HijackThis raporu sonuçları

oreoorucc · 3 Kasım 2023

Dün Windows Defender üzerinden tam tarama yaptım ve bilgisayarımda trojan buldu. Üzerine Kaspersky ve Malwarebytes ile tekrar tarattım ve silindiğini gösteriyor. Yine de tam olarak içim rahat etmedi ve HijackThis taraması yaptım. Son günlerde bilgisayarda performans düşüşü var. Sonuçları inceleyebilecek olan varsa şimdiden teşekkürler. @Murat5038

Kod:

Logfile of HijackThis+ (Alpha version) by Alex Dragokas v.3.3.0.6

Platform: x64 Windows 11 (Pro), 10.0.22621.2428 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 03.11.2023 - 15:11 (UTC+03:00)
Language: OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory: 10274 MiB Free. Loading RAM (36 %), CPU (2 %)
Elevated: Yes.
Ran by: Ideapad (group: Administrators; type: Microsoft) on LENOVO, FirstRun: yes.

Firefox: 119.0.0.8692
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal (Secure Boot: Off) (Code Integrity: On)

Running processes:
Number | Path.
 1 C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\13.1.1.12\AdskLicensingService\AdskLicensingService.exe
 1 C:\Program Files (x86)\Internet Download Manager\IDMan.exe
 1 C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
 2 C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe
 1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avpui.exe
 1 C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
 1 C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
 1 C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoGamingSystemAddin).exe
 1 C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
 1 C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
 1 C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
 2 C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
 1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
 1 C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
 1 C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
 1 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
 1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
 1 C:\Program Files\HitmanPro\hmpsched.exe
 3 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
 3 C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
 1 C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_15.81.24001.0_x64__8wekyb3d8bbwe\gamingservices.exe
 1 C:\Program Files\WindowsApps\Microsoft.GamingServices_15.81.24001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
 1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\HxOutlook.exe
 1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\HxTsr.exe
 1 C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBar.exe
 1 C:\Program Files\WindowsApps\microsoft.xboxgamingoverlay_5.823.3261.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
 1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23052.125.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
 1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
 1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23090.2008-0\MsMpEng.exe
 1 C:\Users\Ideapad\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSB.exe
 1 C:\Users\Ideapad\Desktop\HiJackThis.exe
 1 C:\Windows\explorer.exe
 1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
 1 C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
 1 C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
 1 C:\Windows\RtkBtManServ.exe
 1 C:\Windows\System32\AggregatorHost.exe
 1 C:\Windows\System32\amdfendrsr.exe
 1 C:\Windows\System32\ApplicationFrameHost.exe
 1 C:\Windows\System32\audiodg.exe
 1 C:\Windows\System32\backgroundTaskHost.exe
 1 C:\Windows\System32\cmd.exe
 2 C:\Windows\System32\conhost.exe
 2 C:\Windows\System32\csrss.exe
 1 C:\Windows\System32\ctfmon.exe
 2 C:\Windows\System32\dllhost.exe
 2 C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
 1 C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_e3f96af62737a898\RstMwService.exe
 2 C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\Display.NvContainer\NVDisplay.Container.exe
 1 C:\Windows\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\atieclxx.exe
 1 C:\Windows\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\atiesrxx.exe
 1 C:\Windows\System32\dwm.exe
 1 C:\Windows\System32\FMService64.exe
 2 C:\Windows\System32\fontdrvhost.exe
 1 C:\Windows\System32\Locator.exe
 1 C:\Windows\System32\LsaIso.exe
 1 C:\Windows\System32\lsass.exe
 1 C:\Windows\System32\oobe\UserOOBEBroker.exe
 1 C:\Windows\System32\RtkAudUService64.exe
 1 C:\Windows\System32\rundll32.exe
 9 C:\Windows\System32\RuntimeBroker.exe
 1 C:\Windows\System32\SearchFilterHost.exe
 1 C:\Windows\System32\SearchIndexer.exe
 1 C:\Windows\System32\SearchProtocolHost.exe
 1 C:\Windows\System32\SecurityHealthService.exe
 1 C:\Windows\System32\SecurityHealthSystray.exe
 1 C:\Windows\System32\services.exe
 1 C:\Windows\System32\sihost.exe
 1 C:\Windows\System32\smartscreen.exe
 1 C:\Windows\System32\smss.exe
 1 C:\Windows\System32\spoolsv.exe
 80 C:\Windows\System32\svchost.exe
 1 C:\Windows\System32\taskhostw.exe
 1 C:\Windows\System32\wbem\unsecapp.exe
 2 C:\Windows\System32\wbem\WmiPrvSE.exe
 1 C:\Windows\System32\wininit.exe
 1 C:\Windows\System32\winlogon.exe
 1 C:\Windows\System32\WUDFHost.exe
 1 C:\Windows\System32\WWAHost.exe
 1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
 1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O4 - HKCU\..\Run: [WallpaperEngine] = C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe -silent (sign: 'Skutta, Kristjan')
O4 - HKCU\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\Ideapad\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (2023/08/26) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Ideapad\AppData\Local\Discord\Update.exe --processStart Discord.exe (2023/06/03) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2023/06/26) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2023/10/10) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2023/10/10) (sign: 'Tonec Inc.')
O4 - HKCU\..\StartupApproved\Run: [LenovoVantage] = C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe (sign: 'Lenovo')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_FB73E4361DE7EC1E4C9B8FB67C21D7D5] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background (2023/06/26) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [ProtonVPN] = C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe (2023/05/22) (sign: 'Proton Technologies AG')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2023/06/26) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2023/05/22) (sign: 'Valve Corp.')
