsoft.com
O1 - Hosts: 0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
O1 - Hosts: 0.0.0.0 cp101-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 cp201-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 cp401-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 cs1.wpc.v0cdn.net
O1 - Hosts: 0.0.0.0 db3aqu.atdmt.com
O1 - Hosts: 0.0.0.0 db3wns2011111.wns.windows.com
O1 - Hosts: 0.0.0.0 db5.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100122.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100127.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100831.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100835.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100917.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100925.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100928.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100938.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101001.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101022.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101024.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101031.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101034.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101042.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101044.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101122.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101123.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101125.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101128.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101129.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101133.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101145.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101209.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101221.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101228.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101231.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101237.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101317.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101324.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101329.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101333.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101334.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101338.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101419.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101424.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101426.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101427.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101430.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101445.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101511.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101519.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101529.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101535.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101541.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101543.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101608.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101618.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101629.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101631.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101633.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101640.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101711.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101722.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101739.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101745.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101813.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101820.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101826.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101835.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101837.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101844.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101907.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101914.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101929.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101939.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101941.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102015.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102017.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102019.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102023.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102025.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102032.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102033.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110108.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110109.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110114.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110135.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110142.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110204.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110206.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110214.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110225.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110232.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110245.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110315.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110323.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110325.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110328.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110331.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110341.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110343.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110345.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110403.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110419.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110438.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110442.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110501.