|
|||||||
|
|
|
 |
|
|
Strumenti |
30-08-2023, 15:14
|
#1 |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Log di HiJackThis
Buonasera, sono un nuovo utente. Sto avendo problemi con il pc perché non appena installo pulito trovo i file di sistema corrotti e a volte anche l'immagine di sistema che però riesco a riparare. ESET mi dice che ho un PUP ossia EFI/CompuTrace.A e il supporto tecnico della casa produttrice del pc dice che non è roba loro, infatti non si può disattivare dal bios. Ho subito anche diversi attacchi TCP/UDP portscan e DOS recentemente che all'inizio mi buttavano giù la linea, ma ora non più, grazie agli aggiornamenti della wind evidentemente. HiJackThis mi dice questo:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13 Platform: x64 Windows 10 (Home), 10.0.19045.3324 (ReleaseId: 2009, 22H2), Service Pack: 0 Time: 30.08.2023 - 15:58 (UTC+02:00) Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410) Elevated: Yes Ran by: Utente (group: Administrators) on DESKTOP-T1B29KU, FirstRun: yes Internet Explorer: 11.0.19041.1566 Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge) Boot mode: Normal Running processes: Number | Path 45 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 1 C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe 1 C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe 1 C:\Program Files\Acer\Acer Quick Access\QAAgent.exe 1 C:\Program Files\Acer\Acer Quick Access\QALockHandler.exe 1 C:\Program Files\Acer\Acer Quick Access\QASvc.exe 1 C:\Program Files\ESET\ESET Security\efwd.exe 1 C:\Program Files\ESET\ESET Security\egui.exe 1 C:\Program Files\ESET\ESET Security\eguiProxy.exe 1 C:\Program Files\ESET\ESET Security\ekrn.exe 1 C:\Program Files\ESET\ESET Security\eOppFrame.exe 1 C:\Program Files\McAfee\Real Protect\RealProtect.exe 1 C:\Program Files\Trend Micro\HouseCall\housecall.bin 1 C:\Program Files\Trend Micro\HouseCall\HouseCallX_x64\HouseCallX.exe 1 C:\Users\Utente\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe 1 C:\Users\Utente\AppData\Local\Microsoft\OneDrive\23.169.0813.0001\FileCoAuth.exe 1 C:\Users\Utente\AppData\Local\Microsoft\OneDrive\OneDrive.exe 1 C:\Users\Utente\Downloads\HiJackThis (1).exe 1 C:\Users\Utente\Downloads\HijackThis.exe 1 C:\Users\Utente\Downloads\mcafee-stinger-12-2-0-652.exe 2 C:\Windows\explorer.exe 1 C:\Windows\servicing\TrustedInstaller.exe 1 C:\Windows\System32\ApplicationFrameHost.exe 1 C:\Windows\System32\audiodg.exe 1 C:\Windows\System32\backgroundTaskHost.exe 1 C:\Windows\System32\CompPkgSrv.exe 1 C:\Windows\System32\conhost.exe 2 C:\Windows\System32\csrss.exe 1 C:\Windows\System32\ctfmon.exe 1 C:\Windows\System32\dllhost.exe 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe 1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxext.exe 1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe 1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe 1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe 1 C:\Windows\System32\dwm.exe 2 C:\Windows\System32\fontdrvhost.exe 1 C:\Windows\System32\lsass.exe 1 C:\Windows\System32\MoUsoCoreWorker.exe 1 C:\Windows\System32\MusNotifyIcon.exe 1 C:\Windows\System32\rundll32.exe 5 C:\Windows\System32\RuntimeBroker.exe 1 C:\Windows\System32\SearchIndexer.exe 1 C:\Windows\System32\SecurityHealthService.exe 1 C:\Windows\System32\SecurityHealthSystray.exe 1 C:\Windows\System32\services.exe 1 C:\Windows\System32\SgrmBroker.exe 1 C:\Windows\System32\sihost.exe 1 C:\Windows\System32\smartscreen.exe 1 C:\Windows\System32\smss.exe 1 C:\Windows\System32\spoolsv.exe 74 C:\Windows\System32\svchost.exe 3 C:\Windows\System32\taskhostw.exe 2 C:\Windows\System32\wbem\unsecapp.exe 2 C:\Windows\System32\wbem\WmiPrvSE.exe 1 C:\Windows\System32\wininit.exe 1 C:\Windows\System32\winlogon.exe 1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe 1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe 1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe 1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe 1 C:\Windows\SysWOW64\dllhost.exe 1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3266_none_7e25389a7c7bcadb\TiWorker.exe O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_B171DF7C782C6549CCED649E6C8247F6] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 O4 - HKCU\..\Run: [OneDrive] = C:\Users\Utente\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) O4 - HKLM\..\Run: [egui] = C:\Program Files\ESET\ESET Security\ecmds.exe /run /hide /proxy O4 - HKLM\..\RunOnce: [RealProtect] = C:\Program Files\McAfee\Real Protect\RealProtect.exe --run O17 - DHCP DNS 1: 192.168.1.1 O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing) O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f  oScheduledTelemetryRun (Microsoft) (user missing)O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft) O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f oScheduledTelemetryRun (Microsoft)O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft) O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (Microsoft) O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\Windows\system32\SecureBootEncodeUEFI.exe (Microsoft) O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" O22 - Task: OneDrive Reporting Task-S-1-5-21-2324624951-3871799438-2749158109-1001 - C:\Users\Utente\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting O22 - Task: Power Button - C:\Program Files\Acer\Acer Quick Access\ePowerButton_NB.exe -s O22 - Task: Quick Access - C:\Program Files\Acer\Acer Quick Access\QALauncher.exe O22 - Task: Software Update Application - C:\ProgramData\OEM\UpgradeTool\ListCheck.exe O23 - Service R2: ESET Forwarder - (efwd) - C:\Program Files\ESET\ESET Security\efwd.exe O23 - Service R2: ESET Service - (ekrn) - C:\Program Files\ESET\ESET Security\ekrn.exe O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe O23 - Service R3: ESET Firewall Helper - (ekrnEpfw) - C:\Program Files\ESET\ESET Security\ekrn.exe O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe O23 - Service R3: Quick Access Service - (QASvc) - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service S3: Quick Access Local Service - (QALSvc) - C:\Program Files\Acer\Acer Quick Access\QALSvc.exe -- End of file - Time spent: 45,6 sec. - 19410 bytes, CRC32: FFFFFFFF. Sign: 딃幌 Sapete cosa significa? Dovrei fixare quella voce Secure Boot? |
