Sistemde kasmalar

LogFile of hijackthis fork by alex dragokas v.2.9.0.26.

Platform: X64 Windows 10 (Pro), 10.0.19042.572 (releaseıd: 2009), service pack: 0.
Time: 30.12.2020 - 22:39 (utc+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-unicode: Turkish (0x41F)
Elevated: Yes.
Ran by: Bucak (group: Administrator) on nesıh, firstrun: Yes.

Chrome: 87.0.4280.88.
Edge: 11.0.19041.546.
Internet Explorer: 11.0.19041.1.
Default: "C:\Program files (x86)\Google\Chrome\Application\chrome.exe" --Single-argument %1 (Google Chrome)

Boot mode: Normal.

Running processes:
Number | path.
10 C:\Program files (x86)\Google\Chrome\Application\chrome.exe.
1 C:\Program files (x86)\Google\Update\GoogleUpdate.exe.
1 C:\Program files (x86)\IObit\Advanced SystemCare\RealTimeProtector.exe.
1 C:\Users\bucak\Downloads\HiJackThis.exe.
1 C:\Windows\System32\MoUsoCoreWorker.exe.
3 C:\Windows\System32\RuntimeBroker.exe.
1 C:\Windows\System32\SecurityHealthService.exe.
1 C:\Windows\System32\SettingSyncHost.exe.
1 C:\Windows\System32\SgrmBroker.exe.
1 C:\Windows\System32\SrTasks.exe.
1 C:\Windows\System32\audiodg.exe.
1 C:\Windows\System32\conhost.exe.
2 C:\Windows\System32\csrss.exe.
1 C:\Windows\System32\ctfmon.exe.
1 C:\Windows\System32\dwm.exe.
2 C:\Windows\System32\fontdrvhost.exe.
1 C:\Windows\System32\lsass.exe.
1 C:\Windows\System32\services.exe.
1 C:\Windows\System32\sihost.exe.
1 C:\Windows\System32\smartscreen.exe.
1 C:\Windows\System32\smss.exe.
1 C:\Windows\System32\spoolsv.exe.
1 C:\Windows\System32\sppsvc.exe.
72 C:\Windows\System32\svchost.exe.
1 C:\Windows\System32\taskhostw.exe.
1 C:\Windows\System32\wbem\WmiPrvSE.exe.
1 C:\Windows\System32\wininit.exe.
1 C:\Windows\System32\winlogon.exe.
1 C:\Windows\System32\wuauclt.exe.
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe.
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe.
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe.
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe.
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.680_none_e72768c3263f99bc\TiWorker.exe.
1 C:\Windows\explorer.exe.
1 C:\Windows\servicing\TrustedInstaller.exe.