O4 - HKLM\..\StartupApproved\Run: [Autodesk Access] = C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe --minimizedUi (2023/05/25) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [Autodesk Genuine Service ] = C:\Program Files\Autodesk\Genuine Service\GenuineService.exe (2023/05/25) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/06/26) (sign: 'Oracle America, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [TeamsMachineInstaller] = C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (file missing) (2023/05/23)
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\IDM ile indir: (default) = C:\Program Files (x86)\Internet Download Manager\IEExt.htm (not signed)
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Lenovo\Vantage\Schedule\DailyTelemetryTransmission - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \Lenovo\ImController\Lenovo iM Controller Monitor - C:\WINDOWS\system32\ImController.InfInstaller.exe -checkremoval (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\0e2a1935-d78e-4b58-ace5-5c2ecd30e06a - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 0e2a1935-d78e-4b58-ace5-5c2ecd30e06a (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\b07fb610-40a8-43e9-8915-d379518cae5b - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger b07fb610-40a8-43e9-8915-d379518cae5b (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\c353ff3e-b6ac-4982-a92c-1af16cc18455 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger c353ff3e-b6ac-4982-a92c-1af16cc18455 (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\e337850b-9537-4675-b582-645fd9766560 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger e337850b-9537-4675-b582-645fd9766560 (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Lenovo Service Bridge\S-1-5-21-2325558188-2086136659-2365094594-1001 - C:\Users\Ideapad\AppData\Local\Programs\Lenovo\Lenovo Service Bridge\LSBUpdater.exe (sign: 'Lenovo (Beijing) Limited')
O22 - Tasks: \Lenovo\LenovoNowLauncher - C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.exe /task (sign: 'Lenovo')
O22 - Tasks: \Lenovo\LenovoNowQuarterlyLaunch - C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe /QuarterlyLaunch (sign: 'Lenovo')
O22 - Tasks: \Lenovo\LenovoNowTask - C:\Program Files (x86)\Lenovo\LenovoNow\x86\LenovoNow.Task.exe $(EventData) (sign: 'Lenovo')
O22 - Tasks: \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance - C:\WINDOWS\system32\sc.exe start LenovoVantageService (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\GenericMessagingAddin - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\NotificationCenter - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\InputSettingsRestoreDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},InputSettingsRestoreDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\syncpensettings - {3ECEE215-83F5-4123-A592-74F1FE4C3D59},SYNC_PEN_SETTINGS - C:\Windows\System32\SettingsHandlers_Pen.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\InstallService\RestoreDevice - {7f019157-05c8-473f-8664-2ba04a090dc8} - C:\WINDOWS\System32\InstallServiceTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing)
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (sign: 'AO Kaspersky Lab')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'Nvidia Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'Nvidia Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: OneDrive Per-Machine Standalone Update Task - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe (sign: 'Microsoft')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-2325558188-2086136659-2365094594-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\atiesrxx.exe (sign: 'Advanced Micro Devices INC.')
O23 - Service R2: Autodesk Access Service Host - C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Autodesk Desktop Licensing Service - (AdskLicensingService) - C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Critical Service for Lenovo Vantage - (LenovoVantageService) - C:\Program Files (x86)\Lenovo\VantageService\\3.13.72.0\LenovoVantageService.exe (sign: 'Microsoft')
O23 - Service R2: Dolby DAX API Service - (DolbyDAXAPI) - C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe (sign: 'Microsoft')
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (sign: 'Flexera Software LLC')
O23 - Service R2: Fortemedia APO Control Service - (FMAPOService) - C:\WINDOWS\System32\FMService64.exe (sign: 'Microsoft')
O23 - Service R2: GameInput Service - C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_15.81.24001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_15.81.24001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: HitmanPro Scheduler - (HitmanProScheduler) - C:\Program Files\HitmanPro\hmpsched.exe (sign: 'Sophos BV')
O23 - Service R2: Intel(R) Storage Middleware Service - (RstMwService) - C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_e3f96af62737a898\RstMwService.exe (sign: 'Microsoft')
O23 - Service R2: Kaspersky Hizmeti 21.15 - (AVP21.15) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'Microsoft')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (sign: 'Nvidia Corporation')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe (sign: 'Microsoft')
O23 - Service R2: System Interface Foundation Service - (ImControllerService) - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (sign: 'Microsoft')
O23 - Service S2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Microsoft') (+safe mode)
O23 - Service S2: Microsoft Edge Update Service (edgeupdate) - (edgeupdate) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /svc (sign: 'Microsoft')
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Easy Anti-Cheat (Epic Online Services) - (EasyAntiCheat_EOS) - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\23.209.1008.0002\FileSyncHelper.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) Optane(TM) Memory Service - (iaStorAfsService) - C:\WINDOWS\System32\iaStorAfsService.exe (sign: 'Microsoft')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.15 - (klvssbridge64_21.15) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: Microsoft Edge Update Service (edgeupdatem) - (edgeupdatem) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /medsvc (sign: 'Microsoft')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\23.209.1008.0002\OneDriveUpdaterService.exe (sign: 'Microsoft')
O23 - Service S3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.6\ProtonVPNService.exe (sign: 'Proton Technologies AG')
