Corry744
01-08-2025, 23:57
Salve a tutti, come da titolo chiedo cortesemente a qualcuno dello staff o esperto se possa analizzarmi questo log, in quanto ho notato il mio pc che si avvia più lentamente, grazie.
Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17
Platform: x64 Windows 11 (Pro), 10.0.22000.2538 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 29.07.2025 - 00:50 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 4,08 GiB Free / 7. Loading RAM (41 %), CPU (13 %)
Disk C: 72,31 GiB Free / 223 (Unknown tech, MBR)
Elevated: Yes
Ran by: d80di (group: Administrators; type: Microsoft) on DESKTOP-20CKG13, FirstRun: yes
Chrome: 138.0.7204.169
Firefox: 141.0.0.299
Internet Explorer: 11.0.22000.120
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal (Code Integrity: On)
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\SmartCMS\SmartCMS Server.exe
1 C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\Surfshark\Surfshark.exe
1 C:\Program Files\Surfshark\Surfshark.Service.exe
1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.9.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25061.45.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25071.10101.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.15301.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\Users\d80di\Documents\Hijackthis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O1 - Hosts: 127.0.0.1 keystone.mwbsys.com
O1 - Hosts: 127.0.0.1 holocron.mwbsys.com
O1 - Hosts.ICS: 172.24.128.1 DESKTOP-20CKG13.mshome.net # 2027 10 6 9 19 7 27 83
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_461\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_461\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\138.0.7204.169\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\Run: [Surfshark] = C:\Program Files\Surfshark\Surfshark.exe (sign: 'Surfshark B.V.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_595ACA7AB1ED3690A20B3E494738DA81] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2022/06/24) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\d80di\AppData\Local\Programs\Opera\opera.exe (2023/10/25) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [TeraBox] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBox.exe AutoRun (2025/06/29) (sign: 'FLEXTECH INC.')
O4 - HKCU\..\StartupApproved\Run: [TeraBoxWeb] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBoxWebService.exe (2025/06/29) (sign: 'FLEXTECH INC.')
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2020/09/28) (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2020/10/15) (sign: 'Oracle America, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Texto] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Texto.js" (2023/10/05) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [Username] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Username.js" (2023/10/05) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe (2020/09/28) (not signed - Creative Technology Ltd. - 983D549FAFF76A8FAD7EDDA41638D4C2AFB40AC7)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Carroll.lnk -> C:\Program Files (x86)\Carroll\Carroll.exe /OnlySet (2020/09/28) (not signed - the sz development - 2D0CF42439264BAB8653CA22AFC1873B9E030695)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O4 - Startup: C:\Users\d80di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O17 - DHCP DNS 1: 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - DHCP DNS 2: 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 192.168.1.254
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt0: (no name) - {C568C78A-652C-425B-8E6B-FFA73043302D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt1: (no name) - {2A6FE247-5DA3-4732-9626-77820518FD77} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt2: (no name) - {FF895810-293B-464A-93F2-82D11E07EEC8} - (no file)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System (empty)
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Windows Subsystem Modules\Windows Subsystem Modules - C:\WINDOWS\system32\rundll32.exe C:\ProgramData\microsoft\windows.sys,subsystem (sign: 'Microsoft')
O22 - Tasks: (disabled) BraveSoftwareUpdateTaskMachineCore - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSD Fresh\Program checksettings -autorun (file missing)
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.0{DFADB71F-9530-4C05-A375-026BEDAD0BF5} - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Background Update S-1-5-21-1593497920-3724576141-1433594885-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: \Winget-AutoUpdate-Configurator\Configuration Task - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy AllSigned -file "C:\Program Files (x86)\WinGet-AutoUpdate-Configurator\Refresh-WingetConfiguration.ps1" (sign: 'Microsoft')
O22 - Tasks: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (sign: 'Now.gg, INC')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: IObit ANNI2025Sale (One-time) - C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\anniml.exe /rpop (file missing)
O22 - Tasks: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks: ZoomUpdateTaskUser-S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\Users\d80di\AppData\Roaming\Zoom\bin\Zoom.exe --action=UpdateSchedule (sign: 'Zoom Video Communications, Inc.')