|
|
|
30-08-2023, 16:50
|
#2 | |
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Quote:
Se hai dubbi o perplessità posta qui la schermata dei dati SMART in tutta la sua interezza. Riguardo al log, mi sono subito fermato dopo aver visto che sono in esecuzione eseguibili di Eset, Trend Micro e McAfee. Non va bene, non va bene per niente che ci siano prodotti di sicurezza di produttori diversi in funzionamento contemporaneo, generano problemi ed incompatibilità varie assortite. Inutile controllare il dopo dato che si parte da un sistema incasinato dall'utente. Normalmente dovrebbero bastare gli accessori di sicurezza forniti da Microsoft, cioè Defender ed accessori, ma se proprio si vuole usre altro che sia solo uno. |
|
|
|
|
|
30-08-2023, 16:56
|
#3 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
|
|
|
|
|
|
30-08-2023, 18:38
|
#4 | ||
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Quote:
Quote:
Ultima modifica di Nicodemo Timoteo Taddeo : 30-08-2023 alle 19:12. |
||
|
|
|
|
31-08-2023, 11:04
|
#5 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
No, l'altro è un laptop Asus. |
|
|
|
|
|
31-08-2023, 13:58
|
#6 | |
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Quote:
Potrebbe essere l'iso di installazione che non va bene, corrotta, malfatta o cos'altro. Se puoi mettere le mani su un computer ben funzionante, scarica il mediacreationtool di Microsoft per Windows 10, fagli creare una chiavetta di installazione di 10 ed effettua una nuova installazione da zero, cioè con cancellazione di tutte le partizioni precedenti. In questa maniera hai una installazione pulita e sicuramente realizzata con una fonte di installazione nuova e diversa dalle altre. Se hai solo questi due computer, falla comunque una chiavetta di installazione nuova, magari quella la fa bene. Non installare schifezze subito dopo, metti solo qualche programma indispensabile ed usa il PC, guarda cosa succede e solo dopo aver appurato che va tutto bene inizia a mettere gli altri programmi. |
|
|
|
|
|
31-08-2023, 14:29
|
#7 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
|
|
|
|
|
|
31-08-2023, 14:49
|
#8 |
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Se per malware ti riferisci al PUP segnalata de ESET quello non è un vero malware, ma un potenziale software indesiderabile¹.
PUP = potentially unsafe applications. I malware attuali non rovinano le instalalzioni di Windows, oggi si scrivono virus ed altri malware per sottrarre dati ed informazioni della gente, minare criptovalute o criptare file per chiedere poi il riscatto. In altre parole per monetizzare, guadagnare. Non si ci guadagna niente nel corrompere un sistema operativo, anzi l'OS deve essere ben funzionante per raggiungere meglio e più facilmente gli scopi del malware writer. ¹ https://support.eset.com/en/kb6567-y...uefi-detection |
|
|
|
|
31-08-2023, 14:53
|
#9 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
|
|
|
|
|
|
31-08-2023, 15:26
|
#10 |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Ma c'è qualcuno che sa interpretare il log di HiJackThis?
|
|
|
|
|
31-08-2023, 18:26
|
#11 | |
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Quote:
https://www.ilsoftware.it/focus/hija...-spyware_2459/ Comunque HiJackThis al giorno d'oggi è un tool sostanzialmente inutile, andava bene quindici anni fa oggi è un palliativo per così dire. Non becca tutto l'eseguito dalle recenti versioni di Windows a causa del cessato sviluppo già più diu un decennio fa. Tu stai usando un fork del programma ma questi fork sono tentativi alla buona di tenerlo in vita che poco dopo cessano. L'ultima release del tuo fork è già di un paio di anni fa ed era una versione beta, la tua versione è ancora più vecchia. Nessuno sviluppo nel frattempo e questi programmi devono essere aggiornati continuamente se li si vuole tenere pienamente operativi ed attuali. Al giorno d'oggi un sostituto in verità ancor più potente ma anche decisamente più complesso è Farbar Recovery Scan Tool, costantemente aggiornato, l'ultima release è di pochi giorni fa. Scaricabile da questa pagina web: https://www.bleepingcomputer.com/dow...ery-scan-tool/ Guida per l'utilizzo di questo potente e versatile strumento: https://www.bleepingcomputer.com/for...ery-scan-tool/ |
|
|
|
|
|
01-09-2023, 16:03
|
#12 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
Ran by x_emo (administrator) on DESKTOP-54LJ53H (Acer Aspire A315-51) (01-09-2023 09:47:52) Running from C:\Users\x_emo\Downloads\FRST64.exe Loaded Profiles: x_emo Platform: Microsoft Windows 10 Home Version 22H2 19045.3393 (X64) Language: English (United Kingdom) Default browser: Edge Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avpui.exe (C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksde.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksdeui.exe (C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\cmd.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> ) C:\Program Files\Malwarebytes\Anti-Malware\MBAMCrashHandler.exe (C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe (cmd.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\plugins_nms.exe (DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe (explorer.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe <21> (explorer.exe ->) (Realtek Semiconductor Corp. -> Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Microsoft Corporation -> Microsoft Corporation) C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\23.169.0813.0001\Microsoft.SharePoint.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe (services.exe ->) (Intel Corporation -> Intel Corporation) C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe <2> (services.