Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Home Single Language), 10.0.17763.503 (ReleaseId: 1809), Service Pack: 0
Time: 06.06.2019 - 02:38 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: hamza (group: Administrator) on DESKTOP-MJ5RG0T, FirstRun: yes
Edge: 11.0.17763.503
Internet Explorer: 11.0.17763.1
Default: "C:\Users\hamza\AppData\Local\Programs\Opera\Launcher.exe" -noautoupdate -- "%1" (Opera Internet Browser)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
1 C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
1 C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
1 C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
6 C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
1 C:\Program Files (x86)\Origin\OriginWebHelperService.exe
1 C:\Program Files (x86)\ShutdownTime\ShutdownTime.exe
1 C:\Program Files\AX2PS9UKIO\NM94090LH.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
1 C:\Program Files\DAEMON Tools Lite\DTShellHlp.exe
1 C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
2 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.46.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1905.4-0\NisSrv.exe
13 C:\Users\hamza\AppData\Local\Programs\Opera\60.0.3255.109\opera.exe
1 C:\Users\hamza\AppData\Local\Programs\Opera\60.0.3255.109\opera_crashreporter.exe
1 C:\Users\hamza\AppData\Local\Temp\csrss\updateprofile-0321.exe
1 C:\Users\hamza\AppData\Local\Temp\is-1ED9L.tmp\SimpleFF.exe
1 C:\Users\hamza\AppData\Local\Temp\is-8QQD7.tmp\SimpleFF.tmp
1 C:\Users\hamza\AppData\Local\Temp\is-AO7MQ.tmp\sg3wjzngah5.tmp
1 C:\Users\hamza\AppData\Local\Temp\is-BI7M0.tmp\SimpleFF.exe
1 C:\Users\hamza\AppData\Local\Temp\is-QEFCR.tmp\SimpleFF.tmp
1 C:\Users\hamza\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe
1 C:\Users\hamza\AppData\Roaming\p2iejw4l41u\sg3wjzngah5.exe
1 C:\Users\hamza\OneDrive\Masaüstü\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\SysWOW64\PnkBstrA.exe
1 C:\Windows\SysWOW64\esif_uf.exe
1 C:\Windows\System32\BtwRSupportService.exe
1 C:\Windows\System32\LogonUI.exe
2 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\WerFault.exe
1 C:\Windows\System32\WirelessKB850NotificationService.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
3 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
2 C:\Windows\System32\dwm.exe
3 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
90 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
2 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\Temp\DPTF\esif_assist_64.exe
2 C:\Windows\explorer.exe
1 C:\Windows\rss\csrss.exe
1 C:\Windows\windefender.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlOcu-1jqKQlXDVV2fK-gI5TsorvtzK5f-A9_t6RrUmovF21AKMKME4QhV6maf2k1u-tis2JTkLR_TKUculc-OUiQnZOiJbGZ1g7MMaKApvuDTIelr4sNdJmTn-ju9-jDM7J2qWoXvE,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlOcu-1jqKQlXDVV2fK-gI5TsorvtzK5f-A9_t6RrUmovF21AKMKME4QhV6maf2k1u-tis2JTkLR_TKUculc-OUiQnZOiJbGZ1g7MMaKApvuDTIelr4sNdJmTn-ju9-jDM7J2qWoXvE,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlOcu-1jqKQlXDVV2fK-gI5TsorvtzK5f-A9_t6RrUmosL-NcIlntvD5hPhY5DDCQyooq9-lnj8f33HLOgdODrn3rWktInF-EovBo8PO8_kZtGxKMcDT2w7ACtiDsG4-lbTR_S2jPAU,
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlOcu-1jqKQlXDVV2fK-gI5TsorvtzK5f-A9_t6RrUmovF21AKMKME4QhV6maf2k1u-tis2JTkLR_TKUculc-OUiQnZOiJbGZ1g7MMaKApvuDTIelr4sNdJmTn-ju9-jDM7J2qWoXvE,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main: [SearchAssistant] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlOcu-1jqKQlXDVV2fK-gI5TsorvtzK5f-A9_t6RrUmovF21AKMKME4QhV6maf2k1u-tis2JTkLR_TKUculc-OUiQnZOiJbGZ1g7MMaKApvuDTIelr4sNdJmTn-ju9-jDM7J2qWoXvE,&q={searchTerms}
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}: [SuggestionsURL_JSON] = http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&qu={searchTerms} - Search the web
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}: [URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxlOcu-1jqKQlXDVV2fK-gI5TsorvtzK5f-A9_t6RrUmovF21AKMKME4QhV6maf2k1u-tis2JTkLR_TKUculc-OUiQnZOiJbGZ1g7MMaKApvuDTIelr4sNdJmTn-ju9-jDM7J2qWoXvE,&q={searchTerms} - Search the web
R4 - SearchScopes: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 space1.adminpressure.space
O1 - Hosts: 127.0.0.1 trackpressure.website
O1 - Hosts: 127.0.0.1 htagzdownload.pw
O1 - Hosts: 127.0.0.1 360devtraking.website
O1 - Hosts: 127.0.0.1 room1.360dev.info
O1 - Hosts: 127.0.0.1 djapp.info
O1 - Hosts: 127.0.0.1 sharefolder.online
O1 - Hosts: 127.0.0.1 telechargini.com
O1 - Hosts: 127.0.0.1 fffffk.xyz
O1 - Hosts: 127.0.0.1 smarttrackk.xyz
O1 - Hosts: 127.0.0.1 space1.adminpressure.space
O1 - Hosts: 127.0.0.1 trackpressure.website
O1 - Hosts: 127.0.0.1 htagzdownload.pw
O1 - Hosts: 127.0.0.1 360devtraking.website
O1 - Hosts: 127.0.0.1 room1.360dev.info
O1 - Hosts: 127.0.0.1 djapp.info
O1 - Hosts: 127.0.0.1 sharefolder.online
O1 - Hosts: 127.0.0.1 telechargini.com