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110527.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110533.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110618.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110622.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110624.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110626.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110634.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110705.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110724.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110740.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110810.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110816.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110821.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110822.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110825.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110828.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch1
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2022/01/08)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2022/01/08)
O4 - HKU\S-1-5-18\..\RunOnce: [AppsUseLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 1 (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [GlobalUserDisabled] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [ShellFeedsTaskbarViewMode] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Feeds" /v "ShellFeedsTaskbarViewMode" /t REG_DWORD /f /d 2 (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [SystemUsesLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (User 'LocalSystem')
O4 - HKU\S-1-5-19\..\RunOnce: [AppsUseLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 1 (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [GlobalUserDisabled] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [ShellFeedsTaskbarViewMode] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Feeds" /v "ShellFeedsTaskbarViewMode" /t REG_DWORD /f /d 2 (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [SystemUsesLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [AppsUseLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 1 (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [GlobalUserDisabled] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [ShellFeedsTaskbarViewMode] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Feeds" /v "ShellFeedsTaskbarViewMode" /t REG_DWORD /f /d 2 (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [SystemUsesLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (User 'Network service')
O4-32 - HKLM\..\Run: [NextDNS] = C:\Program Files (x86)\NextDNS\NextDNS.exe
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O6 - IE Policy: HKU\S-1-5-18\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O6 - IE Policy: HKU\S-1-5-19\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O6 - IE Policy: HKU\S-1-5-20\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = F:\downloads
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} = F:\saved games
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Desktop = F:\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Personal = F:\documents
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = F:\downloads
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Desktop = F:\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Personal = F:\documents
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O17 - DHCP DNS 1: 192.0.2.42
O17 - DHCP DNS 2: 192.168.1.1
O17 - DHCP DNS 3: 192.168.68.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O22 - Task: (disabled) (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattelrunner.exe (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - (no file)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\RetailDemo\CleanupOfflineContent - {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} - (no file)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O23 - Service R2: NextDNS DNS53 to DoH proxy. - (NextDNSService) - C:\Program Files (x86)\NextDNS\NextDNSService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000 
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O26 - Debugger: HKLM\..\CompatTelRunner.exe: [Debugger] = C:\Windows\System32\taskkill.exe (Microsoft)


--
End of file - Time spent: 4,6 sec. - 49270 bytes, CRC32: FFFFFFFF. Sign: 森᩠

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.14

Platform:  x64 Windows 10 (Pro), 10.0.19044.1379 (ReleaseId: 2009, 21H2), Service Pack: 0
Time:      09.01.2022 - 13:39 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    engin    (group: Administrators) on ENGIN, FirstRun: yes

Chrome:  97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksdeui.exe
   1  C:\Program Files (x86)\NextDNS\dnsunleak.exe
   1  C:\Program Files (x86)\NextDNS\NextDNS.exe
   1  C:\Program Files (x86)\NextDNS\NextDNSService.exe
   2  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\Updates\16.0.14729.20194\OfficeClickToRun.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\ProgramData\Kaspersky Lab\AVP21.3\Temp\temporaryFolder\updates\bin\kav21\mr3\21.3.10.391_kis_c\avp.exe.b5fa7c21-96cc-4858-9107-81e1a5930696_2553_4126.removeOnNextReboot.bda42bae-2fd8-4035-bf07-7b5487b2e5ca.locked
   1  C:\ProgramData\Kaspersky Lab\AVP21.3\Temp\temporaryFolder\updates\bin\kav21\mr3\21.3.10.391_kis_c\avpui.exe.b5fa7c21-96cc-4858-9107-81e1a5930696_2553_4126.removeOnNextReboot.26ef4197-72f8-400d-83e8-d5c7e92243be.locked
   2  C:\Windows\explorer.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   2  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\MoUsoCoreWorker.exe
   2  C:\Windows\System32\msiexec.exe
   3  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\sppsvc.exe
  18  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
   1  C:\Windows\SysWOW64\cmd.exe
   1  C:\Windows\SysWOW64\msiexec.exe
   1  F:\Desktop\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R0 - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R0 - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R0 - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.com.tr/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 ars.smartscreen.microsoft.com
O1 - Hosts: 0.0.0.0 az361816.vo.msecnd.net