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksde.exe (services.exe ->) (Malwarebytes Inc. -> Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (services.exe ->) (Microsoft Windows Hardware Compatibility Publisher -> Windows ® Win 7 DDK provider) C:\Windows\System32\drivers\AdminService.exe (services.exe ->) (Microsoft Windows Publisher -> Microsoft Corporation) C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe (svchost.exe ->) (Kaspersky Lab JSC -> AO Kaspersky Lab) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.0\kpm_tray.exe (svchost.exe ->) (Microsoft Corporation -> Microsoft Corporation) C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\23.169.0813.0001\FileCoAuth.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\MoUsoCoreWorker.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\SecurityHealthHost.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\System32\smartscreen.exe (svchost.exe ->) (Microsoft Windows -> Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe ==================== Registry (Whitelisted) =================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [19677488 2020-08-06] (Realtek Semiconductor Corp. -> Realtek Semiconductor) HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\...\Run: [MicrosoftEdgeAutoLaunch_6F1D71E81534CE933752BDD40EC83EC9] => "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5 [4107728 2023-08-25] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\...\RunOnce: [Delete Cached Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe" [63608752 2023-09-01] (Microsoft Corporation -> Microsoft Corporation) HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\...\RunOnce: [Delete Cached Standalone Update Binary] => C:\Windows\system32\cmd.exe /q /c del /q "C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe" (No File) HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\...\RunOnce: [Uninstall 21.220.1024.0005\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\amd64" [0 2023-09-01] () <==== ATTENTION [zero byte File/Folder] HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\...\RunOnce: [Uninstall 21.220.1024.0005] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\21.220.1024.0005" [0 2023-09-01] () <==== ATTENTION [zero byte File/Folder] HKLM\Software\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\System32\Rundll32.exe C:\Windows\System32\mscories.dll,Install HKLM\Software\Wow6432Node\Microsoft\Active Setup\Installed Components: [{89B4C1CD-B018-4511-B0A1-5476DBF70820}] -> C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ==================== Scheduled Tasks (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {703F50B1-5AA5-467C-9729-4240AFB864ED} - System32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} => C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe [726272 2023-08-31] (Kaspersky Lab JSC -> AO Kaspersky Lab) Task: {55D3D530-1FCD-4FDB-B1ED-EEB0AE7C7710} - System32\Tasks\kpm_tray.exe => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.0\kpm_tray.exe [516368 2023-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab) Task: {B2F4105A-7E8A-454A-B757-577215E396CB} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {6933CC88-9F78-40FE-AD9C-CFD3138AA85C} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Cleanup => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {9F8C15A0-41FC-4C17-9F59-886BB3F1C10B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) Task: {783B831A-764E-43BB-A379-51EF3D82E82B} - System32\Tasks\Microsoft\Windows\Windows Defender\Windows Defender Verification => C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MpCmdRun.exe [1596304 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job => C:\Windows\explorer.exe ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{60d3c176-3d31-478f-bd29-f4c214edac07}: [DhcpNameServer] 192.168.1.1 Edge: ======= Edge DefaultProfile: Default Edge Profile: C:\Users\x_emo\AppData\Local\Microsoft\Edge\User Data\Default [2023-09-01] Edge Notifications: Default -> hxxps://www.facebook.com Edge HomePage: Default -> hxxp://www.goge-it.com/ Edge Extension: (Kaspersky Protection) - C:\Users\x_emo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ahkjpbeeocnddjkakilopmfdlnjdpcdm [2023-08-31] Edge Extension: (uBlock Origin) - C:\Users\x_emo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2023-08-31] Edge Extension: (Google Docs Offline) - C:\Users\x_emo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2023-08-31] Edge Extension: (Edge relevant text changes) - C:\Users\x_emo\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\jmjflgjpcpepeafmmgdpfkogkghcpiha [2023-08-31] ==================== Services (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) "ESProtectionDriver" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\ESProtectionDriver => C:\Windows\system32\drivers\mbae64.sys [158640 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) <==== ATTENTION (Rootkit!/Locked Service) "MBAMChameleon" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\MBAMChameleon => \SystemRoot\System32\Drivers\MbamChameleon.sys <==== ATTENTION (Rootkit!/Locked Service) "MBAMFarflt" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\MBAMFarflt => system32\DRIVERS\farflt.sys <==== ATTENTION (Rootkit!/Locked Service) "MBAMProtection" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\MBAMProtection => \??\C:\Windows\system32\DRIVERS\mbam.sys <==== ATTENTION (Rootkit!/Locked Service) "MBAMWebProtection" => service could not be unlocked. <==== ATTENTION HKLM\SYSTEM\ControlSet001\Services\MBAMWebProtection => \SystemRoot\system32\DRIVERS\mwac.sys <==== ATTENTION (Rootkit!/Locked Service) R2 AVP21.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\avp.exe [32008 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 klvssbridge64_21.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\vssbridge64.exe [503544 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) S3 kpm_service_23.