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.6\ProtonVPN.WireGuardService.exe "C:\ProgramData\ProtonVPN\WireGuard\ProtonVPN.conf" (sign: 'Proton Technologies AG')
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (sign: 'Rockstar Games, Inc.')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Driver R: (no name) - C:\WINDOWS\System32\drivers\dump_iaStorAC.sys (file missing)
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\WINDOWS\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\WINDOWS\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: Intel(R) Chipset SATA/PCIe RST Premium Controller - (iaStorAC) - C:\WINDOWS\System32\drivers\iaStorAC.sys (sign: 'Intel(R) Rapid Storage Technology')
O23 - Driver R0: klupd_K4W-21-15_arkmon - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-15_klbg - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\WINDOWS\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-15 - (KLIF.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-15 - (klpd.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-15 - (klflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-15 - (klbackupdisk.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-15 - (klbackupflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-15 - (klkbdflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-15 - (klpnpflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-15 - (klgse.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-15 - (klhk.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-15 - C:\WINDOWS\system32\DRIVERS\K4W-21-15\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-15 - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-15 - C:\WINDOWS\system32\DRIVERS\K4W-21-15\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Mouse Suite Bluetooth Driver - (pelmoubt) - C:\WINDOWS\System32\drivers\pelmoubt.sys (sign: 'Microsoft' - Primax Electronics Ltd.)
O23 - Driver R1: Steam Xbox Controller Enhanced Features Driver - (steamxbox) - C:\WINDOWS\System32\drivers\steamxbox.sys (sign: 'Valve Corp.')
O23 - Driver R2: IDMWFP - C:\WINDOWS\System32\drivers\idmwfp.sys (sign: 'Microsoft' - Tonec Inc.)
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\WINDOWS\System32\drivers\amdfendr.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Crash Defender Manager Driver - (amdfendrmgr) - C:\WINDOWS\System32\drivers\amdfendrmgr.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\WINDOWS\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD I2C Controller Service - (amdi2c) - C:\WINDOWS\System32\drivers\amdi2c.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Link Controller Emulation - (AMDXE) - C:\WINDOWS\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: amdkmdag - C:\WINDOWS\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\amdkmdag.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R3: Audio Coprocessr Driver for DSP - (amdacpbus) - C:\WINDOWS\System32\DriverStore\FileRepository\amdacpbus.inf_amd64_af13df68f939c879\amdacpbus.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-15 - (klmouflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-15 - C:\ProgramData\Kaspersky Lab\AVP21.15\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-15_klark - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-15_mark - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: Lenovo Virtual Power Controller Driver - (ACPIVPC) - C:\WINDOWS\System32\drivers\AcpiVpc.sys (sign: 'Lenovo')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\WINDOWS\system32\drivers\nvvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: nvlddmkm - C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\WINDOWS\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Realtek Bluetooth Filter Driver - (RtkBtFilter) - C:\WINDOWS\System32\drivers\RtkBtfilter.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\WINDOWS\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek Wireless LAN 802.11n PCI-E Network Adapter - (RTWlanE) - C:\WINDOWS\System32\drivers\rtwlane.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\WINDOWS\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S1: Android Emulator Hypervisor Driver Service - (gvm) - C:\WINDOWS\system32\DRIVERS\gvm.sys (sign: 'Google LLC')
O23 - Driver S3: AMD PCI - (AMDPCIDev) - C:\WINDOWS\System32\drivers\AMDPCIDev.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\WINDOWS\System32\drivers\bthmodem.sys (not signed)
O23 - Driver S3: Bluetooth Mouse Filter Driver - (pelbtm) - C:\WINDOWS\System32\drivers\pelbtm.sys (sign: 'Microsoft' - Primax Electronics Ltd.)
O23 - Driver S3: FBNetFilter - C:\WINDOWS\System32\drivers\FBNetFlt.sys (sign: 'LENOVO (UNITED STATES) INC.')
O23 - Driver S3: iaStorAfs - C:\WINDOWS\System32\drivers\iaStorAfs.sys (sign: 'Intel(R) Rapid Storage Technology')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: LenovoDiagnosticsDriver - C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.1.1.2\LenovoDiagnosticsDriver.sys (sign: 'Lenovo')
O23 - Driver S3: MBAMSwissArmy - C:\WINDOWS\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver S3: Microsoft Mouse and Keyboard Center Filter Driver - (Point64) - C:\WINDOWS\System32\drivers\point64.sys (sign: 'Microsoft' - Microsoft Corporation)
O23 - Driver S3: MS Hardware Device Detection Driver (USB) - (dc3d) - C:\WINDOWS\System32\drivers\dc3d.sys (sign: 'Microsoft' - Microsoft Corporation)
O23 - Driver S3: NVIDIA USB Type-C PPC Service - (UcmCxUcsiNvppc) - C:\WINDOWS\System32\DriverStore\FileRepository\nvppc.inf_amd64_fecd1cb127838d10\UcmCxUcsiNvppc.sys (sign: 'NVIDIA Corporation')
O23 - Driver S3: NVPCF Service - (nvpcf) - C:\WINDOWS\System32\drivers\nvpcf.sys (sign: 'NVIDIA Corporation')
O23 - Driver S3: ProtonVPNCallout - C:\Program Files\Proton\VPN\v3.2.6\Resources\ProtonVPN.CalloutDriver.sys (+safe mode) (sign: 'Microsoft' - Proton Technologies AG)
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\WINDOWS\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\WINDOWS\System32\drivers\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB QCRMNET Filter Driver - (ssudqcfilter) - C:\WINDOWS\System32\drivers\ssudqcfilter.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: WireGuard - C:\WINDOWS\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'klim6'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'klwtp.K4W-21-15'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'ProtonVPN Service'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'ProtonVPNCallout'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'.
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RTWlanE'.