O1 - Hosts: 0.0.0.0 az512334.vo.msecnd.net
O1 - Hosts: 0.0.0.0 blob.weather.microsoft.com
O1 - Hosts: 0.0.0.0 candycrushsoda.king.com
O1 - Hosts: 0.0.0.0 cdn.content.prod.cms.msn.com
O1 - Hosts: 0.0.0.0 cdn.onenote.net
O1 - Hosts: 0.0.0.0 choice.microsoft.com
O1 - Hosts: 0.0.0.0 choice.microsoft.com.nsatc.net
O1 - Hosts: 0.0.0.0 client.wns.windows.com
O1 - Hosts: 0.0.0.0 client-s.gateway.messenger.live.com
O1 - Hosts: 0.0.0.0 clientconfig.passport.net
O1 - Hosts: 0.0.0.0 deploy.static.akamaitechnologies.com
O1 - Hosts: 0.0.0.0 device.auth.xboxlive.com
O1 - Hosts: 0.0.0.0 dmd.metaservices.microsoft.com
O1 - Hosts: 0.0.0.0 dns.msftncsi.com
O1 - Hosts: 0.0.0.0 feedback.microsoft-hohm.com
O1 - Hosts: 0.0.0.0 feedback.search.microsoft.com
O1 - Hosts: 0.0.0.0 feedback.windows.com
O1 - Hosts: 0.0.0.0 img-s-msn-com.akamaized.net
O1 - Hosts: 0.0.0.0 insiderppe.cloudapp.net
O1 - Hosts: 0.0.0.0 licensing.mp.microsoft.com
O1 - Hosts: 0.0.0.0 mediaredirect.microsoft.com
O1 - Hosts: 0.0.0.0 msftncsi.com
O1 - Hosts: 0.0.0.0 officeclient.microsoft.com
O1 - Hosts: 0.0.0.0 oneclient.sfx.ms
O1 - Hosts: 0.0.0.0 pti.store.microsoft.com
O1 - Hosts: 0.0.0.0 query.prod.cms.rt.microsoft.com
O1 - Hosts: 0.0.0.0 register.cdpcs.microsoft.com
O1 - Hosts: 0.0.0.0 s0.2mdn.net
O1 - Hosts: 0.0.0.0 sO.2mdn.net
O1 - Hosts: 0.0.0.0 search.msn.com
O1 - Hosts: 0.0.0.0 settings-ssl.xboxlive.com
O1 - Hosts: 0.0.0.0 static.2mdn.net
O1 - Hosts: 0.0.0.0 store-images.s-microsoft.com
O1 - Hosts: 0.0.0.0 storeedgefd.dsx.mp.microsoft.com
O1 - Hosts: 0.0.0.0 support.microsoft.com
O1 - Hosts: 0.0.0.0 tile-service.weather.microsoft.com
O1 - Hosts: 0.0.0.0 time.windows.com
O1 - Hosts: 0.0.0.0 tk2.plt.msn.com
O1 - Hosts: 0.0.0.0 urs.smartscreen.microsoft.com
O1 - Hosts: 0.0.0.0 wdcp.microsoft.com
O1 - Hosts: 0.0.0.0 wdcpalt.microsoft.com
O1 - Hosts: 0.0.0.0 win10-trt.msedge.net
O1 - Hosts: 0.0.0.0 wscont.apps.microsoft.com
O1 - Hosts: 0.0.0.0 www.msftconnecttest.com
O1 - Hosts: 0.0.0.0 www.msftncsi.com
O1 - Hosts: 0.0.0.0 a-0001.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0001.dc-msedge.net
O1 - Hosts: 0.0.0.0 a-0002.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0003.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0004.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0005.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0006.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0007.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0008.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0009.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0010.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0011.a-msedge.net
O1 - Hosts: 0.0.0.0 a-0012.a-msedge.net
O1 - Hosts: 0.0.0.0 a-msedge.net
O1 - Hosts: 0.0.0.0 a.ads1.msn.com
O1 - Hosts: 0.0.0.0 a.ads2.msads.net
O1 - Hosts: 0.0.0.0 a.ads2.msn.com
O1 - Hosts: 0.0.0.0 a.rad.msn.com
O1 - Hosts: 0.0.0.0 ac3.msn.com
O1 - Hosts: 0.0.0.0 activity.windows.com
O1 - Hosts: 0.0.0.0 adnexus.net
O1 - Hosts: 0.0.0.0 adnxs.com
O1 - Hosts: 0.0.0.0 ads.msn.com
O1 - Hosts: 0.0.0.0 ads1.msads.net
O1 - Hosts: 0.0.0.0 ads1.msn.com
O1 - Hosts: 0.0.0.0 aidps.atdmt.com
O1 - Hosts: 0.0.0.0 aka-cdn-ns.adtech.de
O1 - Hosts: 0.0.0.0 array101-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array102-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array103-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array104-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array201-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array202-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array203-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array204-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array401-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array402-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array403-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array404-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array405-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array406-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array407-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 array408-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 b.ads1.msn.com
O1 - Hosts: 0.0.0.0 b.ads2.msads.net
O1 - Hosts: 0.0.0.0 b.rad.msn.com
O1 - Hosts: 0.0.0.0 bingads.microsoft.com
O1 - Hosts: 0.0.0.0 bl3301-a.1drv.com
O1 - Hosts: 0.0.0.0 bl3301-c.1drv.com
O1 - Hosts: 0.0.0.0 bl3301-g.1drv.com
O1 - Hosts: 0.0.0.0 bn1304-e.1drv.com
O1 - Hosts: 0.0.0.0 bn1306-a.1drv.com
O1 - Hosts: 0.0.0.0 bn1306-e.1drv.com
O1 - Hosts: 0.0.0.0 bn1306-g.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor001.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor002.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn3p-cor001.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor003.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2b-cor004.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 bn2wns1.wns.windows.com
O1 - Hosts: 0.0.0.0 bn3sch020022328.wns.windows.com
O1 - Hosts: 0.0.0.0 by3301-a.1drv.com
O1 - Hosts: 0.0.0.0 by3301-c.1drv.com
O1 - Hosts: 0.0.0.0 by3301-e.1drv.com
O1 - Hosts: 0.0.0.0 bs.serving-sys.com
O1 - Hosts: 0.0.0.0 c.atdmt.com
O1 - Hosts: 0.0.0.0 c.msn.com
O1 - Hosts: 0.0.0.0 c-0001.dc-msedge.net
O1 - Hosts: 0.0.0.0 ca.telemetry.microsoft.com
O1 - Hosts: 0.0.0.0 cache.datamart.windows.com
O1 - Hosts: 0.0.0.0 cdn.atdmt.com
O1 - Hosts: 0.0.0.0 cds1204.lon.llnw.net
O1 - Hosts: 0.0.0.0 cds1293.lon.llnw.net
O1 - Hosts: 0.0.0.0 cds20417.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20431.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20450.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20457.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds20475.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds21244.lon.llnw.net
O1 - Hosts: 0.0.0.0 cds26.ams9.msecn.net
O1 - Hosts: 0.0.0.0 cds425.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds459.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds494.lcy.llnw.net
O1 - Hosts: 0.0.0.0 cds965.lon.llnw.net
O1 - Hosts: 0.0.0.0 ch1-cor001.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 ch1-cor002.api.p001.1drv.com
O1 - Hosts: 0.0.0.0 ch3301-c.1drv.com
O1 - Hosts: 0.0.0.0 ch3301-e.1drv.com