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Password Manager 23.0\kpm_service.exe [515856 2023-04-17] (Kaspersky Lab JSC -> AO Kaspersky Lab) R2 KSDE5.14; C:\Program Files (x86)\Kaspersky Lab\Kaspersky VPN 5.14\ksde.exe [32008 2023-07-13] (Kaspersky Lab JSC -> AO Kaspersky Lab) S2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe [9286168 2023-08-31] (Malwarebytes Inc. -> Malwarebytes) S3 WdNisSvc; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\NisSrv.exe [3121008 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) R2 WinDefend; C:\ProgramData\Microsoft\Windows Defender\platform\4.18.23080.2006-0\MsMpEng.exe [133688 2023-08-31] (Microsoft Windows Publisher -> Microsoft Corporation) ===================== Drivers (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 AcerAirplaneModeController; C:\Windows\System32\drivers\AcerAirplaneModeController.sys [30168 2020-05-12] (Acer Incorporated -> Acer Incorporated) R0 cm_km; C:\Windows\System32\DRIVERS\cm_km.sys [243336 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klbackupdisk.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klbackupdisk.sys [110312 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klbackupflt.Kaspersky4Win-21-14; C:\Windows\System32\DRIVERS\Kaspersky4Win-21-14\klbackupflt.sys [245024 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kldisk.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\kldisk.sys [128288 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S0 klelam; C:\Windows\System32\DRIVERS\klelam.sys [53576 2023-07-13] (Microsoft Windows Early Launch Anti-malware Publisher -> AO Kaspersky Lab) R1 klflt.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klflt.sys [550664 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klgse.Kaspersky4Win-21-14; C:\Windows\System32\DRIVERS\Kaspersky4Win-21-14\klgse.sys [738824 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klhk.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klhk.sys [1822752 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klids.Kaspersky4Win-21-14; C:\ProgramData\Kaspersky Lab\AVP21.14\Bases\klids.sys [235704 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 KLIF.Kaspersky4Win-21-14; C:\Windows\System32\DRIVERS\Kaspersky4Win-21-14\klif.sys [1187592 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klim6; C:\Windows\system32\DRIVERS\klim6.sys [99624 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klkbdflt.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klkbdflt.sys [121584 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klmouflt.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klmouflt.sys [117992 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpd.Kaspersky4Win-21-14; C:\Windows\System32\DRIVERS\Kaspersky4Win-21-14\klpd.sys [81176 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klpnpflt.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klpnpflt.sys [107240 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 kltun; C:\Windows\system32\DRIVERS\kltun.sys [86760 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_Kaspersky4Win-21-14_arkmon; C:\Windows\System32\Drivers\klupd_Kaspersky4Win-21-14_arkmon.sys [369432 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_Kaspersky4Win-21-14_klark; C:\Windows\System32\Drivers\klupd_Kaspersky4Win-21-14_klark.sys [351912 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R0 klupd_Kaspersky4Win-21-14_klbg; C:\Windows\System32\Drivers\klupd_Kaspersky4Win-21-14_klbg.sys [179816 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R3 klupd_Kaspersky4Win-21-14_mark; C:\Windows\System32\Drivers\klupd_Kaspersky4Win-21-14_mark.sys [260512 2023-08-31] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwfp.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klwfp.sys [182008 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 klwtp.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\klwtp.sys [428784 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) R1 kneps.Kaspersky4Win-21-14; C:\Windows\system32\DRIVERS\Kaspersky4Win-21-14\kneps.sys [352504 2023-07-13] (Microsoft Windows Hardware Compatibility Publisher -> AO Kaspersky Lab) S0 MbamElam; C:\Windows\System32\DRIVERS\MbamElam.sys [21480 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Malwarebytes) S3 MBAMSwissArmy; C:\Windows\System32\Drivers\mbamswissarmy.sys [239544 2023-09-01] (Microsoft Windows Hardware Compatibility Publisher -> Malwarebytes) S0 WdBoot; C:\Windows\System32\drivers\wd\WdBoot.sys [55872 2023-08-31] (Microsoft Windows Early Launch Anti-malware Publisher -> Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\wd\WdFilter.sys [574872 2023-08-31] (Microsoft Windows -> Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\drivers\wd\WdNisDrv.sys [105864 2023-08-31] (Microsoft Windows -> Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One month (created) (Whitelisted) ========= (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-01 09:47 - 2023-09-01 09:48 - 000017422 _____ C:\Users\x_emo\Downloads\FRST.txt 2023-09-01 09:47 - 2023-09-01 09:48 - 000000000 ____D C:\FRST 2023-09-01 09:46 - 2023-09-01 09:46 - 002382336 _____ (Farbar) C:\Users\x_emo\Downloads\FRST64.exe 2023-08-31 21:03 - 2023-09-01 09:41 - 074186752 _____ C:\Windows\system32\config\SOFTWARE 2023-08-31 20:59 - 2023-08-31 21:03 - 000000000 ____D C:\Windows\Microsoft Antimalware 2023-08-31 19:20 - 2023-09-01 08:18 - 000172982 _____ C:\Windows\ntbtlog.txt 2023-08-31 19:20 - 2023-08-31 19:20 - 000000214 _____ C:\Windows\Tasks\CreateExplorerShellUnelevatedTask.job 2023-08-31 19:18 - 2023-08-31 19:18 - 000000000 ____D C:\Users\x_emo\AppData\Local\mbam 2023-08-31 19:17 - 2023-09-01 09:43 - 000000000 ____D C:\Users\x_emo\AppData\Local\Malwarebytes 2023-08-31 19:17 - 2023-08-31 19:17 - 000002033 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes.lnk 2023-08-31 19:17 - 2023-08-31 19:17 - 000002021 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2023-08-31 19:16 - 2023-08-31 19:16 - 002606880 _____ (Malwarebytes) C:\Users\x_emo\Downloads\MBSetup.exe 2023-08-31 19:16 - 2023-08-31 19:16 - 000000000 ____D C:\ProgramData\Malwarebytes 2023-08-31 19:16 - 2023-08-31 19:16 - 000000000 ____D C:\Program Files\Malwarebytes 2023-08-31 19:12 - 2023-08-31 19:12 - 005832594 _____ C:\Users\x_emo\Downloads\MPLog-20210412-152039.txt 