Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 11-09-2017
Ran by jmz (administrator) on JMZ (11-09-2017 14:13:42)
Running from C:\Users\MURAT\Desktop
Loaded Profiles: jmz (Available Profiles: jmz)
Platform: Windows 10 Home Single Language Version 1703 (X64) Language: Türkçe (Türkiye)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Apple Inc.) C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(LENOVO INCORPORATED.) C:\Program Files\lenovo\iMController\SystemAgentService.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Hi-Rez Studios) C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
(Lenovo(beijing) Limited) C:\Windows\System32\LenovoWiFiHotspotSvr.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdlauncher.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NvContainer\nvcontainer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
() C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
(Lenovo) C:\Program Files\lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\utility.exe
(Nico Mak Computing) C:\Program Files\File Association Helper\FAHWindow.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(© 2015 Microsoft Corporation) C:\Users\MURAT\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(SteelSeries ApS) C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvspcaps64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(Node.js) C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(none) C:\murat\WLan\WLAN Optimizer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2017.35063.13610.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\cef\cef.win7\steamwebhelper.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
==================== Registry (Whitelisted) ====================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SecurityHealth] => C:\Program Files\Windows Defender\MSASCuiL.exe [629152 2017-03-18] (Microsoft Corporation)
HKLM\...\Run: [RtsFT] => C:\windows\RTFTrack.exe [5060864 2015-06-16] (Realtek semiconductor)
HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe [401848 2017-06-12] ()
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-08] (Intel Corporation)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [907480 2013-09-05] (Conexant Systems, Inc.)
HKLM\...\Run: [ForteConfig] => C:\Program Files\Conexant\ForteConfig\fmapp.exe [49056 2010-10-26] ()
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-15] (Lenovo)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2014-09-16] (Lenovo(beijing) Limited)
HKLM\...\Run: [FAHConsole] => C:\Program Files\File Association Helper\FAHConsole.exe [729272 2014-01-28] (Nico Mak Computing)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508240 2015-08-05] (Adobe Systems Incorporated)
HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [16293496 2016-09-30] (Logitech Inc.)
HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [225944 2016-07-11] ()
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restriction <==== ATTENTION
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [DAEMON Tools Lite Automount] => C:\Program Files\DAEMON Tools Lite\DTAgent.exe [4471536 2015-05-21] (Disc Soft Ltd)
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [BingSvc] => C:\Users\MURAT\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3071776 2017-09-07] (Valve Corporation)
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [9832152 2017-08-03] (Piriform Ltd)
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Discord] => C:\Users\MURAT\AppData\Local\Discord\app-0.0.298\Discord.exe [57477112 2017-08-08] (Discord Inc.)
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [27219928 2016-11-03] (Skype Technologies S.A.)
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\...\RunOnce: [FlashPlayerUpdate] => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_26_0_0_137_pepper.exe [1281024 2017-07-11] (Adobe Systems Incorporated)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\CodecPackUpdateChecker.lnk [2015-01-09]
ShortcutTarget: CodecPackUpdateChecker.lnk -> C:\Windows\SysWOW64\C2MP\UpdateChecker.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SteelSeries Engine 3.lnk [2017-06-28]
ShortcutTarget: SteelSeries Engine 3.lnk -> C:\Program Files\SteelSeries\SteelSeries Engine 3\SteelSeriesEngine3.exe (SteelSeries ApS)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <==== ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1369535705-3180996973-1344369311-1002] => http=127.0.0.1:8896;https=127.0.0.1:8896
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{06d94800-74fb-4dc1-9b73-d0dbaa80cb7b}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{06d94800-74fb-4dc1-9b73-d0dbaa80cb7b}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{be16cd11-9ea3-458e-bea1-1f3d02e278b3}: [DhcpNameServer] 7.254.254.254
Tcpip\..\Interfaces\{eaaabf1b-b5eb-401b-b9b7-6960eaaff5e5}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{eaaabf1b-b5eb-401b-b9b7-6960eaaff5e5}: [DhcpNameServer] 178.233.140.110 46.196.235.90 176.240.150.250
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354589711227546&GUID=A0F6BAAF-3EEC-45A4-B0B3-7BFB2D82C523
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://
www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://
www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://
www.google.com
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131354589711239839&GUID=A0F6BAAF-3EEC-45A4-B0B3-7BFB2D82C523
HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://
www.lenovo.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> DefaultScope {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> 37B2E986A7C49C614282CBB00A67777F URL = hxxp://gorsel.yandex.com.tr/yandsearch?win=160&clid=2083124&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> A8743C42BF303D0794F58CC80983B1DE URL = hxxp://video.yandex.com.tr/#search?win=160&clid=2083124&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> EB57C9901C249E83B1DAABB89A17D035 URL = hxxp://haber.yandex.com.tr/yandsearch?rpt=nnews2&grhow=clutop&win=160&clid=2083124&text={searchTerms}
