che per quei 2 antivirus è un sospetto virus, può esserlo come no, non so se in Windows10? ha quel software/app di suo.
Problema PC: Chiavetta USB infetta?
- Creatore Discussione Shark81
- Data di inizio
che per quei 2 antivirus è un sospetto virus, può esserlo come no, non so se in Windows10? ha quel software/app di suo.
qui citano quel screendim https://forums.malwarebytes.com/top...process-with-a-space-named-runtimebroker-exe/
Allora mi sa che ho ancora il virus sul pc. Malwarebytes mi segnala continuamente questa infezione in questo percorso C:\Users\Utente\AppData\Local\Temp\Runtime Broker.exe
Me la mette in quarantena, l'ho eliminata ma ogni volta che inserisco la pennetta me la segnala e mi compare il famoso collegamento al posto di aprire i file della pennetta.
Me la mette in quarantena, l'ho eliminata ma ogni volta che inserisco la pennetta me la segnala e mi compare il famoso collegamento al posto di aprire i file della pennetta.
penso sia ancora nella pennetta il virus che ha generato il problema o non riesce a toglierlo completamente, ne hai altre? nel caso provane un'altro se fa lo stesso.
gli antivirus o altro devono togliere anche le chiavi nel registro generate dal virus, senza quelle dubito qualsiasi software funzioni compresi i virus.
vedi che su quella da il problema!? hai qualcosa di importante su quella? altrimenti formattala. Si meglio che cancelli quel ScreenDim, visto anche ad altri è comparso con quel virus, ti tocca ripetere la scansione ecc. per eliminare il virus.
Su quella chiavetta ha dei file di lavoro.
Quel runtime blocker controllando dovrebbe essere una stringa regolare
https://www.file.net/it/processo/runtimebroker.exe.html
A meno che l'antivirus stia prendendo delle cantonate... visto che la stringa segnalata da Ercolino è stata correttamente rimossa e non più presente nei log successivi.
Ho creato una discussione specifica per il tuo problema.
Quel runtime blocker controllando dovrebbe essere una stringa regolare
https://www.file.net/it/processo/runtimebroker.exe.html
A meno che l'antivirus stia prendendo delle cantonate... visto che la stringa segnalata da Ercolino è stata correttamente rimossa e non più presente nei log successivi.
Uso xubuntu 
ot https://xubuntu.org/
Tornando in argomento, molti virus ci 'giocano' su questo, assomigliare molto al nome 'regolare' di un file, od essere uguale ma posizionato su una cartella diversa.
Tornando in argomento, molti virus ci 'giocano' su questo, assomigliare molto al nome 'regolare' di un file, od essere uguale ma posizionato su una cartella diversa.
Ercolino, disattivando l'autoplay sono riuscito a formattare la chiavetta. Ora non mi compare più il collegamento quando inserisco la chiavetta. Prima di fare ciò, avevo già eseguito delle scansioni sulla chiavetta sia con Trend Micro sia con Malwarebytes ma ahimè risultava tutto pulito. Ora le pennette sono ok. Devo sperare a questo punto che non ci sia qualcos'altro sul pc. Come ho scritto in precedenza, mi compare ogni tanto una finestra che fa riferimento a ScreenDim. E' presente anche nell'ultimo log postato. Non ho capito se fa parte di windows 10 oppure no e quindi se posso eliminare la stringa. Se riesco, cerco di allegare l'immagine. Oltretutto ho notato che sul notebook, questo ScreenDim me lo ritrovo anche fra i programmi installati con data installazione 1 Dicembre (quando ho iniziato ad avere problemi). Purtroppo non sapendo inizialmente si trattasse di virus, ho inserito la pennetta sia su pc fisso sia su portatile. Sul portatile mi risulta tra i programmi installati. Sul fisso no.
Ecco l'immagine:
https://ibb.co/b6W2Bvf
Ultima modifica:
Non credo propio sia di Windows non essedo firmato anche, poi il tuo sistema operativo è in italiano? perchè se lo è, invece quel screendim è inglese, tutti i programmi di Windows sono nella stessa lingua.