2023-08-31 19:04 - 2023-08-31 19:04 - 000001333 _____ C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk 2023-08-31 18:04 - 2023-08-31 18:05 - 000000000 ____D C:\Program Files\rempl 2023-08-31 17:14 - 2023-08-31 17:14 - 003659782 _____ C:\Users\x_emo\Downloads\GSI6_DESKTOP-54LJ53H_x_emo_08_31_2023_16_22_40.zip 2023-08-31 16:40 - 2023-08-31 16:41 - 000000000 ____D C:\AdwCleaner 2023-08-31 16:40 - 2023-08-31 16:40 - 008791352 _____ (Malwarebytes) C:\Users\x_emo\Downloads\adwcleaner.exe 2023-08-31 16:20 - 2023-08-31 16:20 - 013905680 _____ (AO Kaspersky Lab) C:\Users\x_emo\Downloads\GSI-6.2.2.43.exe 2023-08-31 16:18 - 2023-08-31 16:18 - 000003190 _____ C:\Windows\system32\Tasks\kpm_tray.exe 2023-08-31 16:18 - 2023-08-31 16:18 - 000001374 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Password Manager.lnk 2023-08-31 16:18 - 2023-08-31 16:18 - 000001370 _____ C:\Users\Public\Desktop\Kaspersky Password Manager.lnk 2023-08-31 16:18 - 2023-08-31 16:18 - 000000000 ____D C:\Users\x_emo\AppData\Local\Kaspersky Lab 2023-08-31 16:18 - 2023-08-31 16:18 - 000000000 ____D C:\Users\Default\AppData\Local\Kaspersky Lab 2023-08-31 16:18 - 2023-08-31 16:18 - 000000000 ____D C:\ProgramData\Package Cache 2023-08-31 16:18 - 2023-08-31 16:18 - 000000000 ____D C:\Program Files (x86)\dotnet 2023-08-31 16:17 - 2023-09-01 09:48 - 000247232 _____ C:\Windows\SysWOW64\AppRulesStorage-wal 2023-08-31 16:17 - 2023-09-01 09:42 - 000032768 _____ C:\Windows\SysWOW64\DnsStorage-shm 2023-08-31 16:17 - 2023-09-01 09:42 - 000032768 _____ C:\Windows\SysWOW64\AppRulesStorage-shm 2023-08-31 16:17 - 2023-08-31 16:17 - 000012288 _____ C:\Windows\SysWOW64\DnsStorage 2023-08-31 16:17 - 2023-08-31 16:17 - 000012288 _____ C:\Windows\SysWOW64\AppRulesStorage 2023-08-31 16:17 - 2023-08-31 16:17 - 000003240 _____ C:\Windows\system32\Tasks\Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} 2023-08-31 16:17 - 2023-08-31 16:17 - 000000000 _____ C:\Windows\SysWOW64\DnsStorage-wal 2023-08-31 16:16 - 2023-08-31 16:17 - 000000000 ____D C:\Program Files\Common Files\AV 2023-08-31 16:16 - 2023-08-31 16:16 - 000002427 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky.lnk 2023-08-31 16:16 - 2023-08-31 16:16 - 000002242 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky VPN.lnk 2023-08-31 16:15 - 2023-08-31 16:18 - 000000000 ____D C:\ProgramData\Kaspersky Lab 2023-08-31 16:15 - 2023-08-31 16:18 - 000000000 ____D C:\Program Files (x86)\Kaspersky Lab 2023-08-31 16:15 - 2023-08-31 16:16 - 000000000 ____D C:\Windows\system32\Drivers\Kaspersky4Win-21-14 2023-08-31 16:02 - 2023-08-31 16:02 - 004383056 _____ (Kaspersky) C:\Users\x_emo\Downloads\startup.exe 2023-08-31 15:58 - 2023-08-31 17:30 - 000000000 ____D C:\Users\x_emo\Downloads\HiJackThis 2023-08-31 15:58 - 2023-08-31 15:58 - 002370393 _____ C:\Users\x_emo\Downloads\HiJackThis.zip 2023-08-31 15:57 - 2023-08-31 15:57 - 007322616 _____ (Stanislav Polshyn & Trend Micro Inc.) C:\Users\x_emo\Downloads\HiJackThis.exe 2023-08-31 14:54 - 2023-08-31 14:54 - 000402314 _____ C:\Windows\system32\Drivers\rtkhdasetting.zip 2023-08-31 14:54 - 2023-08-31 14:54 - 000000000 ____D C:\Windows\SysWOW64\RTCOM 2023-08-31 14:54 - 2023-08-31 14:54 - 000000000 ____D C:\Windows\system32\DAX3 2023-08-31 14:54 - 2023-08-31 14:54 - 000000000 ____D C:\Windows\system32\DAX2 2023-08-31 14:54 - 2023-08-31 14:54 - 000000000 ____D C:\Users\x_emo\AppData\Roaming\Microsoft\MMC 2023-08-31 14:54 - 2023-08-31 14:54 - 000000000 ____D C:\Program Files\Realtek 2023-08-31 14:54 - 2020-08-06 02:22 - 006104160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys 2023-08-31 14:54 - 2020-08-06 02:22 - 005346888 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOv211.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 003793368 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 003676976 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl 2023-08-31 14:54 - 2020-08-06 02:22 - 003618400 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTKSpeechPP.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 003445648 _____ (DTS, Inc.) C:\Windows\system32\slcnt64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 003375928 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 003168296 _____ (DTS, Inc.) C:\Windows\system32\sltech64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 003159680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 002930056 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 001353224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 001259624 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOvlldp.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 001159080 _____ (Dolby Laboratories) C:\Windows\system32\DolbyDAX2APOProp.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 001110080 _____ (DTS, Inc.) C:\Windows\system32\sl3apo64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 000692072 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 000406344 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2APIPCLL.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 000378272 _____ (Dolby Laboratories) C:\Windows\system32\HiFiDAX2API.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 000343616 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 000192888 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll 2023-08-31 14:54 - 2020-08-06 02:22 - 000023600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll 2023-08-31 14:54 - 2020-08-06 02:21 - 001544144 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOProp.dll 2023-08-31 14:54 - 2020-08-06 02:21 - 001372280 _____ (Dolby Laboratories) C:\Windows\system32\DAX3APOv251.dll 2023-08-31 14:23 - 2019-05-07 18:40 - 000262528 _____ (Intel® Corporation) C:\Windows\system32\Drivers\IntcAudioBus.sys 2023-08-31 14:22 - 2023-08-31 14:22 - 000000000 ____D C:\Windows\Firmware 2023-08-31 14:22 - 2018-10-26 04:59 - 000190920 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaLPSS2_I2C.sys 2023-08-31 12:41 - 2023-08-31 14:53 - 000000000 ____D C:\Users\x_emo\AppData\Local\ElevatedDiagnostics 2023-08-31 12:16 - 2023-08-31 12:16 - 000000000 ____D C:\Users\x_emo\AppData\Local\PlaceholderTileLogoFolder 2023-08-31 09:27 - 2023-08-31 10:11 - 000000000 ____D C:\ESD 2023-08-31 09:24 - 2023-08-31 09:24 - 000000000 ___HD C:\$WinREAgent 2023-08-31 09:24 - 2023-08-31 09:24 - 000000000 ___HD C:\$Windows.