SearchScopes: HKU\S-1-5-21-1369535705-3180996973-1344369311-1002 -> {8C3078A0-9AAB-4371-85D1-656CA8E46EE8} URL = hxxp://
www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-07-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll [2017-06-28] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL [2017-07-20] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-14] (Oracle Corporation)
BHO-x32: Microsoft Web Test Recorder 10.0 Helper -> {DDA57003-0068-4ed2-9D32-4D1EC707D94D} -> c:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19] (Microsoft Corporation)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL [2017-07-20] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default [2017-08-06]
FF user.js: detected! => C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\user.js [2016-03-06]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Yandex
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\nahd6ha2.default -> Yandex
FF Homepage: Mozilla\Firefox\Profiles\nahd6ha2.default -> hxxp://
www.yandex.com.tr/?win=160&clid=2083123
FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\gorsel.yandex.com.tr-145713.xml [2015-01-22]
FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\haber.yandex.com.tr-145713.xml [2015-01-22]
FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\video.yandex.com.tr-145713.xml [2015-01-22]
FF SearchPlugin: C:\Users\MURAT\AppData\Roaming\Mozilla\Firefox\Profiles\nahd6ha2.default\searchplugins\yandex.com.tr-145713.xml [2015-01-22]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_26_0_0_137.dll [2017-07-11] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-08-06] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_26_0_0_137.dll [2017-07-11] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-16] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-14] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-06-28] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\npctrl.dll [2017-05-03] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL [2017-06-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.33.5\npGoogleUpdate3.dll [2017-04-29] (Google Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-08-06] (Adobe Systems)
FF Plugin HKU\S-1-5-21-1369535705-3180996973-1344369311-1002: jpl.nasa.gov/NASAEyes -> C:\Users\MURAT\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2017-08-23] (Jet Propulsion Laboratory)
Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://
www.msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=tr-tr
CHR StartupUrls: Default -> "hxxps://
www.google.com.tr/"
CHR DefaultSearchURL: Default -> hxxp://
www.bing.com/search?FORM=__PARAM__DF&PC=__PARAM__&q={searchTerms}
CHR DefaultSearchKeyword: Default -> bing.com
CHR Profile: C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default [2017-09-11]
CHR Extension: (BetterTTV) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped [2017-04-21]
CHR Extension: (Social Video Downloader - Save Facebook Video) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2017-08-23]
CHR Extension: (Bitmoji) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfgdeiadkckfbkeigkoncpdieiiefpig [2017-07-06]
CHR Extension: (Steam Inventory Helper) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmeakgjggjdlcpncigglobpjbkabhmjl [2017-08-29]
CHR Extension: (FrankerFaceZ) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\fadndhdgpmmaapbmfcknlfgcflmmmieb [2017-05-05]
CHR Extension: (AdBlock) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2017-08-10]
CHR Extension: (TwitchAlerts Stream Labels) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmggmdngboajiakmbpdknfpdelbjbcg [2017-02-07]
CHR Extension: (DotVPN — VPN'den daha iyi.) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpiecbcckbofpmkkkdibbllpinceiihk [2017-05-29]
CHR Extension: (Chrome Web Mağazası Ödemeleri) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-08-22]
CHR Extension: (ThemeBeta.com) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\onghcfjakljnchnjocajgcdphaoahkef [2017-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-08-08]
CHR Profile: C:\Users\MURAT\AppData\Local\Google\Chrome\User Data\System Profile [2017-09-07]
CHR HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bmkckgpgekmanipelfidlhmkfcjicion] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-1369535705-3180996973-1344369311-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fkkcgfbgohboipdhliafmacjnhjbhmim] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
Opera:
=======
OPR StartupUrls: "hxxp://
www.yandex.com.tr/?win=160&clid=2083123"
==================== Services (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2246256 2017-05-18] (Adobe Systems, Incorporated)
S3 ALG; C:\WINDOWS\System32\alg.exe [92672 2017-03-18] (Microsoft Corporation)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1522184 2017-03-05] ()
R2 Bonjour Service; C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe [394752 2015-07-15] (Apple Inc.) [File not signed]
R2 CDPUserSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R2 CDPUserSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [4424384 2017-07-07] (Microsoft Corporation)
S3 DevicesFlowUserSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 DevicesFlowUserSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272560 2015-05-21] (Disc Soft Ltd)
S3 EasyAntiCheat; C:\WINDOWS\SysWOW64\EasyAntiCheat.exe [383016 2017-04-26] (EasyAntiCheat Ltd)
S3 Fax; C:\WINDOWS\system32\fxssvc.exe [637440 2017-03-19] (Microsoft Corporation)
U2 HiPatchService; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [9728 2016-12-09] (Hi-Rez Studios) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-08] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [373688 2017-06-12] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-28] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-28] (Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-16] (Intel Corporation)
S3 Lenovo EasyPlus Hotspot; C:\Program Files (x86)\Common Files\lenovo\easyplussdk\bin\EPHotspot64.exe [533760 2014-06-03] (Lenovo)
R2 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584960 2014-05-22] (LENOVO INCORPORATED.)