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet settings: [ProxyOverride] = *.Local.
R4 - searchscopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: [SuggestionsURL_JSON] = https://suggest.yandex.com.tr/suggest-ff.cgi?srv=ie11&uil=tr&part={searchterms}&clid=2233630 - Yandex
R4 - searchscopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C3078A0-9AAB-4371-85D1-656CA8E46EE8}: = Yandex{searchterms}&clid=2233630 - Yandex O1 - hosts: 127.0.0.1 license.piriform.com O2 - HKLM\..\BHO: ıetoedge bho - {1FD49718-1D00-4B19-AF5F-070 AF6D5D54C} - C:\Program files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho_64.dll O2-32 - HKLM\..\BHO: ıetoedge bho - {1FD49718-1D00-4B19-AF5F-070 AF6D5D54C} - C:\Program files (x86)\Microsoft\Edge\Application\87.0.664.66\BHO\ie_to_edge_bho.dll O2-32 - HKLM\..\BHO: IObit surfing protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program files (x86)\IObit\Advanced SystemCare\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll O4 - HKCU\..\StartupApproved\Run: [Advanced SystemCare] = C:\Program files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto (2020/12/30) O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program files (x86)\Steam\steam.exe -silent (2020/12/05) O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2020/03/27) O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /upgrade O4 - HKU\S-1-5-19\..\RunOnce: [mctadmin] = C:\Windows\System32\mctadmin.exe (file missing) O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /upgrade O4 - HKU\S-1-5-20\..\RunOnce: [mctadmin] = C:\Windows\System32\mctadmin.exe (file missing) O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (file missing) O10 - unknown file in winsock lsp: C:\Program files (x86)\Bonjour\mdnsNSP.dll O17 - DHCP DNS 1: 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\..\{e87cbb77-645e-44cd-9c45-4d6d7053b11c}: [NameServer] = 1.0.0.1 (well-known DNS: Cloudflare / apnıc) O17 - HKLM\System\CCS\Services\Tcpip\..\{e87cbb77-645e-44cd-9c45-4d6d7053b11c}: [NameServer] = 1.1.1.1 (well-known DNS: Cloudflare / apnıc) O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file) O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file) O22 - task: (Disabled) (Update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /runonac engagedrebootreminder (Microsoft) O22 - task: (Disabled) (Update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /runonbattery engagedrebootreminder (Microsoft) O22 - task: (Disabled) googleupdatetaskmachinecore - C:\Program files (x86)\Google\Update\GoogleUpdate.exe /C O22 - task: (Disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /Source provretrytask (Microsoft) O22 - task: (Disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /Source continuesessiontask (Microsoft) O22 - task: (Disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing) O22 - task: (Disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /restartrecording (file missing) O22 - task: (Disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file) O22 - task: (Disabled) \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file) O22 - task: (Disabled) \Microsoft\Windows\Shell\WindowsParentalControlsmigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file) O22 - task: (Disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file) O22 - task: (Disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85'DA-AF1EDFE067B1} - (no file) O22 - task: (Disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file) O22 - task: (Disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule maintenance work - C:\WINDOWS\system32\usoclient.exe startmaintenancework (Microsoft) O22 - task: (Disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule wake to work - C:\WINDOWS\system32\usoclient.exe startwork (Microsoft) O22 - task: (Telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft) O22 - task: (Update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft) O22 - task: ASC_PERFORMANCEMONITÖR - C:\Program files (x86)\IObit\Advanced SystemCare\Monitor.exe /task O22 - task: ASC_SKIPUAC_BUCAK - C:\Program files (x86)\IObit\Advanced SystemCare\ASC.exe /skipuac O22 - task: Googleupdatetaskmachineua - C:\Program files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler O22 - task: \Microsoft\Windows\Defrag\SvcRestartTask - {B1AEBB5D-EAD9-4476-B375-9C3ED9F32AFC},timer - C:\WINDOWS\System32\sppcext.dll (Microsoft) O22 - task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /doactivatewindowssearch (file missing) O22 - task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /doconfigureınternettimeservice (file missing) O22 - task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /dorecoverytasks $(arg0) (file missing) O22 - task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /ınstallplayready $(arg0) (file missing) O22 - task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -mediacenterrecoverytask (file missing) O22 - task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /ocuractivate (file missing) O22 - task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /ocurdiscovery $(arg0) (file missing) O22 - task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -objectstorerecoverytask (file missing) O22 - task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /pbdadiscovery (file missing) O22 - task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait: 7 /pbdadiscovery (file missing) O22 - task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait: 90 /pbdadiscovery (file missing) O22 - task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -pvrrecoverytask (file missing) O22 - task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -pvrschedule (file missing) O22 - task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /doregistersearch $(arg0) (file missing) O22 - task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /doreindexsearchroot (file missing) O22 - task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -sqlliterecoverytask (file missing) O22 - task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /doupdaterecordpath $(arg0) (file missing) O22 - task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /drmınit (file missing) O22 - task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(arg0) (file missing) O22 - task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43'DA-BFD7-FBEEA2180A1E} - (no file) O22 - task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(arg0) - (no file) O22 - task: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,ndfrundllduplicateıpoffendingsystem (Microsoft) O22 - task: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,ndfrundllduplicateıpdefendingsystem (Microsoft) O23 - service r2: Handsfree headset service - (hfgservice) - C:\WINDOWS\system32\svchost.exe -k bthaudiosvc; "servicedll" = C:\WINDOWS\System32\HFGService.dll O23 - service S2: Advanced SystemCare service 14 - (advancedsystemcareservice14) - C:\Program files (x86)\IObit\Advanced SystemCare\ASCService.exe O23 - service S3: Yazıcı uzantıları ve bildirimleri - (printnotify) - C:\WINDOWS\system32\svchost.exe -k print; "servicedll" = C:\WINDOWS\system32\spool\drivers\x64\3\PrintConfig.dll -- end of file - time spent: 60 sec. - 22846 bytes, crc32: Ffffffff. Sign: ᚬ此

Genişletmek için tıkla...