--
End of file - Time spent: 36,8 sec. - 80028 bytes, CRC32: FFFFFFFF. Sign: 㖑䣃

oreoorucc · 9 Kasım 2023

Typede983 dedi:
Geçmiş olsun.

Sağ olun hocam.

Nizel G · 9 Kasım 2023

Bozuk zamanlanmış görevler var. Virüsün kalıntıları diye yorumladım. Onları kaldırın.

C:\WINDOWS\system32\compattelrunner.exe

Telemetri adı altında istenilen uygulama veya virüsün çalıştırılabilmesi açığına sahip bir Windows programı.

oreoorucc · 9 Kasım 2023

Nizel G dedi:
Bozuk zamanlanmış görevler var. Virüsün kalıntıları diye yorumladım. Onları kaldırın.

C:\WINDOWS\system32\compattelrunner.exe

Telemetri adı altında istenilen uygulama veya virüsün çalıştırılabilmesi açığına sahip bir Windows programı.

Cevabınız için teşekkürler. Silmem gerekenler tam olarak hangileri? "damaged" etiketi bulunanlar mı?

"Damaged" olarak etiketlenenleri sildim. Ardından tekrar tarama yaptım ve önceden olmayan bazı girdiler gördüm. Gözüme çarpanlar "BITS Job:" şeklinde olanlar. Bunlar nedin acaba? @Nizel G

Kod:

Logfile of HijackThis+ (Alpha version) by Alex Dragokas v.3.3.0.6

Platform:  x64 Windows 11 (Pro), 10.0.22621.2428 (ReleaseId: 2009, 22H2), Service Pack: 0
Time:      09.11.2023 - 22:16 (UTC+03:00)
Language:  OS: Turkish (0x41F). Display: Turkish (0x41F). Non-Unicode: Turkish (0x41F)
Memory:    9413 MiB Free. Loading RAM (41 %), CPU (6 %)
Elevated:  Yes
Ran by:    Ideapad    (group: Administrators; type: Microsoft) on LENOVO, FirstRun: no

Firefox: 119.0.1.8710
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal (Secure Boot: Off) (Code Integrity: On)

Running processes:
Number | Path
   1  C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\13.3.1.9694\AdskLicensingService\AdskLicensingService.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe
   1  C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avpui.exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(DeviceSettingsSystemAddin).exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(GenericMessagingAddin).exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoGamingSystemAddin).exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(LenovoServiceBridgeAddin).exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(SmartDisplayAddin).exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantage-(VantageCoreAddin).exe
   1  C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\LenovoVantageService.exe
   2  C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
   6  C:\Program Files (x86)\Microsoft\EdgeWebView\Application\119.0.2151.44\msedgewebview2.exe
   1  C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
   1  C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
   1  C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe
   1  C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
   1  C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
   3  C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
   3  C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
   1  C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
   1  C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2336.7.0_x64__cv1g1gvanyjgm\WhatsApp.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_16.83.3001.0_x64__8wekyb3d8bbwe\gamingservices.exe
   1  C:\Program Files\WindowsApps\Microsoft.GamingServices_16.83.3001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\HxOutlook.exe
   1  C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21514.0_x64__8wekyb3d8bbwe\HxTsr.exe
   1  C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23052.125.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
   1  C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.13900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
   1  C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
   1  C:\Users\Ideapad\Desktop\AV\HiJackThis.exe
   1  C:\Windows\explorer.exe
   1  C:\Windows\ImmersiveControlPanel\SystemSettings.exe
   1  C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
   1  C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
   1  C:\Windows\RtkBtManServ.exe
   1  C:\Windows\System32\AggregatorHost.exe
   1  C:\Windows\System32\amdfendrsr.exe
   1  C:\Windows\System32\ApplicationFrameHost.exe
   1  C:\Windows\System32\audiodg.exe
   1  C:\Windows\System32\conhost.exe
   2  C:\Windows\System32\csrss.exe
   1  C:\Windows\System32\ctfmon.exe
   1  C:\Windows\System32\dllhost.exe
   2  C:\Windows\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe
   1  C:\Windows\System32\DriverStore\FileRepository\iastorac.inf_amd64_e3f96af62737a898\RstMwService.exe
   2  C:\Windows\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\Display.NvContainer\NVDisplay.Container.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\atieclxx.exe
   1  C:\Windows\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\atiesrxx.exe
   1  C:\Windows\System32\dwm.exe
   1  C:\Windows\System32\FMService64.exe
   2  C:\Windows\System32\fontdrvhost.exe
   1  C:\Windows\System32\Locator.exe
   1  C:\Windows\System32\LsaIso.exe
   1  C:\Windows\System32\lsass.exe
   1  C:\Windows\System32\oobe\UserOOBEBroker.exe
   2  C:\Windows\System32\RtkAudUService64.exe
   1  C:\Windows\System32\rundll32.exe
   8  C:\Windows\System32\RuntimeBroker.exe
   1  C:\Windows\System32\SearchIndexer.exe
   1  C:\Windows\System32\SecurityHealthService.exe
   1  C:\Windows\System32\SecurityHealthSystray.exe
   1  C:\Windows\System32\services.exe
   1  C:\Windows\System32\sihost.exe
   1  C:\Windows\System32\smartscreen.exe
   1  C:\Windows\System32\smss.exe
   1  C:\Windows\System32\spoolsv.exe
  84  C:\Windows\System32\svchost.exe
   1  C:\Windows\System32\SystemSettingsBroker.exe
   2  C:\Windows\System32\taskhostw.exe
   1  C:\Windows\System32\wbem\unsecapp.exe
   1  C:\Windows\System32\wbem\WmiApSrv.exe
   3  C:\Windows\System32\wbem\WmiPrvSE.exe
   1  C:\Windows\System32\wininit.exe
   1  C:\Windows\System32\winlogon.exe
   1  C:\Windows\System32\WUDFHost.exe
   1  C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
   1  C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
   1  C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
   1  C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