R2 LenovoWiFiHotspotSvr; C:\Windows\System32\LenovoWiFiHotspotSvr.exe [198192 2014-09-16] (Lenovo(beijing) Limited)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 LogiRegistryService; C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe [193656 2016-09-30] (Logitech Inc.)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MessagingService_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 MessagingService_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation) <==== ATTENTION (no ServiceDLL)
S3 MSDTC; C:\WINDOWS\System32\msdtc.exe [147456 2017-03-18] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\System32\msiexec.exe [66048 2017-03-18] (Microsoft Corporation)
S3 msiserver; C:\WINDOWS\SysWOW64\msiexec.exe [59392 2017-03-18] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 MSSQL$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\sqlservr.exe [61913952 2010-04-03] (Microsoft Corporation)
R3 MSSQLFDLauncher$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\fdlauncher.exe [32096 2010-04-03] (Microsoft Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-01-18] (Hewlett-Packard) [File not signed]
R2 NvContainerLocalSystem; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation)
S3 NvContainerNetworkService; C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe [513144 2017-08-22] (NVIDIA Corporation)
R2 NVDisplay.ContainerLocalSystem; C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe [462784 2017-08-22] (NVIDIA Corporation)
R2 NvTelemetryContainer; C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe [450168 2017-08-22] (NVIDIA Corporation)
R2 OneSyncSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R2 OneSyncSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-01-18] (Hewlett-Packard) [File not signed]
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S3 RpcLocator; C:\WINDOWS\system32\locator.exe [11264 2017-03-18] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS\system32\lsass.exe [58488 2017-07-07] (Microsoft Corporation)
R2 SecurityHealthService; C:\WINDOWS\system32\SecurityHealthService.exe [336320 2017-07-07] (Microsoft Corporation)
S3 SensorDataService; C:\WINDOWS\System32\SensorDataService.exe [1284608 2017-03-18] (Microsoft Corporation)
S3 SNMPTRAP; C:\WINDOWS\System32\snmptrap.exe [15872 2017-05-31] (Microsoft Corporation)
S3 spectrum; C:\WINDOWS\system32\spectrum.exe [891904 2017-03-18] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS\System32\spoolsv.exe [757760 2017-03-18] (Microsoft Corporation)
S2 sppsvc; C:\WINDOWS\system32\sppsvc.exe [4574192 2017-03-18] (Microsoft Corporation)
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
S4 SQLAgent$TEST; C:\Program Files\Microsoft SQL Server\MSSQL10_50.TEST\MSSQL\Binn\SQLAGENT.EXE [428384 2010-04-03] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [255608 2016-06-01] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
S3 TieringEngineService; C:\WINDOWS\system32\TieringEngineService.exe [302592 2017-03-18] (Microsoft Corporation)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [838128 2016-12-15] (Tunngle.net GmbH)
S3 UI0Detect; C:\WINDOWS\system32\UI0Detect.exe [43008 2017-03-18] (Microsoft Corporation)
R3 UnistoreSvc_74e5e55; C:\WINDOWS\System32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R3 UnistoreSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R3 UserDataSvc_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R3 UserDataSvc_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
S3 vds; C:\WINDOWS\System32\vds.exe [643072 2017-03-18] (Microsoft Corporation)
R3 VSS; C:\WINDOWS\system32\vssvc.exe [1550848 2017-03-18] (Microsoft Corporation)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-09-06] (Microsoft Corporation)
S3 wampapache64; c:\wamp\bin\apache\apache2.4.9\bin\httpd.exe [24576 2014-05-01] (Apache Software Foundation) [File not signed]
S3 wampmysqld64; c:\wamp\bin\mysql\mysql5.6.17\bin\mysqld.exe [12942848 2014-05-01] () [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [342264 2017-03-18] (Microsoft Corporation)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [2136480 2017-06-20] (Microsoft Corporation)
R2 WpnUserService_74e5e55; C:\WINDOWS\system32\svchost.exe [47664 2017-03-18] (Microsoft Corporation)
R2 WpnUserService_74e5e55; C:\WINDOWS\SysWOW64\svchost.exe [40904 2017-03-18] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\system32\SearchIndexer.exe [933376 2017-06-03] (Microsoft Corporation)
R2 WSearch; C:\WINDOWS\SysWOW64\SearchIndexer.exe [797184 2017-06-03] (Microsoft Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
===================== Drivers (Whitelisted) ======================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 busenum; C:\WINDOWS\System32\drivers\SteelBus64.sys [146944 2014-05-29] (SteelSeries Corporation) [File not signed]
S3 CM_VENDER_CMD; C:\Program Files\Common Files\Logitech\G430Install\CMVC64.sys [17104 2014-07-31] (Windows (R) Win 7 DDK provider)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [131712 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 dtlitescsibus; C:\WINDOWS\System32\drivers\dtlitescsibus.sys [30264 2015-06-05] (Disc Soft Ltd)
R1 FACEIT; C:\WINDOWS\System32\Drivers\FACEIT.sys [7976416 2017-06-21] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [230656 2016-12-12] (Intel Corporation)
S3 ladfGSS; C:\WINDOWS\system32\drivers\ladfGSS.sys [45208 2016-09-29] (Logitech Inc.)
