Rehber HijackThis Log Paylaşımı ve Çözümleri

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Home Single Language), 10.0.18362.592 (ReleaseId: 1903), Service Pack: 0
Time:      10.02.2020 - 08:46 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    ev (group: Administrator) on CASPERNIRVANA, FirstRun: yes

Opera:   66.0.3515.72
Chrome:  80.0.3987.87
Edge:    11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
  29  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avpui.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
   1  C:\Program Files (x86)\PHotkey\GPMTray.exe
   1  C:\Program Files (x86)\PHotkey\HCSynApi.exe
   1  C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
   1  C:\Program Files (x86)\PHotkey\PHotkey.exe
   1  C:\Program Files (x86)\PHotkey\POsd.exe
   1  C:\Program Files\Bonjour\mDNSResponder.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Microsoft Office\Office15\MSOSYNC.EXE
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
   2  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MpCmdRun.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2001.7-0\MsMpEng.exe
   1  C:\Users\ev\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\SoftwareDistribution\Download\Install\AM_Delta_Patch_1.309.622.0.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\CompatTelRunner.exe
   1  C:\Windows\System32\MpSigStub.exe
   5  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchFilterHost.exe
   1  C:\Windows\System32\SearchIndexer.exe
   2  C:\Windows\System32\SearchProtocolHost.exe
   1  C:\Windows\System32\SecurityHealthHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\backgroundTaskHost.exe
   3  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   3  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\msiexec.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  78  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   2  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\wuauclt.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://oem.msn.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2-32 - HKLM\..\BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - (no file)
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52C1383DC3E199A9371FAD35FBEF1703] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\ev\AppData\Local\Discord\app-0.0.305\Discord.exe (2017/05/04)
O4 - HKCU\..\StartupApproved\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (2016/07/02)
O4 - HKCU\..\StartupApproved\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (2016/07/03)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\StartupApproved\Run32: [Acrobat Assistant 8.0] = C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe (2020/01/21)
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (2016/07/11)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2016/07/11)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2020/01/21)
O4 - Startup other users: C:\Users\Ev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk    ->    C:\Users\Ev\AppData\Local\Facebook\Games\FacebookGameroom.exe fbgames://windows_startup/
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O22 - Task (.job): (Not scheduled) Yandex Browser güncellemesi.job - C:\Users\Ev\AppData\Local\Yandex\YandexBrowser\Application\browser.exe  --background-update --noerrdialogs
O22 - Task (.job): Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 20.0 - (AVP20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe -r
O23 - Service R2: Kaspersky Secure Connection Hizmeti 4.0 - (KSDE4.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe -r
O23 - Service R2: NIHardwareService - C:\Program Files\Common Files\Native Instruments\Hardware\NIHardwareService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: PGFNEX Service - (PGFNEXSrv) - C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: ‪Microsoft Office Tıkla-Çalıştır Hizmeti‬ - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Hi-Rez Studios Authenticate and Update Service - (HiPatchService) - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe Files (x86)\Hi-Rez Studios\HiPatchService.exe (file missing)
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.87\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 20.0 - (klvssbridge64_20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\vssbridge64.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\WINDOWS\SysWOW64\GameMon.des -service


--
End of file - Time spent: 151,2 sec. - 31686 bytes, CRC32: FFFFFFFF. Sign: 剷

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Pro), 10.0.18362.592 (ReleaseId: 1903), Service Pack: 0
Time:      10.02.2020 - 20:37 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    Gropzen    (group: Administrator) on GROPZEN, FirstRun: yes

Chrome:  80.0.3987.87
Edge:    11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avpui.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Program Files\Mem Reduct\memreduct.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
   1  C:\Users\Gropzen\Downloads\HiJackThis.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\CompPkgSrv.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_e726a33b25732961\Display.NvContainer\NVDisplay.Container.exe
   4  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   2  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  69  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_231\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_231\bin\ssv.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [Mem Reduct] = C:\Program Files\Mem Reduct\memreduct.exe /minimized
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2019/08/27)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe (2019/08/27)
O17 - DHCP DNS 1: 46.197.15.60
O17 - DHCP DNS 2: 178.233.140.110
O17 - DHCP DNS 3: 176.240.150.250
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe /NOUACCHECK
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 20.0 - (AVP20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\avp.exe -r
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_e726a33b25732961\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nvmdi.inf_amd64_e726a33b25732961\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: QMEmulatorService - C:\Program Files\TxGameAssistant\AppMarket\QMEmulatorService.exe  (file missing)
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.87\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 20.0 - (klvssbridge64_20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Cloud 20.0\x64\vssbridge64.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe


--
End of file - Time spent: 22,9 sec. - 15280 bytes, CRC32: FFFFFFFF. Sign: 憕嚙

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Home Single Language), 10.0.18362.592 (ReleaseId: 1903), Service Pack: 0
Time:      11.02.2020 - 11:34 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    ev    (group: Administrator) on CASPERNIRVANA, FirstRun: yes