Buonasera, credo di aver risolto. Potete controllare il log? Appena riesco lo faccio pure dal notebook. Grazie
Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.2.0.2
Platform: x64 Windows 10 (Pro), 10.0.19045.3693 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 04.12.2023 - 17:44 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 5386 MiB Free. Loading RAM (35 %), CPU (7 %)
Elevated: Yes
Ran by: Utente (group: Administrators; type: Local) on DESKTOP-6TNITRT, FirstRun: yes
Chrome: 119.0.6045.200
Firefox: 120.0.1.8733
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
1 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
1 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
1 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23092.158.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
1 C:\Users\Utente\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\rundll32.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
80 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_B171DF7C782C6549CCED649E6C8247F6] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [IndexSearch] = C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (2023/12/03) (sign: 'Nuance Communications, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [M17A] = C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe (2023/12/03) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [PaperPort PTD] = C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (2023/12/03) (sign: 'Nuance Communications, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/12/03) (sign: 'Oracle America, Inc.')
O4 - MountPoints2: HKCU\..\{4d93cb17-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - MountPoints2: HKCU\..\{4d93cb8a-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (not signed)
O4-32 - HKLM\..\Run: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (not signed)
O4-32 - HKLM\..\Run: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (sign: 'Brother Industries, Ltd.')
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (sign: 'SEIKO EPSON Corporation')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [ISUSPM] = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler (sign: 'Flexera Software LLC')
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\Apri con PDF Viewer 7: (default) = C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-824607233-3609746563-3892767088-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\Windows\System32\unifiedconsent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: GoogleUpdateTaskMachineCore{7D8749E7-C649-4F87-9BCE-9CADFF6783C2} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA{4F8F71B2-1AA3-4D83-827A-6DFDCF94238C} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O23 - Service R2: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service (sign: 'ABBYY SOLUTIONS LIMITED')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Adobe Creative Cloud Experience Node - (adobecreativecloudexperiencenode.exe) - C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe (not signed)
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe (not signed)
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (not signed)
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (not signed)
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe (sign: 'SEIKO EPSON Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem (sign: 'Microsoft')
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (sign: 'Nuance Communications, Inc.')
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe (sign: 'TeamViewer Germany GmbH')
O23 - Service R2: Wifi AutoInstall Service - (WifiAutoInstallSrv) - C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe (not signed)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\119.0.6045.200\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - (ICCS) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (sign: 'Intel Corporation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Driver R0: pwdrvio - C:\Windows\system32\pwdrvio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver R3: IWD Bus Enumerator - (iwdbus) - C:\Windows\System32\drivers\iwdbus.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp')
O23 - Driver R3: Realtek Wireless LAN 802.11n USB 2.0 Network Adapter - (RtlWlanu) - C:\Windows\System32\drivers\rtl8188gu.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: "Intel(R) Display Audio" ; {PlaceHolder="Display Audio","High Definition Audio"} - (IntcDAud) - C:\Windows\system32\DRIVERS\IntcDAud.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed)
O23 - Driver S3: igfx - C:\Windows\system32\DRIVERS\igdkmd64.sys (sign: 'Intel Corporation - pGFX')
O23 - Driver S3: Intel WiDi Audio Device - (intaud_WaveExtensible) - C:\Windows\system32\drivers\intelaud.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: pwdspio - C:\Windows\system32\pwdspio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: USB RNDIS6 Adapter - (usbrndis6) - C:\Windows\System32\drivers\usb80236.sys (+safe mode) (not signed)
O23 - Driver S3: USB Scanner Driver - (usbscan) - C:\Windows\System32\drivers\usbscan.sys (+safe mode) (not signed)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RtlWlanu'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'usbrndis6'
--
End of file - Time spent: 50,4 sec. - 38354 bytes, CRC32: FFFFFFFF. Sign: ꃁ쎸
Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.2.0.2
Platform: x64 Windows 10 (Pro), 10.0.19045.3693 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 04.12.2023 - 17:44 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 5386 MiB Free. Loading RAM (35 %), CPU (7 %)
Elevated: Yes
Ran by: Utente (group: Administrators; type: Local) on DESKTOP-6TNITRT, FirstRun: yes
Chrome: 119.0.6045.200
Firefox: 120.0.1.8733
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
1 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
1 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
1 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23092.158.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
1 C:\Users\Utente\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\rundll32.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
80 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_B171DF7C782C6549CCED649E6C8247F6] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [IndexSearch] = C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (2023/12/03) (sign: 'Nuance Communications, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [M17A] = C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe (2023/12/03) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [PaperPort PTD] = C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (2023/12/03) (sign: 'Nuance Communications, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/12/03) (sign: 'Oracle America, Inc.')