O2 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll (sign: 'Tonec Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (sign: 'Tonec Inc.')
O4 - HKCU\..\Run: [WallpaperEngine] = C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe -silent (sign: 'Skutta, Kristjan')
O4 - HKCU\..\StartupApproved\Run: [Discord] = C:\Users\Ideapad\AppData\Local\Discord\Update.exe --processStart Discord.exe (2023/11/03) (sign: 'Discord Inc.')
O4 - HKCU\..\StartupApproved\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2023/11/03) (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2023/11/03) (sign: 'Epic Games Inc.')
O4 - HKCU\..\StartupApproved\Run: [IDMan] = C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot (2023/11/03) (sign: 'Tonec Inc.')
O4 - HKCU\..\StartupApproved\Run: [LenovoVantage] = C:\ProgramData\Lenovo\Vantage\Addins\LenovoCompanionAppAddin\1.0.0.35\LenovoVantage.exe (2023/11/03) (sign: 'Lenovo')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_FB73E4361DE7EC1E4C9B8FB67C21D7D5] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2023/11/03) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [ProtonVPN] = C:\Program Files\Proton\VPN\ProtonVPN.Launcher.exe (2023/11/03) (sign: 'Proton Technologies AG')
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = C:\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (2023/11/03) (sign: 'Riot Games, Inc.')
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2023/11/03) (sign: 'Valve Corp.')
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run: [Autodesk Access] = C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessCore.exe --minimizedUi --autoLaunch (2023/11/03) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Autodesk Genuine Service ] = C:\Program Files\Autodesk\Genuine Service\GenuineService.exe (2023/11/03) (sign: 'Autodesk, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/11/03) (sign: 'Oracle America, Inc.')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O17 - DHCP DNS 1: 192.168.14.168
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files (x86)\Internet Download Manager\IDMShellExt64.dll (sign: 'Tonec Inc.')
O22 - BITS Job: (download) {CC38E6D6-343F-45A8-8744-880988BEAE5C} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/119.0.1/update/win64/tr/firefox-119.0-119.0.1.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: (download) {DD07058B-DD6F-4BAD-9CD2-0EF46119CF8B} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/119.0.1/update/win64/tr/firefox-119.0-119.0.1.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: Fix all (including legit)
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Lenovo\Vantage\Schedule\DailyTelemetryTransmission - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe DailyTelemetryTransmission (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) NvTmRep_CrashReport1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: (telemetry) NvTmRep_CrashReport4_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvBackend\NvTmRep.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: \Lenovo\ImController\Lenovo iM Controller Monitor - C:\WINDOWS\system32\ImController.InfInstaller.exe -checkremoval (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\0e2a1935-d78e-4b58-ace5-5c2ecd30e06a - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 0e2a1935-d78e-4b58-ace5-5c2ecd30e06a (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\b07fb610-40a8-43e9-8915-d379518cae5b - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger b07fb610-40a8-43e9-8915-d379518cae5b (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\c353ff3e-b6ac-4982-a92c-1af16cc18455 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger c353ff3e-b6ac-4982-a92c-1af16cc18455 (sign: 'Microsoft')
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\e337850b-9537-4675-b582-645fd9766560 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger e337850b-9537-4675-b582-645fd9766560 (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance - C:\WINDOWS\system32\sc.exe start LenovoVantageService (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\GenericMessagingAddin - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe GenericMessagingAddin (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\IdeaNotebookAddinDailyEvent - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe IdeaNotebookAddinDailyEvent (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\NotificationCenter - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe NotificationCenter (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\SettingsWidgetAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SettingsWidgetAddinDailyScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\SmartPerformance.ExpireReminder - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe SmartPerformance.ExpireReminder (sign: 'Microsoft')
O22 - Tasks: \Lenovo\Vantage\Schedule\VantageCoreAddinWeekScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.72.0\ScheduleEventAction.exe VantageCoreAddinWeekScheduleTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\System32\mscoree.dll (sign: 'Lenovo')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\InputSettingsRestoreDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},InputSettingsRestoreDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\syncpensettings - {3ECEE215-83F5-4123-A592-74F1FE4C3D59},SYNC_PEN_SETTINGS - C:\Windows\System32\SettingsHandlers_Pen.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\InstallService\RestoreDevice - {7f019157-05c8-473f-8664-2ba04a090dc8} - C:\WINDOWS\System32\InstallServiceTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing)
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (sign: 'AO Kaspersky Lab')
O22 - Tasks: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log (sign: 'Nvidia Corporation')
O22 - Tasks: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe (sign: 'Nvidia Corporation')