~WS 2023-08-31 09:24 - 2023-08-31 09:24 - 000000000 ____D C:\$WINDOWS.~BT 2023-08-31 09:01 - 2023-08-31 09:01 - 000000000 ____D C:\Users\x_emo\AppData\Local\Comms 2023-08-31 08:51 - 2023-08-31 08:51 - 000000000 ____D C:\Program Files\Microsoft Update Health Tools 2023-08-31 08:49 - 2023-08-31 08:50 - 000000000 ____D C:\Windows\system32\MRT 2023-08-31 08:48 - 2023-08-31 08:48 - 000000000 ____D C:\Users\x_emo\AppData\Local\OneDrive 2023-08-31 08:39 - 2023-08-31 08:39 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\Registrazioni di suoni 2023-08-31 08:39 - 2023-08-31 08:39 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\My Games 2023-08-31 08:39 - 2023-08-31 08:39 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\Modelli di Office personalizzati 2023-08-31 08:39 - 2023-08-31 08:39 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\FirmaCerta 2023-08-31 08:39 - 2023-08-31 08:39 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\File di Outlook 2023-08-31 08:39 - 2023-08-31 08:39 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\Bluetooth Folder 2023-08-31 08:39 - 2023-03-26 11:11 - 000002256 _____ C:\Users\x_emo\OneDrive\Documenti\Default.rdp 2023-08-31 08:39 - 2023-03-18 18:54 - 000001354 _____ C:\Users\x_emo\OneDrive\Documenti\reg.reg 2023-08-31 08:38 - 2023-09-01 09:43 - 000003592 _____ C:\Windows\system32\Tasks\OneDrive Reporting Task-S-1-5-21-4232117531-2657500966-1400929814-1001 2023-08-31 08:38 - 2023-08-31 08:40 - 000000000 ____D C:\Users\x_emo\AppData\Roaming\Microsoft\Spelling 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ___HD C:\OneDriveTemp 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\TotalAV 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\Simply Super Software 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\My Registry Distiller Logs 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\FRST-OlderVersion 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\FeedbackHub 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\Data 2023-08-31 08:38 - 2023-08-31 08:38 - 000000000 ____D C:\Users\x_emo\OneDrive\Documenti\App 2023-08-31 08:38 - 2023-04-25 17:20 - 000003012 _____ C:\Users\x_emo\OneDrive\Documenti\newreg.reg 2023-08-31 08:38 - 2023-04-25 16:13 - 000036480 _____ C:\Users\x_emo\OneDrive\Documenti\chiavidiregistrochenonèpossibileeliminare.htm 2023-08-31 08:38 - 2023-04-23 23:12 - 000000476 _____ C:\Users\x_emo\OneDrive\Documenti\Reset_Registry_Permissions.bat 2023-08-31 08:38 - 2023-04-13 23:04 - 000055983 _____ C:\Users\x_emo\OneDrive\Documenti\Fixlog.txt 2023-08-31 08:38 - 2023-04-13 22:49 - 002380288 _____ (Farbar) C:\Users\x_emo\OneDrive\Documenti\FRSTEnglish.exe 2023-08-31 08:38 - 2023-04-03 18:32 - 000000000 _____ C:\Users\x_emo\OneDrive\Documenti\Default - Copia.rdp 2023-08-31 08:38 - 2021-08-27 19:57 - 000545743 _____ (hxxps://joosengportableapp.blogspot.com) C:\Users\x_emo\OneDrive\Documenti\AdvancedSystemCarePortable.exe 2023-08-31 08:37 - 2023-09-01 09:43 - 000003380 _____ C:\Windows\system32\Tasks\OneDrive Standalone Update Task-S-1-5-21-4232117531-2657500966-1400929814-1001 2023-08-31 08:37 - 2023-09-01 09:43 - 000000000 ___RD C:\Users\x_emo\OneDrive 2023-08-31 00:13 - 2023-08-31 10:11 - 000000000 ____D C:\Windows\Panther 2023-08-30 23:19 - 2023-09-01 09:46 - 000795738 _____ C:\Windows\system32\PerfStringBackup.INI 2023-08-30 23:15 - 2023-08-30 23:15 - 000000000 _SHDL C:\Documents and Settings 2023-08-30 23:13 - 2023-09-01 09:42 - 000008192 ___SH C:\DumpStack.log.tmp 2023-08-30 23:13 - 2023-09-01 09:42 - 000000006 ____H C:\Windows\Tasks\SA.DAT 2023-08-30 23:13 - 2023-09-01 08:18 - 000000000 ____D C:\Windows\system32\SleepStudy 2023-08-30 23:13 - 2023-08-31 10:13 - 000259496 _____ C:\Windows\system32\FNTCACHE.DAT 2023-08-30 23:13 - 2023-08-31 09:24 - 000002438 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Edge.lnk 2023-08-30 23:13 - 2023-08-31 09:24 - 000002276 _____ C:\Users\Public\Desktop\Microsoft Edge.lnk 2023-08-30 23:13 - 2023-08-31 09:18 - 000003536 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineUA 2023-08-30 23:13 - 2023-08-31 09:18 - 000003412 _____ C:\Windows\system32\Tasks\MicrosoftEdgeUpdateTaskMachineCore 2023-08-30 23:13 - 2023-08-31 08:47 - 000000000 ____D C:\Windows\system32\Drivers\wd 2023-08-30 23:13 - 2023-08-30 23:13 - 000000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf 2023-08-30 23:13 - 2023-08-30 23:13 - 000000000 ____D C:\Windows\ServiceProfiles 2023-08-30 22:42 - 2023-08-30 22:42 - 000000000 ____D C:\ProgramData\Microsoft OneDrive 2023-08-30 22:40 - 2023-09-01 09:42 - 000000000 __SHD C:\Users\x_emo\IntelGraphicsProfiles 2023-08-30 22:40 - 2023-09-01 09:42 - 000000000 ____D C:\Intel 2023-08-30 22:40 - 2023-08-31 12:16 - 000000000 ____D C:\Users\x_emo\AppData\Local\Packages 2023-08-30 22:40 - 2023-08-31 10:18 - 000000000 ____D C:\Users\x_emo\AppData\Local\D3DSCache 2023-08-30 22:40 - 2023-08-31 10:15 - 000000000 ____D C:\ProgramData\Packages 2023-08-30 22:40 - 2023-08-31 08:37 - 000000000 ____D C:\Users\x_emo\AppData\Local\ConnectedDevicesPlatform 2023-08-30 22:40 - 2023-08-30 22:45 - 000000000 ____D C:\ProgramData\Intel 2023-08-30 22:40 - 2023-08-30 22:42 - 000000000 __RHD C:\Users\Public\AccountPictures 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ___SD C:\Users\x_emo\AppData\Roaming\Microsoft\Crypto 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ___RD C:\Users\x_emo\3D Objects 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\Roaming\Microsoft\Vault 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\Roaming\Microsoft\Network 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\Roaming\Adobe 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\LocalLow\Intel 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\Local\VirtualStore 