O1 - Hosts: 0.0.0.0 ch3301-g.1drv.com
O1 - Hosts: 0.0.0.0 ch3302-c.1drv.com
O1 - Hosts: 0.0.0.0 ch3302-e.1drv.com
O1 - Hosts: 0.0.0.0 compatexchange.cloudapp.net
O1 - Hosts: 0.0.0.0 compatexchange1.trafficmanager.net
O1 - Hosts: 0.0.0.0 continuum.dds.microsoft.com
O1 - Hosts: 0.0.0.0 corp.sts.microsoft.com
O1 - Hosts: 0.0.0.0 corpext.msitadfs.glbdns2.microsoft.com
O1 - Hosts: 0.0.0.0 cp101-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 cp201-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 cp401-prod.do.dsp.mp.microsoft.com
O1 - Hosts: 0.0.0.0 cs1.wpc.v0cdn.net
O1 - Hosts: 0.0.0.0 db3aqu.atdmt.com
O1 - Hosts: 0.0.0.0 db3wns2011111.wns.windows.com
O1 - Hosts: 0.0.0.0 db5.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100122.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100127.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100831.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100835.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100917.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100925.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100928.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101100938.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101001.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101022.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101024.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101031.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101034.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101042.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101044.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101122.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101123.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101125.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101128.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101129.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101133.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101145.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101209.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101221.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101228.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101231.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101237.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101317.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101324.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101329.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101333.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101334.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101338.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101419.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101424.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101426.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101427.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101430.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101445.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101511.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101519.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101529.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101535.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101541.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101543.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101608.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101618.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101629.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101631.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101633.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101640.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101711.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101722.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101739.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101745.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101813.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101820.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101826.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101835.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101837.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101844.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101907.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101914.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101929.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101939.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101101941.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102015.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102017.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102019.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102023.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102025.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102032.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101102033.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110108.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110109.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110114.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110135.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110142.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110204.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110206.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110214.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110225.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110232.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110245.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110315.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110323.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110325.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110328.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110331.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110341.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110343.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110345.