O22 - Tasks: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O22 - Tasks: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe (sign: 'NVIDIA Corporation')
O23 - Service R2: "Realtek Bluetooth Device Manager Service"    ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\atiesrxx.exe (sign: 'Advanced Micro Devices INC.')
O23 - Service R2: Autodesk Access Service Host - C:\Program Files\Autodesk\AdODIS\V1\Setup\AdskAccessServiceHost.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Autodesk Desktop Licensing Service - (AdskLicensingService) - C:\Program Files (x86)\Common Files\Autodesk Shared\AdskLicensing\Current\AdskLicensingService\AdskLicensingService.exe (sign: 'Autodesk, Inc.')
O23 - Service R2: Critical Service for Lenovo Vantage - (LenovoVantageService) - C:\Program Files (x86)\Lenovo\VantageService\\3.13.72.0\LenovoVantageService.exe (sign: 'Microsoft')
O23 - Service R2: Dolby DAX API Service - (DolbyDAXAPI) - C:\WINDOWS\System32\DriverStore\FileRepository\dax3_swc_aposvc.inf_amd64_fe9531bca29258f3\DAX3API.exe (sign: 'Microsoft')
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe (sign: 'Flexera Software LLC')
O23 - Service R2: Fortemedia APO Control Service - (FMAPOService) - C:\WINDOWS\System32\FMService64.exe (sign: 'Microsoft')
O23 - Service R2: GameInput Service - C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_16.83.3001.0_x64__8wekyb3d8bbwe\GamingServices.exe (sign: 'Microsoft')
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_16.83.3001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe (sign: 'Microsoft')
O23 - Service R2: Intel(R) Storage Middleware Service - (RstMwService) - C:\WINDOWS\System32\DriverStore\FileRepository\iastorac.inf_amd64_e3f96af62737a898\RstMwService.exe (sign: 'Microsoft')
O23 - Service R2: Kaspersky Service 21.15 - (AVP21.15) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\avp.exe -r (sign: 'Kaspersky Lab JSC')
O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert (sign: 'Microsoft')
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" (sign: 'Nvidia Corporation')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe (sign: 'Microsoft')
O23 - Service R2: System Interface Foundation Service - (ImControllerService) - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe (sign: 'Microsoft')
O23 - Service S2: Microsoft Edge Update Service (edgeupdate) - (edgeupdate) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /svc (sign: 'Microsoft')
O23 - Service S3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: Easy Anti-Cheat (Epic Online Services) - (EasyAntiCheat_EOS) - C:\Program Files (x86)\EasyAntiCheat_EOS\EasyAntiCheat_EOS.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe (sign: 'EasyAntiCheat Oy')
O23 - Service S3: Epic Online Services - (EpicOnlineServices) - C:\Program Files (x86)\Epic Games\Epic Online Services\service\EpicOnlineServicesHost.exe (sign: 'Epic Games Inc.')
O23 - Service S3: Intel(R) Optane(TM) Memory Service - (iaStorAfsService) - C:\WINDOWS\System32\iaStorAfsService.exe (sign: 'Microsoft')
O23 - Service S3: Kaspersky Volume Shadow Copy Service Bridge 21.15 - (klvssbridge64_21.15) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.15\x64\vssbridge64.exe (sign: 'AO Kaspersky Lab')
O23 - Service S3: Microsoft Edge Update Service (edgeupdatem) - (edgeupdatem) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /medsvc (sign: 'Microsoft')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service (sign: 'NVIDIA Corporation')
O23 - Service S3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.6\ProtonVPNService.exe (sign: 'Proton Technologies AG')
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.6\ProtonVPN.WireGuardService.exe "C:\ProgramData\ProtonVPN\WireGuard\ProtonVPN.conf" (sign: 'Proton Technologies AG')
O23 - Service S3: Rockstar Game Library Service - (Rockstar Service) - C:\Program Files\Rockstar Games\Launcher\RockstarService.exe (sign: 'Rockstar Games, Inc.')
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Driver R: (no name) - C:\WINDOWS\System32\drivers\dump_iaStorAC.sys (file missing)
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\WINDOWS\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AO Kaspersky Lab Cryptographic Module x64 (56 bit) - (cm_km) - C:\WINDOWS\system32\DRIVERS\cm_km.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: Intel(R) Chipset SATA/PCIe RST Premium Controller - (iaStorAC) - C:\WINDOWS\System32\drivers\iaStorAC.sys (sign: 'Intel(R) Rapid Storage Technology')
O23 - Driver R0: klupd_K4W-21-15_arkmon - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_arkmon.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R0: klupd_K4W-21-15_klbg - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klbg.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Anti-Virus NDIS 6 Filter - (klim6) - C:\WINDOWS\system32\DRIVERS\klim6.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Driver.K4W-21-15 - (KLIF.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klif.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab format recognizer driver.K4W-21-15 - (klpd.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klpd.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Kernel DLL.K4W-21-15 - (klflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupdisk.K4W-21-15 - (klbackupdisk.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klbackupdisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klbackupflt.K4W-21-15 - (klbackupflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klbackupflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab KLKBDFLT.K4W-21-15 - (klkbdflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klkbdflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab klpnpflt.K4W-21-15 - (klpnpflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klpnpflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab Security Extender Driver.K4W-21-15 - (klgse.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klgse.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Kaspersky Lab service driver.K4W-21-15 - (klhk.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klhk.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kldisk.K4W-21-15 - C:\WINDOWS\system32\DRIVERS\K4W-21-15\kldisk.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: klwtp.K4W-21-15 - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klwtp.sys (+safe mode) (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: kneps.K4W-21-15 - C:\WINDOWS\system32\DRIVERS\K4W-21-15\kneps.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R1: Mouse Suite Bluetooth Driver - (pelmoubt) - C:\WINDOWS\System32\drivers\pelmoubt.sys (sign: 'Microsoft' - Primax Electronics Ltd.)