O22 - Tasks_Migrated: (disabled) \Agent Activation Runtime\S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks_Migrated: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSDFresh\AbLauncher.exe checksettings -autorun (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\BackgroundUploadTask - {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\NetworkStateChangeTask - {A4173A49-F373-4475-9A0F-2D615204DC20} - (no file)
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks_Migrated: ASC_SkipUac_d80di - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks_Migrated: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Tasks_Migrated: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks_Migrated: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Tasks_Migrated: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks_Migrated: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks_Migrated: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks_Migrated: Sump Task (One-Time) - C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe /sup2 (file missing)
O22 - Tasks_Migrated: VivaldiUpdateCheck-5924e1198cc83f03 - C:\Users\d80di\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\system32\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atiesrxx.exe (sign: 'Advanced Micro Devices Inc.')
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (sign: 'HP Inc.')
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: SmartCMS_Server - C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe (not signed - no company - 7BA8F847991B4658A80C7663767CC058FF6D4E60)
O23 - Service R2: Surfshark Service - C:\Program Files\Surfshark\Surfshark.Service.exe -displayname "Surfshark Service" -servicename "Surfshark Service" (sign: 'Surfshark B.V.')
O23 - Service S2: MxService - C:\Program Files (x86)\Maxthon5\Bin\MxService.exe (sign: 'Maxthon Technology Co, Ltd.')
O23 - Service S2: Servizio Brave Update (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService140.0.7273.0) - (GoogleUpdaterService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService140.0.7273.0) - (GoogleUpdaterInternalService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\138.0.7204.169\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: LibreOffice Maintenance Service - (LibreOfficeMaintenance) - C:\Program Files\LibreOffice\program\update_service.exe (sign: 'The Document Foundation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" (sign: 'Riverbed Technology, Inc.')
O23 - Service S3: Servizio Brave Update (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: TeraBoxUtility - C:\Users\d80di\AppData\Roaming\TeraBox\YunUtilityService.exe (sign: 'FLEXTECH INC.')
O23 - Driver R0: AMD PCI Root Bus Lower Filter - (amdkmpfd) - C:\WINDOWS\System32\drivers\amdkmpfd.sys (+safe mode) (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R0: amd_sata - C:\WINDOWS\System32\drivers\amd_sata.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R0: amd_xata - C:\WINDOWS\System32\drivers\amd_xata.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R0: amdide64 - C:\WINDOWS\System32\drivers\amdide64.sys (+safe mode) (sign: 'Microsoft' - Advanced Micro Devices Inc.)
O23 - Driver R2: BlueStacks Hypervisor_nxt - (BlueStacksDrv_nxt) - C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys (sign: 'Microsoft' - Bluestack System Inc.)
O23 - Driver R2: inpoutx64 - C:\WINDOWS\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\WINDOWS\system32\DRIVERS\amdfendr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\WINDOWS\System32\DriverStore\FileRepository\atihdwt6.inf_amd64_4ad1437aef138551\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD Link Controller Emulation - (AMDXE) - C:\WINDOWS\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: amdkmdag - C:\WINDOWS\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\amdkmdag.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: Logitech SetPoint KMDF HID Filter Driver - (LHidFilt) - C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech SetPoint KMDF Mouse Filter Driver - (LMouFilt) - C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech SetPoint KMDF USB Filter - (LUsbFilt) - C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (sign: 'Logitech Inc')
O23 - Driver R3: NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller - (L1C) - C:\WINDOWS\System32\drivers\L1C63x64.sys (+safe mode) (sign: 'Rivet Networks LLC')
O23 - Driver R3: ovpn-dco - C:\WINDOWS\System32\drivers\ovpn-dco.sys (sign: 'Microsoft' - OpenVPN, Inc)
O23 - Driver R3: scaudio Service - (scaudio) - C:\WINDOWS\System32\drivers\scaudio.sys (sign: 'Brandmeister LLC')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SplitCam Virtual Video Driver - (splitcam_hd_driver) - C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys (sign: 'Brandmeister LLC')
O23 - Driver R3: WebCam Vista/Live! Cam Chat - (V0330VID) - C:\WINDOWS\system32\DRIVERS\V0330Vid.sys (not signed - Creative Technology Ltd. - CAECB26566210C8B3B7CEDF74B1F85C8E7EE1D31)
O23 - Driver S3: @oem15.inf,%DeviceDescription%;TAP-Surfshark Windows Adapter V9 - (tapsurfshark) - C:\WINDOWS\System32\drivers\tapsurfshark.sys (+safe mode) (sign: 'WDKTestCert Lenovo,131775874531219913', but untrusted root: 'WDKTestCert Lenovo,131775874531219913' with fingerprint: 594FC0AA1FA7E3B7CF66D9508EC3D8DB4B6550B6)
O23 - Driver S3: @oem32.inf,%DeviceDescription%;TAP-NordVPN Windows Adapter V9 - (tapnordvpn) - C:\WINDOWS\System32\drivers\tapnordvpn.sys (+safe mode) (sign: 'nordvpn s.a.')