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110403.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110419.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110438.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110442.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110501.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110527.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110533.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110618.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110622.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110624.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110626.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110634.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110705.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110724.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110740.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110810.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110816.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110821.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110822.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110825.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch101110828.wns.windows.com
O1 - Hosts: 0.0.0.0 db5sch1
O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2022/01/08)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2022/01/08)
O4 - HKU\S-1-5-18\..\RunOnce: [AppsUseLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 1 (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [GlobalUserDisabled] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [ShellFeedsTaskbarViewMode] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Feeds" /v "ShellFeedsTaskbarViewMode" /t REG_DWORD /f /d 2 (User 'LocalSystem')
O4 - HKU\S-1-5-18\..\RunOnce: [SystemUsesLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (User 'LocalSystem')
O4 - HKU\S-1-5-19\..\RunOnce: [AppsUseLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 1 (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [GlobalUserDisabled] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [ShellFeedsTaskbarViewMode] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Feeds" /v "ShellFeedsTaskbarViewMode" /t REG_DWORD /f /d 2 (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [SystemUsesLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [AppsUseLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "AppsUseLightTheme" /t REG_DWORD /f /d 1 (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [GlobalUserDisabled] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\BackgroundAccessApplications" /v "GlobalUserDisabled" /t REG_DWORD /f /d 1 (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [ShellFeedsTaskbarViewMode] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Feeds" /v "ShellFeedsTaskbarViewMode" /t REG_DWORD /f /d 2 (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [SystemUsesLightTheme] = C:\Windows\system32\REG.exe ADD "HKCU\Software\Microsoft\Windows\CurrentVersion\Themes\Personalize" /v "SystemUsesLightTheme" /t REG_DWORD /f /d 0 (User 'Network service')
O4-32 - HKLM\..\Run: [NextDNS] = C:\Program Files (x86)\NextDNS\NextDNS.exe
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O6 - IE Policy: HKU\S-1-5-18\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O6 - IE Policy: HKU\S-1-5-19\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O6 - IE Policy: HKU\S-1-5-20\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions - present
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = F:\downloads
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} = F:\saved games
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Desktop = F:\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Personal = F:\documents
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = F:\downloads
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Desktop = F:\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Personal = F:\documents
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O17 - DHCP DNS 1: 192.0.2.42
O17 - DHCP DNS 2: 192.168.1.1
O17 - DHCP DNS 3: 192.168.68.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O22 - Task: (disabled) (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (disabled) (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\root\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (disabled) (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattelrunner.exe (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - (no file)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\RetailDemo\CleanupOfflineContent - {61f77d5e-afe9-400b-a5e6-e9e80fc8e601} - (no file)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 21.3 - (AVP21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\avp.exe -r
O23 - Service R2: Kaspersky VPN Secure Connection Hizmeti 5.3 - (KSDE5.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.3\ksde.exe -r
O23 - Service R2: NextDNS DNS53 to DoH proxy. - (NextDNSService) - C:\Program Files (x86)\NextDNS\NextDNSService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.3 - (klvssbridge64_21.3) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 21.3\x64\vssbridge64.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O26 - Debugger: HKLM\..\CompatTelRunner.exe: [Debugger] = C:\Windows\System32\taskkill.exe (Microsoft)
O26 - Debugger: HKLM\..\osppsvc.exe: [VerifierDlls] = C:\Windows\system32\SppExtComObjHook.dll
O26 - Debugger: HKLM\..\SppExtComObj.Exe: [VerifierDlls] = C:\Windows\system32\SppExtComObjHook.dll


--
End of file - Time spent: 21,7 sec. - 53166 bytes, CRC32: FFFFFFFF. Sign: 틣䧇

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home Single Language), 10.0.19042.1415 (ReleaseId: 2009, 20H2), Service Pack: 0
Time: 12.01.2022 - 18:27 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes.
Ran by: 90542 (group: Administrators) on LAPTOP-HKD9V1UH, FirstRun: no.

Chrome: 97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal.

Running processes:
Number | Path.
 1 C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
 1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
 1 C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