O4 - MountPoints2: HKCU\..\{4d93cb17-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - MountPoints2: HKCU\..\{4d93cb8a-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (not signed)
O4-32 - HKLM\..\Run: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (not signed)
O4-32 - HKLM\..\Run: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (sign: 'Brother Industries, Ltd.')
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (sign: 'SEIKO EPSON Corporation')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [ISUSPM] = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler (sign: 'Flexera Software LLC')
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\Apri con PDF Viewer 7: (default) = C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f
oScheduledTelemetryRun (user missing) (sign: 'Microsoft')O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-824607233-3609746563-3892767088-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f
oScheduledTelemetryRun (sign: 'Microsoft')O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\Windows\System32\unifiedconsent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: GoogleUpdateTaskMachineCore{7D8749E7-C649-4F87-9BCE-9CADFF6783C2} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA{4F8F71B2-1AA3-4D83-827A-6DFDCF94238C} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O23 - Service R2: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service (sign: 'ABBYY SOLUTIONS LIMITED')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Adobe Creative Cloud Experience Node - (adobecreativecloudexperiencenode.exe) - C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe (not signed)
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe (not signed)
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (not signed)
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (not signed)
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe (sign: 'SEIKO EPSON Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem (sign: 'Microsoft')
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (sign: 'Nuance Communications, Inc.')
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe (sign: 'TeamViewer Germany GmbH')
O23 - Service R2: Wifi AutoInstall Service - (WifiAutoInstallSrv) - C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe (not signed)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\119.0.6045.200\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - (ICCS) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (sign: 'Intel Corporation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Driver R0: pwdrvio - C:\Windows\system32\pwdrvio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver R3: IWD Bus Enumerator - (iwdbus) - C:\Windows\System32\drivers\iwdbus.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp')
O23 - Driver R3: Realtek Wireless LAN 802.11n USB 2.0 Network Adapter - (RtlWlanu) - C:\Windows\System32\drivers\rtl8188gu.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: "Intel(R) Display Audio" ; {PlaceHolder="Display Audio","High Definition Audio"} - (IntcDAud) - C:\Windows\system32\DRIVERS\IntcDAud.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed)
O23 - Driver S3: igfx - C:\Windows\system32\DRIVERS\igdkmd64.sys (sign: 'Intel Corporation - pGFX')
O23 - Driver S3: Intel WiDi Audio Device - (intaud_WaveExtensible) - C:\Windows\system32\drivers\intelaud.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: pwdspio - C:\Windows\system32\pwdspio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: USB RNDIS6 Adapter - (usbrndis6) - C:\Windows\System32\drivers\usb80236.sys (+safe mode) (not signed)
O23 - Driver S3: USB Scanner Driver - (usbscan) - C:\Windows\System32\drivers\usbscan.sys (+safe mode) (not signed)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RtlWlanu'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'usbrndis6'
--
End of file - Time spent: 50,4 sec. - 38354 bytes, CRC32: FFFFFFFF. Sign: ꃁ쎸
Buongiorno, questo è il log del notebook. E' ok? Grazie
Logfile of HijackThis+ by Alex Dragokas, build 2023-11-26 Alpha v.3.3.0.8
Platform: x64 Windows 10 (Home), 10.0.19045.3693 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 05.12.2023 - 11:40 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 1581 MiB Free. Loading RAM (61 %), CPU (30 %)
Elevated: Yes
Ran by: Crotone1 (group: Administrators; type: Microsoft) on CROTONE1-PC, FirstRun: yes
Chrome: 119.0.6045.200
Firefox: 120.0.1.8733
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal (Secure Boot: On)
Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.97\identity_helper.exe
5 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
1 C:\Program Files\TOSHIBA\Teco\TecoResident.exe
1 C:\Program Files\TOSHIBA\Teco\TecoService.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
1 C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe
1 C:\Users\Crotone1\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Crotone1\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_5df7e0d31a7e7230\DSDFunctionKeyCtlService.exe
1 C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_5df7e0d31a7e7230\RMService.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\rundll32.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
77 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://toshiba13.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [EPSDNMON] = (no file)
O4 - HKCU\..\Run: [Facebook Update] = C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver (sign: 'Facebook, Inc.')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_D22350693D7BB0AAC6D83966FB7364FA] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2020/11/14) (sign: 'PIRIFORM SOFTWARE LIMITED')
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Realtek Semiconductor Corp')
O4 - HKLM\..\Run: [SRS Premium Sound HD] = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h (sign: 'SRS Labs, Inc.')