O23 - Driver S3: @oem34.inf,%DeviceDescription%;TAP-ProtonVPN Windows Adapter V9 - (tapprotonvpn) - C:\WINDOWS\System32\drivers\tapprotonvpn.sys (+safe mode) (sign: 'Microsoft' - The OpenVPN Project)
O23 - Driver S3: AnchorFree TAP-Windows Adapter V9 - (aftap0901) - C:\WINDOWS\System32\drivers\aftap0901.sys (+safe mode) (sign: 'AnchorFree Inc')
O23 - Driver S3: AQFileRestore - C:\WINDOWS\system32\DRIVERS\AQFileRestore.sys (sign: 'Avanquest North America Inc.')
O23 - Driver S3: HwHandSet_CompositeFilter - (ew_usbccgpfilter) - C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys (+safe mode) (not signed - Huawei Technologies Co., Ltd. - A1CBFC9F58FAFDA959C3BE5CABD3BCA4901F6BA9)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: NetGroup Packet Filter Driver - (NPF) - C:\WINDOWS\system32\drivers\npf.sys (sign: 'Riverbed Technology, Inc.')
O23 - Driver S3: Revoflt - C:\WINDOWS\system32\DRIVERS\revoflt.sys (sign: 'Microsoft' - VS Revo Group)
O23 - Driver S3: SurfsharkBypasser - C:\Program Files\Surfshark\Resources\x64\SurfsharkBypasser.sys (sign: 'Microsoft' - Surfshark)
O23 - Driver S3: Trufos - C:\WINDOWS\system32\DRIVERS\TRUFOS.sys (sign: 'Microsoft' - Bitdefender)
O23 - Driver S3: WireGuard - C:\WINDOWS\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'aftap0901'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'L1C'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'tapnordvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'tapprotonvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'tapsurfshark'
O23 - Dependency: Microsoft Service Group 'PlugPlay' contains unknown service: 'RtkAudioService'
O25 - WMI Event: Skip TPM Check on Dynamic Update - Skip TPM Check on Dynamic Update - Event="Win32_ProcessStartTrace WHERE ProcessName='vdsldr.exe'", C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /q Skip TPM Check on Dynamic Update (c) AveYo, 2021 /d /rerase appraiserres.dll /f /s /q (WorkDir = C:\$WINDOWS.~BT)
O26 - Office Addin: HKCU\..\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1 - (Microsoft Power View for Excel) -> (no file)
O26 - Office Addin: HKLM\..\AdobeAcroOutlook.SendAsLink - (Adobe Document Cloud for Microsoft Outlook - Acrobat) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Mail\Outlook\x64\SendAsLinkAddin.dll (sign: 'Adobe Inc.')
O26 - Office Addin: HKLM\..\PDFMaker.OfficeAddin - (no name) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Office\x64\PDFMOfficeAddin.dll (sign: 'Adobe Inc.')
O26-32 - Office Addin: HKLM\..\AdobeAcroOutlook.SendAsLink - (Adobe Document Cloud for Microsoft Outlook - Acrobat) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Mail\Outlook\SendAsLinkAddin.dll (sign: 'Adobe Inc.')
O26-32 - Office Addin: HKLM\..\PDFMaker.OfficeAddin - (no name) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Office\PDFMOfficeAddin.dll (sign: 'Adobe Inc.')