R2 LGCoreTemp; C:\Program Files\Logitech Gaming Software\Drivers\LgCoreTemp\lgcoretemp.sys [14184 2015-06-21] (Logitech)
R3 LGJoyXlCore; C:\WINDOWS\system32\drivers\LGJoyXlCore.sys [67736 2016-09-30] (Logitech Inc.)
S3 LGSHidFilt; C:\WINDOWS\system32\DRIVERS\LGSHidFilt.Sys [64280 2016-09-30] (Logitech Inc.)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [3485696 2017-03-18] (Intel Corporation)
R3 nvlddmkm; C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_fbb126b6a28109b9\nvlddmkm.sys [15600248 2017-08-22] (NVIDIA Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [30328 2017-08-22] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\WINDOWS\system32\drivers\nvvad64v.sys [48064 2017-07-26] (NVIDIA Corporation)
R3 nvvhci; C:\WINDOWS\System32\drivers\nvvhci.sys [57976 2017-08-22] (NVIDIA Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [895256 2015-06-18] (Realtek )
R3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3068160 2015-06-16] (Realtek Semiconductor Corp.)
S3 SAlphamHid; C:\WINDOWS\System32\drivers\SAlpham64.sys [39168 2014-05-27] (SteelSeries Corporation) [File not signed]
S3 SDFRd; C:\WINDOWS\System32\drivers\SDFRd.sys [31128 2017-03-18] ()
R3 SensorsSimulatorDriver; C:\WINDOWS\System32\drivers\WUDFRd.sys [220672 2017-03-18] (Microsoft Corporation)
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42600 2016-01-14] (Synaptics Incorporated)
R3 ssdevfactory; C:\WINDOWS\System32\drivers\ssdevfactory.sys [46408 2017-06-02] (SteelSeries ApS)
S3 sshid; C:\WINDOWS\System32\drivers\sshid.sys [45904 2017-06-19] (SteelSeries ApS)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [165504 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 tap0901t; C:\WINDOWS\System32\drivers\tap0901t.sys [48824 2016-04-26] (Tunngle.net GmbH)
S2 vcs; C:\Program Files (x86)\Common Files\Avnex\vcs64.sys [4096 2016-11-14] () [File not signed]
S3 VCSVADHWSer; C:\WINDOWS\system32\DRIVERS\vcsvad.sys [29320 2015-10-01] (AVSOFT Corp.)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44632 2017-03-18] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [294816 2017-03-18] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [121248 2017-03-18] (Microsoft Corporation)
S3 wsvd; C:\WINDOWS\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-11 14:13 - 2017-09-11 14:14 - 000037572 _____ C:\Users\MURAT\Desktop\FRST.txt
2017-09-11 14:08 - 2017-09-11 01:18 - 002396672 _____ (Farbar) C:\Users\MURAT\Desktop\FRST64.exe
2017-09-11 14:08 - 2017-09-07 09:35 - 000000712 _____ C:\Users\MURAT\Desktop\Fixlog.txt
2017-09-10 18:38 - 2017-09-10 18:38 - 000195346 _____ C:\Users\MURAT\Downloads\wu170509.diagcab
2017-09-09 22:29 - 2017-09-11 02:00 - 000000000 ___HD C:\Users\Public\Documents\AdobeGC
2017-09-08 11:22 - 2017-09-08 11:23 - 145457432 _____ (Microsoft Corporation) C:\Users\MURAT\Downloads\mpam-fe.exe
2017-09-08 10:50 - 2017-09-08 10:50 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R944A08A2-46BE-4C39-8AFE-DD9393F07D14
2017-09-08 09:28 - 2017-09-08 09:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R5D25C63D-7C84-4C63-AD19-A73F1359F4F5
2017-09-07 17:44 - 2017-09-07 17:44 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Moo0
2017-09-07 16:20 - 2017-09-07 17:44 - 000003332 _____ C:\WINDOWS\System32\Tasks\RunAsStdUser Task
2017-09-07 16:20 - 2017-09-07 17:43 - 000000000 ____D C:\Program Files (x86)\Moo0
2017-09-07 16:14 - 2017-09-07 16:18 - 000000000 ____D C:\Program Files (x86)\MyVideoConverter
2017-09-07 16:14 - 2017-09-07 16:14 - 000000000 ____D C:\WINDOWS\SysWOW64\Drivers\mycodec
2017-09-07 16:03 - 2017-09-07 16:06 - 000000000 ____D C:\Program Files (x86)\Total Video Converter
2017-09-07 09:37 - 2017-09-07 09:37 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R3207B9EA-080D-4683-9EFC-FEC0C2E6A300
2017-09-06 10:57 - 2017-09-11 14:13 - 000000000 ____D C:\FRST
2017-09-05 17:28 - 2017-09-05 17:28 - 000000000 ____D C:\Users\MURAT\source
2017-09-05 17:25 - 2017-09-05 17:27 - 000000000 ____D C:\Users\MURAT\AppData\Local\.IdentityService
2017-09-05 17:02 - 2017-09-05 17:02 - 000000000 ____D C:\Users\MURAT\AppData\LocalLow\Jet Propulsion Laboratory
2017-09-05 17:01 - 2017-09-05 17:01 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NASA's Eyes
2017-09-05 17:01 - 2017-09-05 17:01 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\JPL-NASA-Caltech
2017-09-05 14:22 - 2017-09-05 17:40 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2017