O4 - HKLM\..\Run: [TCrdMain] = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\Run: [TecoResident] = C:\Program Files\TOSHIBA\Teco\TecoResident.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\Run: [TODDMain] = C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\Run: [TosWaitSrv] = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2023/12/03) (sign: 'Adobe Systems Incorporated')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (2015/08/26) (not signed)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service') (sign: 'Microsoft')
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\WINDOWS\SysWOW64\RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [Intel AppUp(SM) center] = C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 (sign: 'Intel® Services Manager')
O4-32 - HKLM\..\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun (sign: 'Advanced Micro Devices, Inc.')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O4-32 - HKLM\..\Run: [TPUReg] = C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe /Retimes (not signed)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp')
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O7 - TroubleShooting (EV): HKLM\..\Environment: [PSModulePath] = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ (Missing: %ProgramFiles%\WindowsPowerShell\Modules)
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - BITS Job: (download) {2C5DBF39-FCE5-496C-9696-E50DF795FA9E} - http://edgedl.me.gvt1.com/edgedl/di...76130542f241298e5ca2ca6d3a4c719621839d0f.puff -> C:\WINDOWS\SystemTemp\chrome_BITS_2212_2083637736\c41b19fa9cd49facc19c2b6876130542f241298e5ca2ca6d3a4c719621839d0f.puff
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe (sign: 'PIRIFORM SOFTWARE LIMITED')
O22 - Task (.job): (Not scheduled) EPSON XP-225 Series Update {CD2A4DA0-9593-4396-B625-CD02778F6DD7}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE (sign: 'SEIKO EPSON CORPORATION')
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001Core.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe (sign: 'Facebook, Inc.')
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001UA.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe (sign: 'Facebook, Inc.')
O22 - Task (.job): (Not scheduled) G2MUpdateTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\19950\g2mupdate.exe (sign: 'LogMeIn, Inc.')