--
End of file - Time spent: 36,4 sec. - 67244 bytes, CRC32: FFFFFFFF. Sign: 쒚㫉
Logfile of HiJackThis+ build 2025-01-16 Beta v.3.4.0.17
Platform: x64 Windows 11 (Pro), 10.0.22000.2538 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 29.07.2025 - 00:50 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 4,08 GiB Free / 7. Loading RAM (41 %), CPU (13 %)
Disk C: 72,31 GiB Free / 223 (Unknown tech, MBR)
Elevated: Yes
Ran by: d80di (group: Administrators; type: Microsoft) on DESKTOP-20CKG13, FirstRun: yes
Chrome: 138.0.7204.169
Firefox: 141.0.0.299
Internet Explorer: 11.0.22000.120
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal (Code Integrity: On)
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\SmartCMS\SmartCMS Server.exe
1 C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\Surfshark\Surfshark.exe
1 C:\Program Files\Surfshark\Surfshark.Service.exe
1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.9.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25061.45.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25071.10101.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.15301.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\Users\d80di\Documents\Hijackthis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O1 - Hosts: 127.0.0.1 keystone.mwbsys.com
O1 - Hosts: 127.0.0.1 holocron.mwbsys.com
O1 - Hosts.ICS: 172.24.128.1 DESKTOP-20CKG13.mshome.net # 2027 10 6 9 19 7 27 83
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_461\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_461\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\138.0.7204.169\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\Run: [Surfshark] = C:\Program Files\Surfshark\Surfshark.exe (sign: 'Surfshark B.V.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_595ACA7AB1ED3690A20B3E494738DA81] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2022/06/24) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\d80di\AppData\Local\Programs\Opera\opera.exe (2023/10/25) (sign: 'Opera Norway AS')
O4 - HKCU\..\StartupApproved\Run: [TeraBox] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBox.exe AutoRun (2025/06/29) (sign: 'FLEXTECH INC.')
O4 - HKCU\..\StartupApproved\Run: [TeraBoxWeb] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBoxWebService.exe (2025/06/29) (sign: 'FLEXTECH INC.')
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2020/09/28) (sign: 'Realtek Semiconductor Corp.')
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2020/10/15) (sign: 'Oracle America, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [Texto] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Texto.js" (2023/10/05) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [Username] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Username.js" (2023/10/05) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe (2020/09/28) (not signed - Creative Technology Ltd. - 983D549FAFF76A8FAD7EDDA41638D4C2AFB40AC7)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Carroll.lnk -> C:\Program Files (x86)\Carroll\Carroll.exe /OnlySet (2020/09/28) (not signed - the sz development - 2D0CF42439264BAB8653CA22AFC1873B9E030695)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O4 - Startup: C:\Users\d80di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O17 - DHCP DNS 1: 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - DHCP DNS 2: 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 192.168.1.254
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt0: (no name) - {C568C78A-652C-425B-8E6B-FFA73043302D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt1: (no name) - {2A6FE247-5DA3-4732-9626-77820518FD77} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt2: (no name) - {FF895810-293B-464A-93F2-82D11E07EEC8} - (no file)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System (empty)
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Windows Subsystem Modules\Windows Subsystem Modules - C:\WINDOWS\system32\rundll32.exe C:\ProgramData\microsoft\windows.sys,subsystem (sign: 'Microsoft')
O22 - Tasks: (disabled) BraveSoftwareUpdateTaskMachineCore - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSD Fresh\Program checksettings -autorun (file missing)
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.0{DFADB71F-9530-4C05-A375-026BEDAD0BF5} - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Background Update S-1-5-21-1593497920-3724576141-1433594885-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: \Winget-AutoUpdate-Configurator\Configuration Task - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy AllSigned -file "C:\Program Files (x86)\WinGet-AutoUpdate-Configurator\Refresh-WingetConfiguration.ps1" (sign: 'Microsoft')
O22 - Tasks: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (sign: 'Now.gg, INC')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: IObit ANNI2025Sale (One-time) - C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\anniml.exe /rpop (file missing)
O22 - Tasks: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks: ZoomUpdateTaskUser-S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\Users\d80di\AppData\Roaming\Zoom\bin\Zoom.exe --action=UpdateSchedule (sign: 'Zoom Video Communications, Inc.')
O22 - Tasks_Migrated: (disabled) \Agent Activation Runtime\S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 Critical - {613FBA38-A3DF-4AB8-9674-5604984A299A},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 Critical - {DE434264-8FE9-4C0B-A83B-89EBEEBFF78E},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks_Migrated: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSDFresh\AbLauncher.exe checksettings -autorun (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 - {84F0FAE1-C27B-4F6F-807B-28CF6F96287D},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\.NET Framework\.NET Framework NGEN v4.0.30319 64 - {429BC048-379E-45E0-80E4-EB1977941B5C},/RuntimeWide - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngentasklauncher.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\BackgroundUploadTask - {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\NetworkStateChangeTask - {A4173A49-F373-4475-9A0F-2D615204DC20} - (no file)
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks_Migrated: ASC_SkipUac_d80di - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks_Migrated: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Tasks_Migrated: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks_Migrated: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Tasks_Migrated: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks_Migrated: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks_Migrated: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices, Inc.')