O23 - Driver R1: Steam Xbox Controller Enhanced Features Driver - (steamxbox) - C:\WINDOWS\System32\drivers\steamxbox.sys (sign: 'Valve Corp.')
O23 - Driver R2: IDMWFP - C:\WINDOWS\System32\drivers\idmwfp.sys (sign: 'Microsoft' - Tonec Inc.)
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\WINDOWS\System32\drivers\amdfendr.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Crash Defender Manager Driver - (amdfendrmgr) - C:\WINDOWS\System32\drivers\amdfendrmgr.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\WINDOWS\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD I2C Controller Service - (amdi2c) - C:\WINDOWS\System32\drivers\amdi2c.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Link Controller Emulation - (AMDXE) - C:\WINDOWS\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: amdkmdag - C:\WINDOWS\System32\DriverStore\FileRepository\u0361612.inf_amd64_b679e02f70413f9f\B361368\amdkmdag.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R3: Audio Coprocessr Driver for DSP - (amdacpbus) - C:\WINDOWS\System32\DriverStore\FileRepository\amdacpbus.inf_amd64_af13df68f939c879\amdacpbus.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: Kaspersky Lab KLMOUFLT.K4W-21-15 - (klmouflt.K4W-21-15) - C:\WINDOWS\system32\DRIVERS\K4W-21-15\klmouflt.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klids.K4W-21-15 - C:\ProgramData\Kaspersky Lab\AVP21.15\Bases\klids.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-15_klark - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_klark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: klupd_K4W-21-15_mark - C:\WINDOWS\System32\Drivers\klupd_K4W-21-15_mark.sys (sign: 'Microsoft' - AO Kaspersky Lab)
O23 - Driver R3: Lenovo Virtual Power Controller Driver - (ACPIVPC) - C:\WINDOWS\System32\drivers\AcpiVpc.sys (sign: 'Lenovo')
O23 - Driver R3: NVIDIA Virtual Audio Device (Wave Extensible) (WDM) - (nvvad_WaveExtensible) - C:\WINDOWS\system32\drivers\nvvad64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: nvlddmkm - C:\WINDOWS\System32\DriverStore\FileRepository\nvlti.inf_amd64_3cf5f53c459bdb0f\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: NvModuleTracker - C:\WINDOWS\System32\DriverStore\FileRepository\nvmoduletracker.inf_amd64_0c1cc60a4b422185\NvModuleTracker.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: NVVHCI Enumerator Service - (nvvhci) - C:\WINDOWS\System32\drivers\nvvhci.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Realtek Bluetooth Filter Driver - (RtkBtFilter) - C:\WINDOWS\System32\drivers\RtkBtfilter.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\WINDOWS\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek Wireless LAN 802.11n PCI-E Network Adapter - (RTWlanE) - C:\WINDOWS\System32\drivers\rtwlane.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\WINDOWS\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S1: Android Emulator Hypervisor Driver Service - (gvm) - C:\WINDOWS\system32\DRIVERS\gvm.sys (sign: 'Google LLC')
O23 - Driver S3: AMD PCI - (AMDPCIDev) - C:\WINDOWS\System32\drivers\AMDPCIDev.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver S3: Bluetooth Modem Communications Driver - (BTHMODEM) - C:\WINDOWS\System32\drivers\bthmodem.sys (not signed)
O23 - Driver S3: Bluetooth Mouse Filter Driver - (pelbtm) - C:\WINDOWS\System32\drivers\pelbtm.sys (sign: 'Microsoft' - Primax Electronics Ltd.)
O23 - Driver S3: FBNetFilter - C:\WINDOWS\System32\drivers\FBNetFlt.sys (sign: 'LENOVO (UNITED STATES) INC.')
O23 - Driver S3: iaStorAfs - C:\WINDOWS\System32\drivers\iaStorAfs.sys (sign: 'Intel(R) Rapid Storage Technology')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: LenovoDiagnosticsDriver - C:\ProgramData\Lenovo\Vantage\Addins\LenovoHardwareScanAddin\3.1.1.2\LenovoDiagnosticsDriver.sys (sign: 'Lenovo')
O23 - Driver S3: Microsoft Mouse and Keyboard Center Filter Driver - (Point64) - C:\WINDOWS\System32\drivers\point64.sys (sign: 'Microsoft' - Microsoft Corporation)
O23 - Driver S3: MS Hardware Device Detection Driver (USB) - (dc3d) - C:\WINDOWS\System32\drivers\dc3d.sys (sign: 'Microsoft' - Microsoft Corporation)
O23 - Driver S3: NVIDIA USB Type-C PPC Service - (UcmCxUcsiNvppc) - C:\WINDOWS\System32\DriverStore\FileRepository\nvppc.inf_amd64_fecd1cb127838d10\UcmCxUcsiNvppc.sys (sign: 'NVIDIA Corporation')
O23 - Driver S3: NVPCF Service - (nvpcf) - C:\WINDOWS\System32\drivers\nvpcf.sys (sign: 'NVIDIA Corporation')
O23 - Driver S3: ProtonVPNCallout - C:\Program Files\Proton\VPN\v3.2.6\Resources\ProtonVPN.CalloutDriver.sys (+safe mode) (sign: 'Microsoft' - Proton Technologies AG)
O23 - Driver S3: SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\WINDOWS\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\WINDOWS\System32\drivers\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB QCRMNET Filter Driver - (ssudqcfilter) - C:\WINDOWS\System32\drivers\ssudqcfilter.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: WireGuard - C:\WINDOWS\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klim6'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'klwtp.K4W-21-15'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'ProtonVPN Service'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'ProtonVPNCallout'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service:  'RTWlanE'