O1 - Hosts: 127.0.0.1 fffffk.xyz
O1 - Hosts: 127.0.0.1 smarttrackk.xyz
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O4 - HKCU\..\Run: [4658173] = C:\Users\hamza\AppData\Local\Temp\is-BI7M0.tmp\SimpleFF.exe /VERYSILENT
O4 - HKCU\..\Run: [585711] = C:\Users\hamza\AppData\Roaming\p2iejw4l41u\sg3wjzngah5.exe /VERYSILENT
O4 - HKCU\..\Run: [8307650] = C:\Users\hamza\AppData\Local\Temp\is-1ED9L.tmp\SimpleFF.exe /VERYSILENT
O4 - HKCU\..\Run: [B2JOH4YQBOERPVO] = C:\Program Files\AX2PS9UKIO\NM94090LH.exe
O4 - HKCU\..\Run: [BoldWind] = C:\Windows\rss\csrss.exe
O4 - HKCU\..\Run: [CloudNet] = C:\Users\hamza\AppData\Roaming\EpicNet Inc\CloudNet\cloudnet.exe 1-108
O4 - HKCU\..\StartupApproved\Run: [DAEMON Tools Lite Automount] = C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun (2018/10/27)
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\hamza\AppData\Local\Discord\app-0.0.305\Discord.exe (2018/10/13)
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files (x86)\Origin\Origin.exe -AutoStart (2018/11/15)
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent (2018/10/12)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\hamza\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2018/10/12)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2018/10/12)
O4 - HKCU\..\StartupApproved\Run: [uTorrent] = C:\Users\hamza\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (2018/10/27)
O4 - HKCU\..\StartupApproved\Run: [utweb] = C:\Users\hamza\AppData\Roaming\uTorrent Web\utweb.exe /MINIMIZED (2018/10/18)
O4 - HKLM\..\Run: [SecurityHealth] = C:\Windows\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run32: [LogMeIn Hamachi Ui] = C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start (2018/10/18)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2019/01/26)
O4-32 - HKLM\..\Run: [ShutdownTime] = C:\Program Files (x86)\ShutdownTime\ShutdownTime.exe
O17 - DHCP DNS 1: 82.163.143.146
O17 - DHCP DNS 2: 82.163.142.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{b478295b-7a83-4cff-b2a8-ec61e61cf8ff}: [NameServer] = 82.163.142.148
O17 - HKLM\System\CCS\Services\Tcpip\..\{b478295b-7a83-4cff-b2a8-ec61e61cf8ff}: [NameServer] = 82.163.143.146
O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\ProgramData\Voyasollam\Home-Tough.dll (disabled by SecureBoot)
O20-32 - HKLM\..\Windows: [AppInit_DLLs] = C:\ProgramData\Voyasollam\Keyair.dll (disabled by SecureBoot)
O22 - Task (.job): Homeville.job - C:\Program Files\Homeville\Homeville.exe (file missing) /scheduled
O22 - Task (.job): Online Application V2G1.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 69
O22 - Task (.job): Online Application V2G2.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 70
O22 - Task (.job): Online Application V2G3.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 71
O22 - Task (.job): Online Application V2G4.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 60
O22 - Task (.job): Online Application V2G5.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 61
O22 - Task (.job): Online Application V2G6.job - C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online-Guardian.exe 1 62
O22 - Task (.job): Updater_Online_Application.job - C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.exe /silentall -nofreqcheck
O23 - Service R2: Bluetooth Driver Management Service - (BcmBtRSupport) - C:\Windows\system32\BtwRSupportService.exe
O23 - Service R2: ESIF Upper Framework Service - (esifsvc) - C:\Windows\SysWOW64\esif_uf.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: LMIGuardianSvc - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service R2: LogMeIn Hamachi Tunneling Engine - (Hamachi2Svc) - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe -s
O23 - Service R2: Microsoft Office Tıkla-Çalıştır Hizmeti - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service R2: PnkBstrA - C:\Windows\system32\PnkBstrA.exe (file missing)
O23 - Service R2: Windows Defender Helper Service (Windows 1703 Creators Update) - (WinDefender) - C:\Windows\windefender.exe
O23 - Service R2: Wireless Keyboard 850 Notification Service - (WirelessKB850NotificationService) - C:\Windows\system32\WirelessKB850NotificationService.exe
O23 - Service R3: Disc Soft Lite Bus Service - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service S2: Background Logic Handler - (backlh) - C:\ProgramData\Logic Cramble\set.exe
O23 - Service S2: CloudPrinter - C:\ProgramData\\CloudPrinter\\CloudPrinter.exe shuz -f "C:\ProgramData\\CloudPrinter\\CloudPrinter.dat" -l -a
O23 - Service S2: Voyasollam - C:\ProgramData\\Voyasollam\\Voyasollam.exe shuz -f "C:\ProgramData\\Voyasollam\\Voyasollam.dat" -l -a
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Origin Client Service - C:\Program Files (x86)\Origin\OriginClientService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
--
End of file - Time spent: 115,6 sec. - 33624 bytes, CRC32: FFFFFFFF. Sign: 瑆⺫