O22 - Tasks_Migrated: Sump Task (One-Time) - C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe /sup2 (file missing)
O22 - Tasks_Migrated: VivaldiUpdateCheck-5924e1198cc83f03 - C:\Users\d80di\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\system32\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atiesrxx.exe (sign: 'Advanced Micro Devices Inc.')
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (sign: 'HP Inc.')
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R2: SmartCMS_Server - C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe (not signed - no company - 7BA8F847991B4658A80C7663767CC058FF6D4E60)
O23 - Service R2: Surfshark Service - C:\Program Files\Surfshark\Surfshark.Service.exe -displayname "Surfshark Service" -servicename "Surfshark Service" (sign: 'Surfshark B.V.')
O23 - Service S2: MxService - C:\Program Files (x86)\Maxthon5\Bin\MxService.exe (sign: 'Maxthon Technology Co, Ltd.')
O23 - Service S2: Servizio Brave Update (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService140.0.7273.0) - (GoogleUpdaterService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService140.0.7273.0) - (GoogleUpdaterInternalService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\138.0.7204.169\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: LibreOffice Maintenance Service - (LibreOfficeMaintenance) - C:\Program Files\LibreOffice\program\update_service.exe (sign: 'The Document Foundation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" (sign: 'Riverbed Technology, Inc.')
O23 - Service S3: Servizio Brave Update (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: TeraBoxUtility - C:\Users\d80di\AppData\Roaming\TeraBox\YunUtilityService.exe (sign: 'FLEXTECH INC.')
O23 - Driver R0: AMD PCI Root Bus Lower Filter - (amdkmpfd) - C:\WINDOWS\System32\drivers\amdkmpfd.sys (+safe mode) (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R0: amd_sata - C:\WINDOWS\System32\drivers\amd_sata.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R0: amd_xata - C:\WINDOWS\System32\drivers\amd_xata.sys (sign: 'Advanced Micro Devices, Inc.')
O23 - Driver R0: amdide64 - C:\WINDOWS\System32\drivers\amdide64.sys (+safe mode) (sign: 'Microsoft' - Advanced Micro Devices Inc.)
O23 - Driver R2: BlueStacks Hypervisor_nxt - (BlueStacksDrv_nxt) - C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys (sign: 'Microsoft' - Bluestack System Inc.)
O23 - Driver R2: inpoutx64 - C:\WINDOWS\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\WINDOWS\system32\DRIVERS\amdfendr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\WINDOWS\System32\DriverStore\FileRepository\atihdwt6.inf_amd64_4ad1437aef138551\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD Link Controller Emulation - (AMDXE) - C:\WINDOWS\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: amdkmdag - C:\WINDOWS\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\amdkmdag.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: Logitech SetPoint KMDF HID Filter Driver - (LHidFilt) - C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech SetPoint KMDF Mouse Filter Driver - (LMouFilt) - C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys (sign: 'Logitech Inc')
O23 - Driver R3: Logitech SetPoint KMDF USB Filter - (LUsbFilt) - C:\WINDOWS\System32\Drivers\LUsbFilt.Sys (sign: 'Logitech Inc')
O23 - Driver R3: NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller - (L1C) - C:\WINDOWS\System32\drivers\L1C63x64.sys (+safe mode) (sign: 'Rivet Networks LLC')
O23 - Driver R3: ovpn-dco - C:\WINDOWS\System32\drivers\ovpn-dco.sys (sign: 'Microsoft' - OpenVPN, Inc)
O23 - Driver R3: scaudio Service - (scaudio) - C:\WINDOWS\System32\drivers\scaudio.sys (sign: 'Brandmeister LLC')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: SplitCam Virtual Video Driver - (splitcam_hd_driver) - C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys (sign: 'Brandmeister LLC')
O23 - Driver R3: WebCam Vista/Live! Cam Chat - (V0330VID) - C:\WINDOWS\system32\DRIVERS\V0330Vid.sys (not signed - Creative Technology Ltd. - CAECB26566210C8B3B7CEDF74B1F85C8E7EE1D31)
O23 - Driver S3: @oem15.inf,%DeviceDescription%;TAP-Surfshark Windows Adapter V9 - (tapsurfshark) - C:\WINDOWS\System32\drivers\tapsurfshark.sys (+safe mode) (sign: 'WDKTestCert Lenovo,131775874531219913', but untrusted root: 'WDKTestCert Lenovo,131775874531219913' with fingerprint: 594FC0AA1FA7E3B7CF66D9508EC3D8DB4B6550B6)
O23 - Driver S3: @oem32.inf,%DeviceDescription%;TAP-NordVPN Windows Adapter V9 - (tapnordvpn) - C:\WINDOWS\System32\drivers\tapnordvpn.sys (+safe mode) (sign: 'nordvpn s.a.')