O22 - Task (.job): (Not scheduled) G2MUploadTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\19950\g2mupload.exe (sign: 'LogMeIn, Inc.')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CDFF56-DEB1-4725-904A-9BAD12411BB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F24376-D119-471C-8ED7-A15E905905F1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15FDC4E9-5EEC-444B-829D-CA2D91E620EA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D730EE9-3934-447F-9EB9-1395576CA654} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7A2C92-10FA-4131-A105-7A63F428F296} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34D26C71-7468-45CE-83AC-BDB16356DF83} - \Microsoft\Windows\Setup\EOONotify (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42EF0863-0E15-4807-8130-7F0044F12B6D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62FC2D12-01B7-46A2-8839-3F706831FF1A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C76E470-10D1-42AC-AD2A-C229301B2AB2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E25805B-99FD-4347-A767-D0DB645B4A97} - \Microsoft\Windows\Setup\gwx\rundetector (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DB95991-83DC-42CD-B51D-E0DD3487FE64} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93261158-A30F-4A71-9B08-4F1690E26026} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999673A2-080B-4775-B5E6-D4FBC187C351} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A214E5FB-9A05-41E0-A20B-7DC90551D796} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B314734A-05D1-44E8-BB6B-6AE9225348D1} - \WPD\SqmUpload_S-1-5-21-3212974350-4222326917-2881284299-1001 (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB0C5C01-C583-44E4-91E2-3F0D867031A6} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB0C5C01-C583-44E4-91E2-3F0D867031A6} - \Microsoft\Windows\UNP\RunCampaignManager (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFD1028-9ECA-42CE-810E-E01142D92445} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFDC90E5-7973-4F9B-AD6A-18C42B91725D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d (no xml)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\IME\SQM data sender - {CCB1D8CB-D39F-41C9-B793-0196214BDC4E} - C:\Windows\System32\IME\shared\imecfm.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-3212974350-4222326917-2881284299-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\FamilySafetyUpload - {EBF00FCB-0769-4B81-9BEC-6C05514111AA},4 - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall - {EFF7F153-1C97-417A-B633-FEDE6683A939} - C:\WINDOWS\system32\wuaueng.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - C:\WINDOWS\System32\AutoWorkplace.exe join (file missing)
O22 - Tasks: (disabled) \S-1-5-21-3212974350-4222326917-2881284299-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Toshiba\Service Station - C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe /hide (sign: 'TOSHIBA CORPORATION')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\BthSQM - {C8367320-6F85-11E0-A1F0-0800200C9A66},SYSTEM - C:\WINDOWS\System32\BthTelemetry.dll (sign: 'Microsoft')
Logfile of HijackThis+ by Alex Dragokas, build 2023-11-26 Alpha v.3.3.0.8
Platform: x64 Windows 10 (Home), 10.0.19045.3693 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 05.12.2023 - 11:40 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 1581 MiB Free. Loading RAM (61 %), CPU (30 %)
Elevated: Yes
Ran by: Crotone1 (group: Administrators; type: Microsoft) on CROTONE1-PC, FirstRun: yes
Chrome: 119.0.6045.200
Firefox: 120.0.1.8733
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal (Secure Boot: On)
Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Microsoft\Edge\Application\119.0.2151.97\identity_helper.exe
5 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
1 C:\Program Files\TOSHIBA\Teco\TecoResident.exe
1 C:\Program Files\TOSHIBA\Teco\TecoService.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23100.2009-0\NisSrv.exe
1 C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe
1 C:\Users\Crotone1\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Crotone1\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_5df7e0d31a7e7230\DSDFunctionKeyCtlService.exe
1 C:\Windows\System32\DriverStore\FileRepository\dsrvctldrv.inf_amd64_5df7e0d31a7e7230\RMService.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\rundll32.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
77 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://toshiba13.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files (x86)\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [EPSDNMON] = (no file)
O4 - HKCU\..\Run: [Facebook Update] = C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver (sign: 'Facebook, Inc.')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_D22350693D7BB0AAC6D83966FB7364FA] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2020/11/14) (sign: 'PIRIFORM SOFTWARE LIMITED')
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Realtek Semiconductor Corp')
O4 - HKLM\..\Run: [SRS Premium Sound HD] = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h (sign: 'SRS Labs, Inc.')
O4 - HKLM\..\Run: [TCrdMain] = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\Run: [TecoResident] = C:\Program Files\TOSHIBA\Teco\TecoResident.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\Run: [TODDMain] = C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\Run: [TosWaitSrv] = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe (sign: 'TOSHIBA CORPORATION')
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2023/12/03) (sign: 'Adobe Systems Incorporated')
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (2015/08/26) (not signed)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service') (sign: 'Microsoft')
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\WINDOWS\SysWOW64\RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [Intel AppUp(SM) center] = C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4 (sign: 'Intel® Services Manager')
O4-32 - HKLM\..\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun (sign: 'Advanced Micro Devices, Inc.')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O4-32 - HKLM\..\Run: [TPUReg] = C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe /Retimes (not signed)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp')
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O7 - TroubleShooting (EV): HKLM\..\Environment: [PSModulePath] = %SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\ (Missing: %ProgramFiles%\WindowsPowerShell\Modules)
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - (no file)
O22 - BITS Job: (download) {2C5DBF39-FCE5-496C-9696-E50DF795FA9E} - http://edgedl.me.gvt1.com/edgedl/di...76130542f241298e5ca2ca6d3a4c719621839d0f.puff -> C:\WINDOWS\SystemTemp\chrome_BITS_2212_2083637736\c41b19fa9cd49facc19c2b6876130542f241298e5ca2ca6d3a4c719621839d0f.puff
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe (sign: 'PIRIFORM SOFTWARE LIMITED')
O22 - Task (.job): (Not scheduled) EPSON XP-225 Series Update {CD2A4DA0-9593-4396-B625-CD02778F6DD7}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE (sign: 'SEIKO EPSON CORPORATION')
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001Core.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe (sign: 'Facebook, Inc.')