2017-09-05 14:22 - 2017-09-05 14:22 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2017 Tools for Unity
2017-09-05 14:18 - 2017-09-05 14:18 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017
2017-09-05 14:16 - 2017-09-05 14:16 - 000001499 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2017.lnk
2017-09-05 14:15 - 2017-09-05 14:23 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Visual Studio Setup
2017-09-05 14:15 - 2017-09-05 14:16 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2017-09-05 14:15 - 2017-09-05 14:15 - 000001370 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio Installer.lnk
2017-09-05 14:15 - 2017-09-05 14:15 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\vstelemetry
2017-09-05 14:15 - 2017-09-05 14:15 - 000000000 ____D C:\Users\MURAT\AppData\Local\ServiceHub
2017-09-05 14:03 - 2017-09-05 14:03 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unity 2017.1.1f1 (64-bit)
2017-09-02 13:43 - 2017-09-02 13:43 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2RBA69CF24-8574-451D-AF01-8DE279FA02AB
2017-09-01 20:58 - 2017-08-22 04:01 - 040240248 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 035924600 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 035314112 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 029019072 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 023132184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 018849456 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 013782904 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 012225984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvptxJitCompiler.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 011692344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 010072768 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 004162496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 003590592 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438541.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 001597888 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438541.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 001292096 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncMFTH264.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 001068152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 001008816 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncMFTH264.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 001004992 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000972736 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000924280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000781544 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvEncodeAPI64.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000690320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvfatbinaryLoader.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000617232 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvEncodeAPI.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000609728 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFROpenGL.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000578056 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000499320 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFROpenGL.dll
2017-09-01 20:58 - 2017-08-22 04:01 - 000000669 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
2017-09-01 20:58 - 2017-08-22 04:01 - 000000669 _____ C:\WINDOWS\system32\nv-vk64.json
2017-09-01 20:30 - 2017-09-01 20:30 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R3935B218-0AFF-465B-9E4B-33EE4AB5C4E2
2017-08-26 21:32 - 2017-08-26 21:34 - 000000000 ____D C:\Users\MURAT\AppData\Local\Celavimus3
2017-08-25 11:40 - 2017-08-25 11:40 - 000004849 _____ C:\Users\MURAT\AppData\Local\recently-used.xbel
2017-08-25 10:36 - 2017-08-25 10:36 - 000000000 ____D C:\Users\MURAT\AppData\Local\pip
2017-08-25 09:26 - 2017-08-25 09:26 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R9E85005E-667B-45D6-B561-06AB8CFBF0EA
2017-08-24 15:55 - 2017-08-24 15:55 - 000000000 ____D C:\Users\MURAT\AnacondaProjects
2017-08-24 15:54 - 2017-08-24 15:54 - 000000000 ____D C:\Users\MURAT\.jupyter
2017-08-24 09:58 - 2017-08-24 09:58 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R74C36CE2-F6E8-471B-96DA-D216C21D4239
2017-08-22 09:45 - 2017-08-22 09:45 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2RF411A19D-8C00-4666-9605-69C1FF6862D2