 1 C:\Program Files\Common Files\McAfee\CSP\4.9.104.0\McCSPServiceHost.exe
 1 C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
 3 C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
 1 C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
 1 C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
 1 C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
 1 C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
 1 C:\Program Files\Common Files\McAfee\VSCore_21_9\mcapexe.exe
 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
 1 C:\Program Files\HPCommRecovery\HPCommRecovery.exe
 1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
 1 C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
 1 C:\Program Files\McAfee\MQS\QcShm.exe
 1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
 1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
 3 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
 3 C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
 1 C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
 1 C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53217.0_x64__v10z8vjag6ke6\HP.myHP.exe
 1 C:\Program Files\WindowsApps\AD2F1837.myHP_1.10.53217.0_x64__v10z8vjag6ke6\win32\HPBackgroundProcess.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
 1 C:\Users\90542\Desktop\HiJackThis.exe
 1 C:\Windows\explorer.exe
 1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
 1 C:\Windows\RtkBtManServ.exe
 1 C:\Windows\System32\audiodg.exe
 1 C:\Windows\System32\cAVS\IAS\IntelAudioService.exe
 4 C:\Windows\System32\conhost.exe
 2 C:\Windows\System32\csrss.exe
 1 C:\Windows\System32\ctfmon.exe
 1 C:\Windows\System32\dasHost.exe
 1 C:\Windows\System32\dllhost.exe
 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxEM.exe
 1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
 1 C:\Windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\TouchpointAnalyticsClientService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\AppHelperCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\BridgeCommunication.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\DiagsCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\NetworkCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\SysInfoCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_57d17b764309f47c\x64\OmenCap\OmenCap.exe
 1 C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_86dc7f4c001ddecd\RstMwService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe
 1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c8dae5f0f8089ba8\IntelCpHDCPSvc.exe
 1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c8dae5f0f8089ba8\IntelCpHeciSvc.exe
 1 C:\Windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
 2 C:\Windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\NVDisplay.Container.exe
 1 C:\Windows\System32\dwm.exe
 1 C:\Windows\System32\ETDCtrl.exe
 1 C:\Windows\System32\ETDService.exe
 2 C:\Windows\System32\fontdrvhost.exe
 1 C:\Windows\System32\lsass.exe
 1 C:\Windows\System32\mfevtps.exe
 3 C:\Windows\System32\RtkAudUService64.exe
 1 C:\Windows\System32\rundll32.exe
 4 C:\Windows\System32\RuntimeBroker.exe
 1 C:\Windows\System32\SearchFilterHost.exe
 1 C:\Windows\System32\SearchIndexer.exe
 1 C:\Windows\System32\SearchProtocolHost.exe
 1 C:\Windows\System32\SECOCL64.exe
 1 C:\Windows\System32\SECOMN64.exe
 1 C:\Windows\System32\SecurityHealthService.exe
 1 C:\Windows\System32\SecurityHealthSystray.exe
 1 C:\Windows\System32\services.exe
 1 C:\Windows\System32\SettingSyncHost.exe
 1 C:\Windows\System32\SgrmBroker.exe
 1 C:\Windows\System32\sihost.exe
 1 C:\Windows\System32\smartscreen.exe
 1 C:\Windows\System32\smss.exe
 1 C:\Windows\System32\spoolsv.exe
 86 C:\Windows\System32\svchost.exe
 1 C:\Windows\System32\taskhostw.exe
 1 C:\Windows\System32\wbem\unsecapp.exe
 2 C:\Windows\System32\wbem\WmiPrvSE.exe
 1 C:\Windows\System32\wininit.exe
 1 C:\Windows\System32\winlogon.exe
 2 C:\Windows\System32\WUDFHost.exe
 1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
 1 C:\Windows\SysWOW64\dllhost.exe
 1 C:\Windows\SysWOW64\XtuService.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [URL] = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [URL] = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} - Amazon (UK) Search Suggestions.
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKCU\..\StartupApproved\Run: [HPSEU_Host_Launcher] = C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (2021/12/30)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_B070C1DD3F7C0634A55ADA4CD84E9E6E] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2021/12/30)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\90542\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/12/30)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2021/12/30)
O4 - HKLM\..\Run: [RtkAudUService] = C:\windows\System32\RtkAudUService64.exe -background
O4 - HKLM\..\StartupApproved\Run32: [ExpressVPNNotificationService] = C:\Program Files (x86)\ExpressVPN\expressvpn-ui\ExpressVPNNotificationServiceStarter.exe (2021/12/30)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2022/01/07)
O9 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Bağlantı sorunlarını çözmenize yardımcı olacak şekilde HP Ağ Denetimini başlatır - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Ağ Denetimi - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Bağlantı sorunlarını çözmenize yardımcı olacak şekilde HP Ağ Denetimini başlatır - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Ağ Denetimi - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\windows\system32\mscoree.dll
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-330310542-4217721475-3514810156-1001 - C:\windows\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe
O22 - Task: \Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPSFReport.exe /send
O22 - Task: \Hewlett-Packard\HP Support Assistant\WarrantyChecker - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
O22 - Task: \HP\Consent Manager Launcher - C:\windows\system32\sc.exe start hptouchpointanalyticsservice
O22 - Task: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\DADUpdater.exe
O22 - Task: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler.