Chrome:  80.0.3987.87
Edge:    11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
   1  C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
   1  C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
   1  C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
  17  C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler.exe
   1  C:\Program Files (x86)\Google\Update\1.3.35.442\GoogleCrashHandler64.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.EXE
   1  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.EXE
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avpui.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksdeui.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
   1  C:\Program Files (x86)\PHotkey\GPMTray.exe
   1  C:\Program Files (x86)\PHotkey\HCSynApi.exe
   1  C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
   1  C:\Program Files (x86)\PHotkey\PHotkey.exe
   1  C:\Program Files (x86)\PHotkey\POsd.exe
   1  C:\Program Files\Bonjour\mDNSResponder.exe
   1  C:\Program Files\CCleaner\CCleaner64.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
   1  C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
   1  C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
   1  C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19081.22010.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
   1  C:\Program Files\WindowsApps\Microsoft.WindowsStore_12001.1001.5.0_x64__8wekyb3d8bbwe\WinStore.App.exe
   1  C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.20011.10711.0_x64__8wekyb3d8bbwe\Music.UI.exe
   1  C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20011.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
   1  C:\Users\ev.000\Desktop\HiJackThis\HiJackThis.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   7  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthHost.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\SettingSyncHost.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\SppExtComObj.Exe
   1  C:\Windows\System32\Taskmgr.exe
   2  C:\Windows\System32\backgroundTaskHost.exe
   2  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   3  C:\Windows\System32\dllhost.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\igfxCUIService.exe
   1  C:\Windows\System32\igfxEM.exe
   1  C:\Windows\System32\igfxHK.exe
   1  C:\Windows\System32\igfxTray.exe
   1  C:\Windows\System32\inetsrv\w3wp.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\notepad.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
   1  C:\Windows\System32\sppsvc.exe
  77  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WMIC.exe
   2  C:\Windows\System32\wbem\WmiPrvSE.exe
   2  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://oem.msn.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll
O2-32 - HKLM\..\BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - (no file)
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52C1383DC3E199A9371FAD35FBEF1703] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2020/02/10)
O4 - HKCU\..\StartupApproved\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (2016/07/02)
O4 - HKCU\..\StartupApproved\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (2016/07/03)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [SynTPEnh] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (file missing) (2016/07/11)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2016/07/11)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2020/01/21)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\Run: [GoogleChromeAutoLaunch_52C1383DC3E199A9371FAD35FBEF1703] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (User 'unknown') (2020/02/10)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\StartupApproved\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown') (2016/07/02)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\StartupApproved\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'unknown') (2016/07/03)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [BlueStacks Agent] = C:\Program Files (x86)\Bluestacks\HD-Agent.exe (file missing) (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [OneDrive] = C:\Users\Ev\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [Spotify Web Helper] = C:\Users\ev\AppData\Roaming\Spotify\SpotifyWebHelper.exe  (file missing) (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [Spotify] = C:\Users\ev\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized (file missing) (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (file missing) (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\StartupApproved\Run: [BlueStacks Agent] = C:\Program Files (x86)\Bluestacks\HD-Agent.exe (file missing) (User 'unknown') (2016/07/03)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\StartupApproved\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'unknown') (2016/07/03)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\StartupApproved\Run: [OneDrive] = C:\Users\Ev\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (User 'unknown') (2016/07/03)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\StartupApproved\Run: [Spotify Web Helper] = C:\Users\ev\AppData\Roaming\Spotify\SpotifyWebHelper.exe  (file missing) (User 'unknown') (2016/07/11)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\StartupApproved\Run: [Spotify] = C:\Users\ev\AppData\Roaming\Spotify\Spotify.exe -autostart -minimized (file missing) (User 'unknown') (2016/07/11)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (file missing) (User 'unknown') (2016/07/03)
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112554587\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'unknown: S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112554587')
O4 - HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'DefaultAppPool')
O4 - Startup other users: C:\Users\Ev\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Gameroom.lnk    ->    C:\Users\Ev\AppData\Local\Facebook\Games\FacebookGameroom.exe fbgames://windows_startup/
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
O22 - Task (.job): (Not scheduled) Yandex Browser güncellemesi.job - C:\Users\Ev\AppData\Local\Yandex\YandexBrowser\Application\browser.exe (file missing)  --background-update --noerrdialogs
O22 - Task (.job): Synaptics TouchPad Enhancements.job - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Bonjour Service - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 20.0 - (AVP20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\avp.exe -r
O23 - Service R2: Kaspersky Secure Connection Hizmeti 4.0 - (KSDE4.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 4.0\ksde.exe -r
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: PGFNEX Service - (PGFNEXSrv) - C:\Program Files (x86)\PHotkey\PGFNEXSrv.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: ‪Microsoft Office Tıkla-Çalıştır Hizmeti‬ - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.87\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 20.0 - (klvssbridge64_20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 20.0\x64\vssbridge64.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: nProtect GameGuard Service - (npggsvc) - C:\WINDOWS\SysWOW64\GameMon.des -service