2017-08-22 04:44 - 2017-08-22 04:44 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R71E88B32-570A-4D59-9983-7869466B7F9D
2017-08-21 00:43 - 2017-08-21 00:43 - 000000000 ____D C:\Users\MURAT\Documents\League of Legends
2017-08-20 23:54 - 2017-08-20 23:54 - 000000000 ____D C:\ProgramData\Riot Games
2017-08-20 23:53 - 2008-07-12 08:18 - 003851784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DX9_39.dll
2017-08-20 23:53 - 2008-07-12 08:18 - 001493528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_39.dll
2017-08-20 23:53 - 2008-07-12 08:18 - 000467984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_39.dll
2017-08-20 23:51 - 2017-09-01 19:12 - 000000000 ____D C:\Program Files (x86)\Riot Games
2017-08-20 23:50 - 2017-08-20 23:53 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Riot Games
2017-08-18 10:23 - 2017-08-18 10:23 - 000000032 _____ C:\Users\MURAT\.defaults-0.1.0.ini
2017-08-18 10:07 - 2017-08-18 10:07 - 000000000 ____D C:\Users\MURAT\Documents\FeedbackHub
2017-08-17 16:26 - 2017-09-03 02:20 - 000000000 ____D C:\Users\MURAT\.spyder
2017-08-17 16:00 - 2017-08-17 16:00 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anaconda2 (64-bit)
2017-08-17 15:55 - 2017-08-17 16:00 - 000000000 ____D C:\Users\MURAT\Anaconda2
2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\jupyter
2017-08-17 14:58 - 2017-08-17 14:58 - 000000000 ____D C:\Users\MURAT\.ipython
2017-08-17 14:57 - 2017-09-03 02:20 - 000000000 ____D C:\Users\MURAT\.matplotlib
2017-08-17 14:57 - 2017-08-24 15:54 - 000000043 _____ C:\Users\MURAT\.condarc
2017-08-17 14:57 - 2017-08-17 15:36 - 000000000 ____D C:\Users\MURAT\.spyder-py3
2017-08-17 14:57 - 2017-08-17 14:57 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Jedi
2017-08-17 14:56 - 2017-08-24 15:55 - 000000000 ____D C:\Users\MURAT\.conda
2017-08-17 14:56 - 2017-08-17 14:56 - 000000000 ____D C:\Users\MURAT\AppData\Local\conda
2017-08-17 14:56 - 2017-08-17 14:56 - 000000000 ____D C:\Users\MURAT\.anaconda
2017-08-17 14:54 - 2017-08-25 16:45 - 000000000 ____D C:\Users\MURAT\Documents\Python Scripts
2017-08-17 14:28 - 2017-08-17 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Python 3.6
2017-08-17 14:28 - 2017-08-17 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\Package Cache
2017-08-16 09:22 - 2017-08-16 09:22 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R121C8B4D-0BDA-4349-B2B2-63E524F949B0
2017-08-15 23:55 - 2017-08-10 03:34 - 001988216 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6438528.dll
2017-08-15 23:55 - 2017-08-10 03:34 - 001598072 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6438528.dll
2017-08-15 23:01 - 2017-08-15 23:01 - 000000000 ____D C:\Users\MURAT\AppData\Local\TempOfficeC2R6F526ED0-363B-4576-8084-CD3EA542A241
2017-08-14 17:12 - 2017-08-14 17:12 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\DYA_VPPVDWTJFSDDMUTMB
2017-08-14 17:12 - 2017-08-14 17:12 - 000000000 ____D C:\ProgramData\DYA_VPPVDWTJFSDDMUTMB
2017-08-13 23:45 - 2017-08-13 23:45 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Discord Inc
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2017-09-11 14:04 - 2016-01-18 21:00 - 000000000 ____D C:\Users\MURAT\AppData\Local\CrashDumps
2017-09-11 13:28 - 2017-05-31 04:57 - 000000000 ____D C:\WINDOWS\system32\SleepStudy
2017-09-11 12:25 - 2017-05-31 05:02 - 000000000 ____D C:\ProgramData\NVIDIA
2017-09-11 10:54 - 2015-09-22 03:05 - 000000000 ____D C:\Program Files (x86)\Steam
2017-09-11 09:35 - 2017-05-31 06:08 - 000003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
2017-09-11 09:34 - 2017-05-31 05:02 - 000000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-09-11 02:22 - 2017-05-31 05:05 - 000000000 ____D C:\Users\MURAT
2017-09-11 02:05 - 2014-12-21 12:47 - 000000000 ____D C:\Users\MURAT\AppData\Local\Adobe
2017-09-11 00:08 - 2016-06-24 10:18 - 000737320 _____ C:\WINDOWS\system32\Drivers\EasyAntiCheat.sys
2017-09-10 22:16 - 2017-05-31 06:08 - 000004186 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{B2FC2BD6-817C-4036-B10D-BDF010B0A5D4}
2017-09-10 14:07 - 2016-12-14 02:53 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\steelseries-engine-3-client
2017-09-10 13:57 - 2017-05-31 05:03 - 003437436 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-09-10 13:57 - 2017-03-20 07:02 - 001510216 _____ C:\WINDOWS\system32\perfh01F.dat