O23 - Driver S3: @oem34.inf,%DeviceDescription%;TAP-ProtonVPN Windows Adapter V9 - (tapprotonvpn) - C:\WINDOWS\System32\drivers\tapprotonvpn.sys (+safe mode) (sign: 'Microsoft' - The OpenVPN Project)
O23 - Driver S3: AnchorFree TAP-Windows Adapter V9 - (aftap0901) - C:\WINDOWS\System32\drivers\aftap0901.sys (+safe mode) (sign: 'AnchorFree Inc')
O23 - Driver S3: AQFileRestore - C:\WINDOWS\system32\DRIVERS\AQFileRestore.sys (sign: 'Avanquest North America Inc.')
O23 - Driver S3: HwHandSet_CompositeFilter - (ew_usbccgpfilter) - C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys (+safe mode) (not signed - Huawei Technologies Co., Ltd. - A1CBFC9F58FAFDA959C3BE5CABD3BCA4901F6BA9)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: NetGroup Packet Filter Driver - (NPF) - C:\WINDOWS\system32\drivers\npf.sys (sign: 'Riverbed Technology, Inc.')
O23 - Driver S3: Revoflt - C:\WINDOWS\system32\DRIVERS\revoflt.sys (sign: 'Microsoft' - VS Revo Group)
O23 - Driver S3: SurfsharkBypasser - C:\Program Files\Surfshark\Resources\x64\SurfsharkBypasser.sys (sign: 'Microsoft' - Surfshark)
O23 - Driver S3: Trufos - C:\WINDOWS\system32\DRIVERS\TRUFOS.sys (sign: 'Microsoft' - Bitdefender)
O23 - Driver S3: WireGuard - C:\WINDOWS\System32\drivers\wireguard.sys (sign: 'Microsoft' - WireGuard LLC)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'aftap0901'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'L1C'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'tapnordvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'tapprotonvpn'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'tapsurfshark'
O23 - Dependency: Microsoft Service Group 'PlugPlay' contains unknown service: 'RtkAudioService'
O25 - WMI Event: Skip TPM Check on Dynamic Update - Skip TPM Check on Dynamic Update - Event="Win32_ProcessStartTrace WHERE ProcessName='vdsldr.exe'", C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /q Skip TPM Check on Dynamic Update (c) AveYo, 2021 /d /rerase appraiserres.dll /f /s /q (WorkDir = C:\$WINDOWS.~BT)
O26 - Office Addin: HKCU\..\AdHocReportingExcelClientLib.AdHocReportingExcelClientAddIn.1 - (Microsoft Power View for Excel) -> (no file)
O26 - Office Addin: HKLM\..\AdobeAcroOutlook.SendAsLink - (Adobe Document Cloud for Microsoft Outlook - Acrobat) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Mail\Outlook\x64\SendAsLinkAddin.dll (sign: 'Adobe Inc.')
O26 - Office Addin: HKLM\..\PDFMaker.OfficeAddin - (no name) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Office\x64\PDFMOfficeAddin.dll (sign: 'Adobe Inc.')
O26-32 - Office Addin: HKLM\..\AdobeAcroOutlook.SendAsLink - (Adobe Document Cloud for Microsoft Outlook - Acrobat) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Mail\Outlook\SendAsLinkAddin.dll (sign: 'Adobe Inc.')
O26-32 - Office Addin: HKLM\..\PDFMaker.OfficeAddin - (no name) -> C:\Program Files\Adobe\Acrobat DC\PDFMaker\Office\PDFMOfficeAddin.dll (sign: 'Adobe Inc.')
--
End of file - Time spent: 36,4 sec. - 67244 bytes, CRC32: FFFFFFFF. Sign: 쒚㫉