--
End of file - Time spent: 153,7 sec. - 41764 bytes, CRC32: FFFFFFFF. Sign: 葩

O2-32 - HKLM\..\BHO: (no name) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - (no file)
O2-32 - HKLM\..\BHO: (no name) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - (no file)
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_52C1383DC3E199A9371FAD35FBEF1703] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task (.job): (Not scheduled) Yandex Browser güncellemesi.job - C:\Users\Ev\AppData\Local\Yandex\YandexBrowser\Application\browser.exe  --background-update --noerrdialogs
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\Run: [GoogleChromeAutoLaunch_52C1383DC3E199A9371FAD35FBEF1703] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058')
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112549058\..\StartupApproved\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown') (2016/07/02)
O4 - HKU\S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678\..\Run: [GoogleChromeAutoLaunch_75C48A5156749FE0723895345C1E38BF] = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window /prefetch:5 (User 'unknown: S-1-5-21-2497320219-3377557779-4214768766-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112020112552678')

O17 - DHCP DNS 1: 46.197.15.60
O17 - DHCP DNS 2: 178.233.140.110
O17 - DHCP DNS 3: 176.240.150.250
O4 - HKCU\..\Run: [Mem Reduct] = C:\Program Files\Mem Reduct\memreduct.exe /minimized

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform:  x64 Windows 10 (Pro), 10.0.18362.657 (ReleaseId: 1903), Service Pack: 0
Time:      14.02.2020 - 16:40 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated:  Yes
Ran by:    fb    (group: Administrator) on DESKTOP-IIHCUIO, FirstRun: yes

Firefox: 73.0.0.7342
Edge:    11.0.18362.628
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 20.0\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 20.0\avpui.exe
   1  C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   2  C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
   2  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   1  C:\Users\fb\Desktop\HiJackThis.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   2  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SgrmBroker.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dwm.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\rundll32.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  69  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\WMIADAP.exe
   1  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\explorer.exe

O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll
O2 - HKLM\..\BHO: ScriptInjectionPluginBrowserHelperObject - {9F904093-6E18-4536-BF5F-B03689CF00F0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 20.0\x64\IEExt\ie_plugin.dll
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O3 - HKLM\..\Toolbar: Kaspersky Protection Toolbar - {EF293C5A-9F37-49FD-91C4-2B867063FC54} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 20.0\x64\IEExt\ie_plugin.dll
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\fb\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (2020/02/13)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2017/11/26)
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Tüm bağlantıları IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 195.175.39.39
O17 - DHCP DNS 3: 195.175.39.40
O17 - DHCP DNS 4: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{cb01090b-8ca6-4af0-89ce-2f3469be9dea}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{cb01090b-8ca6-4af0-89ce-2f3469be9dea}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\            IDM Shell Extension: IDM Shell Extension - {CDC95B92-E27C-4745-A8C5-64A52A78855D} - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: Kaspersky Anti-Virus Hizmeti 20.0 - (AVP20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 20.0\avp.exe -r
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S2:  Microsoft Edge Güncelleştirmesi Hizmeti (edgeupdate) - (edgeupdate) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /svc
O23 - Service S3:  Microsoft Edge Güncelleştirmesi Hizmeti (edgeupdatem) - (edgeupdatem) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /medsvc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Kaspersky Secure Connection Hizmeti 3.0.0 - (KSDE3.0.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe -r
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 20.0 - (klvssbridge64_20.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 20.0\x64\vssbridge64.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Microsoft Edge Elevation Service - (MicrosoftEdgeElevationService) - C:\Program Files (x86)\Microsoft\Edge\Application\80.0.361.50\elevation_service.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Wise Boot Assistant - (WiseBootAssistant) - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe
O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files (x86)\Wondershare\UniConverter\Transfer\DriverInstall.exe


--
End of file - Time spent: 41,7 sec. - 21730 bytes, CRC32: FFFFFFFF. Sign: ݰ걑

O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2017/11/26)
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 195.175.39.39
O17 - DHCP DNS 3: 195.175.39.40
O17 - DHCP DNS 4: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{cb01090b-8ca6-4af0-89ce-2f3469be9dea}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{cb01090b-8ca6-4af0-89ce-2f3469be9dea}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive1: (no name) - {BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive2: (no name) - {5AB7172C-9C11-405C-8DD5-AF20F3606282} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive3: (no name) - {A78ED123-AB77-406B-9962-2A5D9D2F7F30} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive4: (no name) - {F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive5: (no name) - {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive6: (no name) - {9AA2F32D-362A-42D9-9328-24A483E2CCC3} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ OneDrive7: (no name) - {C5FF006E-2AE9-408C-B85B-2DFDD5449D9C} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Wise Boot Assistant - (WiseBootAssistant) - C:\Program Files (x86)\Wise\Wise Care 365\BootTime.exe