2017-09-10 13:57 - 2017-03-20 07:02 - 000401600 _____ C:\WINDOWS\system32\perfc01F.dat
2017-09-09 22:30 - 2017-06-30 17:23 - 000003350 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task-S-1-5-21-1369535705-3180996973-1344369311-1002
2017-09-09 22:30 - 2015-07-30 01:12 - 000002386 _____ C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2017-09-09 22:30 - 2015-03-03 00:52 - 000000000 ___RD C:\Users\MURAT\OneDrive
2017-09-09 22:26 - 2014-12-23 21:24 - 000192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-09-09 22:25 - 2017-03-19 00:01 - 000000000 ____D C:\WINDOWS\INF
2017-09-08 17:42 - 2017-01-18 08:45 - 000000000 ____D C:\Program Files (x86)\Hi-Rez Studios
2017-09-08 17:41 - 2017-05-31 06:08 - 000000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-09-08 17:41 - 2017-03-18 14:40 - 001572864 _____ C:\WINDOWS\system32\config\BBI
2017-09-08 15:16 - 2014-12-21 18:01 - 000000000 ___RD C:\murat
2017-09-08 15:16 - 2014-12-21 07:07 - 000000000 ____D C:\Users\MURAT\AppData\Local\Packages
2017-09-08 12:52 - 2017-03-18 23:51 - 000000000 ____D C:\WINDOWS\CbsTemp
2017-09-08 11:11 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\system32\NDF
2017-09-08 11:09 - 2017-07-06 09:31 - 000000000 __SHD C:\zec
2017-09-08 10:25 - 2017-05-31 04:57 - 005352544 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-09-08 09:56 - 2017-07-06 09:31 - 000003572 _____ C:\WINDOWS\System32\Tasks\Google Update
2017-09-08 09:56 - 2017-07-06 09:31 - 000003570 _____ C:\WINDOWS\System32\Tasks\GoogleUpdate
2017-09-07 15:47 - 2015-07-25 02:08 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\MPC-HC
2017-09-06 16:32 - 2016-11-01 02:43 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2015
2017-09-05 15:19 - 2016-11-08 17:07 - 000000000 ____D C:\Users\MURAT\AppData\LocalLow\Unity
2017-09-05 15:11 - 2016-11-08 17:07 - 000000000 ____D C:\ProgramData\Unity
2017-09-05 14:22 - 2016-11-08 16:31 - 000000000 ____D C:\Program Files (x86)\Microsoft Visual Studio Tools for Unity
2017-09-05 14:21 - 2014-09-16 00:28 - 000000000 ____D C:\ProgramData\Package Cache
2017-09-05 14:18 - 2017-05-31 04:36 - 000000000 ____D C:\Program Files (x86)\MSBuild
2017-09-05 14:05 - 2016-11-08 16:06 - 000000000 ____D C:\Program Files\Unity
2017-09-05 11:41 - 2015-07-09 11:41 - 000000132 _____ C:\Users\MURAT\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-09-05 09:51 - 2015-01-22 15:26 - 000000000 ____D C:\Users\MURAT\AppData\Local\ElevatedDiagnostics
2017-09-05 09:45 - 2017-07-13 16:33 - 000002259 _____ C:\WINDOWS\epplauncher.mif
2017-09-05 08:59 - 2016-03-06 21:43 - 000000000 ____D C:\ProgramData\ProductData
2017-09-03 00:43 - 2017-02-07 13:33 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\obs-studio
2017-09-02 13:26 - 2014-09-16 01:11 - 000000000 ____D C:\ProgramData\Energy Manager
2017-09-01 21:03 - 2017-05-31 05:02 - 000000000 ____D C:\ProgramData\NVIDIA Corporation
2017-09-01 21:02 - 2017-06-15 23:36 - 000004000 _____ C:\WINDOWS\System32\Tasks\NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:02 - 2017-05-31 06:08 - 000004308 _____ C:\WINDOWS\System32\Tasks\NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:02 - 2017-05-31 06:08 - 000003994 _____ C:\WINDOWS\System32\Tasks\NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:01 - 2017-05-31 06:08 - 000003894 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:01 - 2017-05-31 06:08 - 000003866 _____ C:\WINDOWS\System32\Tasks\NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:01 - 2017-05-31 06:08 - 000003858 _____ C:\WINDOWS\System32\Tasks\NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:01 - 2017-05-31 06:08 - 000003696 _____ C:\WINDOWS\System32\Tasks\NvTmRepOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:01 - 2017-05-31 06:08 - 000003654 _____ C:\WINDOWS\System32\Tasks\NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}
2017-09-01 21:01 - 2017-05-31 05:02 - 000000000 ____D C:\Program Files\NVIDIA Corporation
2017-09-01 21:01 - 2017-05-31 05:02 - 000000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2017-09-01 21:01 - 2016-03-12 01:28 - 000000000 ____D C:\Program Files (x86)\VulkanRT
2017-08-29 09:20 - 2015-07-30 10:03 - 000002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-08-25 16:13 - 2015-03-21 03:00 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\Skype
2017-08-25 11:42 - 2017-06-19 14:02 - 000000000 ____D C:\Users\MURAT\.gimp-2.8
2017-08-25 00:46 - 2016-01-01 19:33 - 000018960 _____ (Logitech, Inc.) C:\WINDOWS\system32\Drivers\LNonPnP.sys