--
End of file - Time spent: 21,8 sec. - 74220 bytes, CRC32: FFFFFFFF. Sign: 눍ᇩ

Nizel G · 10 Kasım 2023

BITS, uzaktaki bir dosyayı arka planda hazırlayan; böylece dosyaya erişmek isteyen programı "yanıt vermiyor" statüsüne sokmayan bir servis, indirme yöneticisi, protokol. Ne denirse.

Açıkçası Windows'dan anlamam. Genel bir bakış açısıyla bakıyorum rapora. Ama şimdi de imzasız bir Bluetooth sürücüsü çarptı gözüme. O dosyayı virüstotal'e yükleyip linkini paylaşabilir misiniz?

C:\WINDOWS\System32\drivers\bthmodem.sys

Ayrıca arkası boş ve kalıntı servisler Dependency başlığı ile en aşağıda belirtilmiş. Onları da services.msc'den silebilirsiniz diye düşünüyorum.

Virüs total'e yükledikten sonra sfc çalıştırarak onarmayı deneyebilirsiniz. Hem eksik dosyaları da yerine koyarsınız.

sfc /scannow

oreoorucc · 10 Kasım 2023

Nizel G dedi:
BITS, uzaktaki bir dosyayı arka planda hazırlayan; böylece dosyaya erişmek isteyen programı "yanıt vermiyor" statüsüne sokmayan bir servis, indirme yöneticisi, protokol. Ne denirse.

Açıkçası Windows'dan anlamam. Genel bir bakış açısıyla bakıyorum rapora. Ama şimdi de imzasız bir Bluetooth sürücüsü çarptı gözüme. O dosyayı virüstotal'e yükleyip linkini paylaşabilir misiniz?

C:\WINDOWS\System32\drivers\bthmodem.sys

Ayrıca arkası boş ve kalıntı servisler Dependency başlığı ile en aşağıda belirtilmiş. Onları da services.msc'den silebilirsiniz diye düşünüyorum.

Virüs total'e yükledikten sonra sfc çalıştırarak onarmayı deneyebilirsiniz. Hem eksik dosyaları da yerine koyarsınız.

sfc /scannow

VirusTotal

www.virustotal.com

Murat5038 · 10 Kasım 2023

HijackThis Log Paylaşımı ve Çözümleri

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...

www.technopat.net

Ana konu var oradan neden paylaşmadınız?

oreoorucc · 10 Kasım 2023

Murat5038 dedi:
HijackThis Log Paylaşımı ve Çözümleri

Sisteminizde yaşadığınız performans düşüşü, kilitlenme, zararlı etkisi, uygulama hatalarından kaynaklanan sorunsalları analiz etmek ve performans iyileştirmesi, zararlı etkisini inaktif etmek için bize HijackThis yazılımı ile yaptığınız tarama Logunu burada paylaşmanız gerekmektedir...

www.technopat.net

Ana konu var oradan neden paylaşmadınız?

Forumda yeniyim de bilmiyordum. Orada tekrar paylaşmalı mıyım?

Murat5038 · 11 Kasım 2023

Oradan devam ediyoruz çözümlere o yüzden evet.

HijackThis raporu sonuçları

Ayrıntılı düzenleme

oreoorucc

Femtopat

oreoorucc

Femtopat

Nizel G

Megapat

oreoorucc

Femtopat

Nizel G

Megapat

oreoorucc

Femtopat

VirusTotal

Murat5038

Yottapat!

HijackThis Log Paylaşımı ve Çözümleri

oreoorucc

Femtopat

HijackThis Log Paylaşımı ve Çözümleri

Murat5038

Yottapat!

Benzer konular

Yeni konular

Yeni mesajlar

Gizliliğinize önem veriyoruz