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\Local\Publishers 2023-08-30 22:40 - 2023-08-30 22:40 - 000000000 _____ C:\Windows\system32\GfxValDisplayLog.bin 2023-08-30 22:38 - 2023-09-01 09:43 - 000002383 _____ C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2023-08-30 22:38 - 2023-08-31 09:07 - 000000000 ____D C:\Users\x_emo 2023-08-30 22:38 - 2023-08-30 22:40 - 000000000 ____D C:\Users\x_emo\AppData\Roaming\Microsoft\Windows 2023-08-30 22:38 - 2023-08-30 22:38 - 000000020 ___SH C:\Users\x_emo\ntuser.ini 2023-08-30 22:38 - 2023-08-30 22:38 - 000000000 ___SD C:\Users\x_emo\AppData\Roaming\Microsoft\SystemCertificates 2023-08-30 22:38 - 2023-08-30 22:38 - 000000000 ___SD C:\Users\x_emo\AppData\Roaming\Microsoft\Protect 2023-08-30 22:38 - 2023-08-30 22:38 - 000000000 ___SD C:\Users\x_emo\AppData\Roaming\Microsoft\Credentials 2023-08-30 22:38 - 2022-08-16 02:00 - 000514552 _____ (Intel) C:\Windows\system32\libvpl.dll 2023-08-30 22:38 - 2022-08-16 02:00 - 000455176 _____ (Intel) C:\Windows\SysWOW64\libvpl.dll 2023-08-30 22:38 - 2022-08-16 01:59 - 000948464 _____ (Intel Corporation) C:\Windows\system32\libmfxhw64.dll 2023-08-30 22:38 - 2022-08-16 01:59 - 000709280 _____ (Intel Corporation) C:\Windows\SysWOW64\libmfxhw32.dll 2023-08-30 22:38 - 2022-08-16 01:59 - 000594184 _____ (Intel Corporation) C:\Windows\system32\intel_gfx_api-x64.dll 2023-08-30 22:38 - 2022-08-16 01:59 - 000454448 _____ (Intel Corporation) C:\Windows\SysWOW64\intel_gfx_api-x86.dll 2023-08-30 22:38 - 2022-08-16 01:58 - 001969712 _____ C:\Windows\system32\vulkaninfo-1-999-0-0-0.exe 2023-08-30 22:38 - 2022-08-16 01:58 - 001969712 _____ C:\Windows\system32\vulkaninfo.exe 2023-08-30 22:38 - 2022-08-16 01:58 - 001526320 _____ C:\Windows\SysWOW64\vulkaninfo-1-999-0-0-0.exe 2023-08-30 22:38 - 2022-08-16 01:58 - 001526320 _____ C:\Windows\SysWOW64\vulkaninfo.exe 2023-08-30 22:38 - 2022-08-16 01:58 - 001432304 _____ C:\Windows\system32\vulkan-1-999-0-0-0.dll 2023-08-30 22:38 - 2022-08-16 01:58 - 001432304 _____ C:\Windows\system32\vulkan-1.dll 2023-08-30 22:38 - 2022-08-16 01:58 - 001145584 _____ C:\Windows\SysWOW64\vulkan-1-999-0-0-0.dll 2023-08-30 22:38 - 2022-08-16 01:58 - 001145584 _____ C:\Windows\SysWOW64\vulkan-1.dll ==================== One month (modified) ================== (If an entry is included in the fixlist, the file/folder will be moved.) 2023-09-01 09:46 - 2019-12-07 11:13 - 000000000 ____D C:\Windows\INF 2023-09-01 09:43 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2023-09-01 09:41 - 2019-12-07 11:03 - 000524288 _____ C:\Windows\system32\config\BBI 2023-08-31 19:17 - 2019-12-07 11:14 - 000000000 ___HD C:\Windows\ELAMBKUP 2023-08-31 18:58 - 2019-12-07 11:03 - 000032768 _____ C:\Windows\system32\config\ELAM 2023-08-31 13:35 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\CbsTemp 2023-08-31 12:21 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\AppReadiness 2023-08-31 12:16 - 2019-12-07 11:14 - 000000000 ___HD C:\Program Files\WindowsApps 2023-08-31 10:37 - 2019-12-07 11:03 - 000000000 ____D C:\Windows\servicing 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\PrintDialog 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ___RD C:\Windows\ImmersiveControlPanel 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\WinMetadata 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SystemResources 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinMetadata 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\oobe 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\appraiser 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ShellExperiences 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\PolicyDefinitions 2023-08-31 10:12 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\bcastdvr 2023-08-31 09:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\SysWOW64\setup 2023-08-31 09:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\setup 2023-08-31 09:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\SecureBootUpdates 2023-08-31 09:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\migwiz 2023-08-31 09:13 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\appcompat 2023-08-31 08:47 - 2019-12-07 11:14 - 000000000 ____D C:\Program Files\Windows Defender 2023-08-31 08:38 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\ServiceState 2023-08-31 00:13 - 2019-12-07 11:14 - 000028672 _____ C:\Windows\system32\config\BCD-Template 2023-08-30 23:17 - 2019-12-07 16:46 - 000000000 ____D C:\Windows\system32\FxsTmp 2023-08-30 23:17 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\spool 2023-08-30 23:16 - 2019-12-07 11:14 - 000000000 ____D C:\Windows\system32\WinBioDatabase 2023-08-30 22:35 - 2019-12-07 11:14 - 000000000 ____D C:\ProgramData\USOPrivate ==================== SigCheck ============================ (There is no automatic fix for files that do not pass verification.) ==================== End of FRST.txt ======================== Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-08-2023 Ran by x_emo (01-09-2023 09:49:28) Running from C:\Users\x_emo\Downloads Microsoft Windows 10 Home Version 22H2 19045.3393 (X64) (2023-08-30 21:15:49) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= (If an entry is included in the fixlist, it will be removed.) Administrator (S-1-5-21-4232117531-2657500966-1400929814-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-4232117531-2657500966-1400929814-503 - Limited - Disabled) Guest (S-1-5-21-4232117531-2657500966-1400929814-501 - Limited - Disabled) WDAGUtilityAccount (S-1-5-21-4232117531-2657500966-1400929814-504 - Limited - Disabled) x_emo (S-1-5-21-4232117531-2657500966-1400929814-1001 - Administrator - Enabled) => C:\Users\x_emo ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Malwarebytes (Disabled - Up to date) {0D452135-A081-B000-D6B6-132E52638543} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: Kaspersky (Enabled - Up to date) {4F76F112-43EB-40E8-11D8-F7BD1853EA23} FW: Kaspersky (Enabled) {774D7037-0984-41B0-3A87-5E88E680AD58} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Kaspersky (HKLM-x32\...