2017-08-22 04:01 - 2017-07-30 07:19 - 000046453 _____ C:\WINDOWS\system32\nvinfo.pb
2017-08-22 04:01 - 2017-06-28 10:01 - 000179320 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2017-08-22 04:01 - 2017-06-28 10:01 - 000146552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2017-08-22 04:01 - 2017-05-31 05:02 - 000001951 _____ C:\WINDOWS\NvContainerRecovery.bat
2017-08-22 04:01 - 2017-05-11 11:20 - 004210360 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
2017-08-22 04:01 - 2017-05-11 11:20 - 003712024 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
2017-08-22 04:01 - 2017-05-11 11:20 - 000057976 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvhci.sys
2017-08-22 04:01 - 2017-04-09 23:42 - 001923192 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
2017-08-22 04:01 - 2017-04-09 23:42 - 001755256 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
2017-08-22 04:01 - 2017-04-09 23:42 - 001505912 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
2017-08-22 04:01 - 2017-04-09 23:42 - 001317496 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll
2017-08-22 04:01 - 2017-04-09 23:42 - 000121464 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
2017-08-22 04:01 - 2017-04-09 23:41 - 000001951 _____ C:\WINDOWS\NvTelemetryContainerRecovery.bat
2017-08-22 02:10 - 2017-05-31 05:02 - 006463424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 002479224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 001762752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 000549312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 000392312 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 000147576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\oemdspif.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 000082040 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
2017-08-22 02:10 - 2017-05-31 05:02 - 000069752 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2017-08-19 22:35 - 2014-12-30 03:08 - 000000000 ____D C:\Users\MURAT\Documents\Max Payne 2 Savegames
2017-08-19 10:10 - 2017-05-31 05:02 - 008142301 _____ C:\WINDOWS\system32\nvcoproc.bin
2017-08-19 00:22 - 2015-01-06 14:28 - 000000000 ____D C:\Users\MURAT\AppData\Local\NVIDIA Corporation
2017-08-17 09:23 - 2015-06-29 16:15 - 000000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2017-08-15 23:13 - 2015-06-14 09:41 - 000000000 ____D C:\Program Files (x86)\Rockstar Games
2017-08-15 23:12 - 2015-06-14 09:41 - 000000000 ____D C:\Program Files\Rockstar Games
2017-08-15 14:54 - 2017-01-16 00:45 - 000000000 ____D C:\Users\MURAT\.chatty
2017-08-15 10:01 - 2014-12-21 15:45 - 000000000 ____D C:\Users\MURAT\Documents\Visual Studio 2010
2017-08-14 11:25 - 2017-03-19 00:03 - 000000000 ____D C:\WINDOWS\Branding
2017-08-13 23:45 - 2016-04-18 21:58 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\discord
2017-08-13 23:45 - 2016-04-18 21:58 - 000000000 ____D C:\Users\MURAT\AppData\Local\Discord
2017-08-13 00:00 - 2017-03-29 15:58 - 000002432 _____ C:\Users\MURAT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StreamLabels.lnk
2017-08-12 22:55 - 2014-12-21 16:38 - 000000000 ____D C:\Users\MURAT\AppData\Roaming\TS3Client
==================== Files in the root of some directories =======
2016-08-06 15:56 - 2016-08-06 16:23 - 000000132 _____ () C:\Users\MURAT\AppData\Roaming\Adobe BMP Format CS6 Prefs
2015-07-09 11:41 - 2017-09-05 11:41 - 000000132 _____ () C:\Users\MURAT\AppData\Roaming\Adobe PNG Format CS6 Prefs
2017-08-25 11:40 - 2017-08-25 11:40 - 000004849 _____ () C:\Users\MURAT\AppData\Local\recently-used.xbel
2015-04-01 14:58 - 2015-04-01 14:58 - 000007609 _____ () C:\Users\MURAT\AppData\Local\Resmon.ResmonCfg
2016-08-31 10:57 - 2016-08-31 10:57 - 000000003 _____ () C:\Users\MURAT\AppData\Local\updater.log
2016-08-31 10:57 - 2016-08-31 10:57 - 000000424 _____ () C:\Users\MURAT\AppData\Local\UserProducts.xml
2017-05-31 05:02 - 2017-05-31 05:02 - 000000000 ____H () C:\ProgramData\DP45977C.lfl
2016-12-16 16:19 - 2017-01-10 23:20 - 000015106 _____ () C:\ProgramData\NvTelemetryContainer.log
2016-12-16 16:19 - 2017-01-05 01:44 - 000033432 _____ () C:\ProgramData\NvTelemetryContainer.log_backup1
==================== Bamital & volsnap ======================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2017-09-06 10:42
==================== End of FRST.txt ============================