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001UA.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe (sign: 'Facebook, Inc.')
O22 - Task (.job): (Not scheduled) G2MUpdateTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\19950\g2mupdate.exe (sign: 'LogMeIn, Inc.')
O22 - Task (.job): (Not scheduled) G2MUploadTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\19950\g2mupload.exe (sign: 'LogMeIn, Inc.')
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04CDFF56-DEB1-4725-904A-9BAD12411BB9} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11F24376-D119-471C-8ED7-A15E905905F1} - \Microsoft\Windows\Setup\gwx\launchtrayprocess (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15FDC4E9-5EEC-444B-829D-CA2D91E620EA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D730EE9-3934-447F-9EB9-1395576CA654} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B7A2C92-10FA-4131-A105-7A63F428F296} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34D26C71-7468-45CE-83AC-BDB16356DF83} - \Microsoft\Windows\Setup\EOONotify (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{42EF0863-0E15-4807-8130-7F0044F12B6D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62FC2D12-01B7-46A2-8839-3F706831FF1A} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7C76E470-10D1-42AC-AD2A-C229301B2AB2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E25805B-99FD-4347-A767-D0DB645B4A97} - \Microsoft\Windows\Setup\gwx\rundetector (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8DB95991-83DC-42CD-B51D-E0DD3487FE64} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93261158-A30F-4A71-9B08-4F1690E26026} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999673A2-080B-4775-B5E6-D4FBC187C351} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A214E5FB-9A05-41E0-A20B-7DC90551D796} - \Microsoft\Windows\Setup\GWXTriggers\Time-Weekend (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B314734A-05D1-44E8-BB6B-6AE9225348D1} - \WPD\SqmUpload_S-1-5-21-3212974350-4222326917-2881284299-1001 (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB0C5C01-C583-44E4-91E2-3F0D867031A6} - (no key)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB0C5C01-C583-44E4-91E2-3F0D867031A6} - \Microsoft\Windows\UNP\RunCampaignManager (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EAFD1028-9ECA-42CE-810E-E01142D92445} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFDC90E5-7973-4F9B-AD6A-18C42B91725D} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d (no xml)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f
oScheduledTelemetryRun (user missing) (sign: 'Microsoft')O22 - Tasks: (disabled) (telemetry) \Microsoft\Windows\IME\SQM data sender - {CCB1D8CB-D39F-41C9-B793-0196214BDC4E} - C:\Windows\System32\IME\shared\imecfm.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-3212974350-4222326917-2881284299-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\FamilySafetyUpload - {EBF00FCB-0769-4B81-9BEC-6C05514111AA},4 - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall - {EFF7F153-1C97-417A-B633-FEDE6683A939} - C:\WINDOWS\system32\wuaueng.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Workplace Join\Automatic-Workplace-Join - C:\WINDOWS\System32\AutoWorkplace.exe join (file missing)
O22 - Tasks: (disabled) \S-1-5-21-3212974350-4222326917-2881284299-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Toshiba\Service Station - C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe /hide (sign: 'TOSHIBA CORPORATION')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f
oScheduledTelemetryRun (sign: 'Microsoft')O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\BthSQM - {C8367320-6F85-11E0-A1F0-0800200C9A66},SYSTEM - C:\WINDOWS\System32\BthTelemetry.dll (sign: 'Microsoft')