O22 - Task: HPAudioSwitch - C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui
O22 - Task: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O22 - Task: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: OneDrive Reporting Task-S-1-5-21-330310542-4217721475-3514810156-1001 - C:\Users\90542\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\windows\RtkBtManServ.exe
O23 - Service R2: ELAN Service - (ETDService) - C:\windows\System32\ETDService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: HP Analytics service - (HpTouchpointAnalyticsService) - C:\windows\System32\DriverStore\FileRepository\hpanalyticscomp.inf_amd64_87bd97ebe57d6f93\x64\TouchpointAnalyticsClientService.exe
O23 - Service R2: HP App Helper HSA Service - (HPAppHelperCap) - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\AppHelperCap.exe
O23 - Service R2: HP Comm Recovery - (HP Comm Recover) - C:\Program Files\HPCommRecovery\HPCommRecovery.exe
O23 - Service R2: HP Diagnostics HSA Service - (HPDiagsCap) - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\DiagsCap.exe
O23 - Service R2: HP Network HSA Service - (HPNetworkCap) - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\NetworkCap.exe
O23 - Service R2: HP Omen HSA Service - (HPOmenCap) - C:\windows\System32\DriverStore\FileRepository\hpomencustomcapcomp.inf_amd64_57d17b764309f47c\x64\OmenCap\OmenCap.exe
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service R2: HP System Info HSA Service - (HPSysInfoCap) - C:\windows\System32\DriverStore\FileRepository\hpcustomcapcomp.inf_amd64_c702a0363e0b94e9\x64\SysInfoCap.exe
O23 - Service R2: Intel(R) Audio Service - (IntelAudioService) - C:\windows\system32\cAVS\IAS\IntelAudioService.exe
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c8dae5f0f8089ba8\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Dynamic Tuning service - (esifsvc) - C:\windows\System32\DriverStore\FileRepository\dptf_cpu.inf_amd64_82b77f8c4618e2d0\esif_uf.exe
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_577b4722c749a41f\OneApp.IGCC.WinService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_efb119a73d6b56f6\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\windows\System32\DriverStore\FileRepository\lms.inf_amd64_fddb643595e0b8d0\LMS.exe
O23 - Service R2: Intel(R) Storage Middleware Service - (RstMwService) - C:\windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_86dc7f4c001ddecd\RstMwService.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_21_9\McApExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\4.9.104.0\\McCSPServiceHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee PEF Service - (PEFService) - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\windows\System32\DriverStore\FileRepository\nvhm.inf_amd64_6f7f22b0a5610d99\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\windows\System32\RtkAudUService64.exe
O23 - Service R2: Sound Research SECOMN Service - (SECOMNService) - C:\windows\System32\SECOMN64.exe
O23 - Service R2: XTUOCDriverService - (XTU3SERVICE) - C:\windows\SysWOW64\XtuService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_c8dae5f0f8089ba8\IntelCpHeciSvc.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\windows\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) Optane(TM) Memory Service - (iaStorAfsService) - C:\windows\System32\iaStorAfsService.exe
O23 - Service S3: McAfee Activation Service - (McAWFwk) - C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
O23 - Service S3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService

--
End of file - Time spent: 10,8 sec. - 46872 bytes, CRC32: FFFFFFFF. Sign: 뜑빎

O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = F:\downloads
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, {4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} = F:\saved games
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Desktop = F:\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, Personal = F:\documents
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, {374DE290-123F-4565-9164-39C4925E467B} = F:\downloads
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Desktop = F:\Desktop
O7 - KnownFolder: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders, Personal = F:\documents

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [URL] = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions.
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{134B5E3F-E59A-4DD6-892D-AD4C48E92309}: [URL] = http://www.amazon.co.uk/s/ref=azs_osd_ieauk?ie=UTF-8&tag=hp-uk1-vsb-21&link%5FcPortugueseode=qs&index=aps&field-keywords={searchTerms} - Amazon (UK) Search Suggestions.
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
O4 - HKCU\..\StartupApproved\Run: [HPSEU_Host_Launcher] = C:\System.sav\util\HPSEU\HpseuHostLauncher.exe (2021/12/30)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_B070C1DD3F7C0634A55ADA4CD84E9E6E] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2021/12/30)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\90542\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/12/30)
O9 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Bağlantı sorunlarını çözmenize yardımcı olacak şekilde HP Ağ Denetimini başlatır - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Bağlantı sorunlarını çözmenize yardımcı olacak şekilde HP Ağ Denetimini başlatır - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty)
O22 - Task: OneDrive Reporting Task-S-1-5-21-330310542-4217721475-3514810156-1001 - C:\Users\90542\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O23 - Service R2: XTUOCDriverService - (XTU3SERVICE) - C:\windows\SysWOW64\XtuService.exe