\{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Kaspersky) Hidden Kaspersky (HKLM-x32\...\InstallWIX_{3CC8CD12-5F5C-38C0-9557-8D379777C4AF}) (Version: 21.14.5.462 - Kaspersky) Kaspersky Password Manager (HKLM-x32\...\{CFA625D9-0245-477C-8F27-198B1D804B44}) (Version: 23.0.0.1051 - Kaspersky) Hidden Kaspersky Password Manager (HKLM-x32\...\InstallWIX_{CFA625D9-0245-477C-8F27-198B1D804B44}) (Version: 23.0.0.1051 - Kaspersky) Kaspersky VPN (HKLM-x32\...\{836E6477-FBFF-3ACE-983C-94E91D6FA845}) (Version: 21.14.5.462 - Kaspersky) Hidden Kaspersky VPN (HKLM-x32\...\InstallWIX_{836E6477-FBFF-3ACE-983C-94E91D6FA845}) (Version: 21.14.5.462 - Kaspersky) Malwarebytes version 4.6.1.280 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 4.6.1.280 - Malwarebytes) Microsoft .NET Host - 6.0.21 (x86) (HKLM-x32\...\{A9F8F2E3-D3A4-4D90-9800-F689932ECE89}) (Version: 48.87.64667 - Microsoft Corporation) Hidden Microsoft .NET Host FX Resolver - 6.0.21 (x86) (HKLM-x32\...\{EF4A37DD-21FE-43E9-89D1-1C699CC197AC}) (Version: 48.87.64667 - Microsoft Corporation) Hidden Microsoft .NET Runtime - 6.0.21 (x86) (HKLM-x32\...\{B8ED272B-5F2D-4FF5-A7CA-C73552D7FB0F}) (Version: 48.87.64667 - Microsoft Corporation) Hidden Microsoft Edge (HKLM-x32\...\Microsoft Edge) (Version: 116.0.1938.62 - Microsoft Corporation) Microsoft Edge WebView2 Runtime (HKLM-x32\...\Microsoft EdgeWebView) (Version: 116.0.1938.62 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\...\OneDriveSetup.exe) (Version: 23.169.0813.0001 - Microsoft Corporation) Microsoft Update Health Tools (HKLM\...\{BB052C53-34CB-42DE-AF41-66FDFCEEC868}) (Version: 3.72.0.0 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.21 (x86) (HKLM-x32\...\{33e692e6-1f06-4c3d-8981-738c129e0b2c}) (Version: 6.0.21.32717 - Microsoft Corporation) Microsoft Windows Desktop Runtime - 6.0.21 (x86) (HKLM-x32\...\{F25834D2-0460-4995-8585-8E41BD074159}) (Version: 48.87.64723 - Microsoft Corporation) Hidden Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.9000.1 - Realtek Semiconductor Corp.) Packages: ========= Cortana -> C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_1.1911.21713.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation) Intel® Graphics Command Center -> C:\Program Files\WindowsApps\AppUp.IntelGraphicsExperience_1.100.5180.0_x64__8j3eq9eme6ctt [2023-08-31] (INTEL CORP) [Startup Task] Mail and Calendar -> C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11629.20316.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation) [MS Ad] Microsoft Advertising SDK for XAML -> C:\Program Files\WindowsApps\Microsoft.Advertising.Xaml_10.1808.3.0_x64__8wekyb3d8bbwe [2023-08-30] (Microsoft Corporation) [MS Ad] Microsoft Solitaire Collection -> C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.4.8204.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Studios) [MS Ad] MSN Weather -> C:\Program Files\WindowsApps\Microsoft.BingWeather_4.25.20211.0_x64__8wekyb3d8bbwe [2023-08-31] (Microsoft Corporation) [MS Ad] ==================== Custom CLSID (Whitelisted): ============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ContextMenuHandlers1: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-31] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers2: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-31] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers3: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-31] (Malwarebytes Inc. -> Malwarebytes) ContextMenuHandlers4: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-31] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [Kaspersky Anti-Virus 21.14] -> {0D304B31-5702-4EEE-A8C7-3723E260D0AB} => C:\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\shellex.dll [2023-08-31] (Kaspersky Lab JSC -> AO Kaspersky Lab) ContextMenuHandlers6: [MBAMShlExt] -> {57CE581A-0CB6-4266-9CA0-19364C90A0B3} => C:\Program Files\Malwarebytes\Anti-Malware\mbshlext.dll [2023-08-31] (Malwarebytes Inc. -> Malwarebytes) ==================== Codecs (Whitelisted) ==================== ==================== Shortcuts & WMI ======================== (The entries could be listed to be restored or removed.) ShortcutWithArgument: C:\Users\x_emo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge (2).lnk -> C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe (Microsoft Corporation) -> --profile-directory=Default ==================== Loaded Modules (Whitelisted) ============= ==================== Alternate Data Streams (Whitelisted) ======== (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\Users\x_emo\Downloads\FRST64.exe:MBAM.Zone.Identifier [240] ==================== Safe Mode (Whitelisted) ================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service" ==================== Association (Whitelisted) ================= ==================== Internet Explorer (Whitelisted) ========== ==================== Hosts content: ========================= (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2019-12-07 11:14 - 2019-12-07 11:12 - 000000824 _____ C:\Windows\system32\drivers\etc\hosts ==================== Other Areas =========================== (Currently there is no automatic fix for this section.) HKU\S-1-5-21-4232117531-2657500966-1400929814-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost => (EnableWebContentEvaluation: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) ================ (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{C776FEF7-ED9B-485C-B2FF-3C6437192615}] => (Allow) C:\Program Files (x86)\Microsoft\EdgeWebView\Application\116.0.1938.62\msedgewebview2.exe (Microsoft Corporation -> Microsoft Corporation) ==================== Restore Points ========================= 30-08-2023 22:35:15 Windows Modules Installer ==================== Faulty Device Manager Devices ============ Name: Intel High Definition DSP Description: Intel High Definition DSP Class Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ======================== Application errors: ================== Error: (08/31/2023 07:20:14 PM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/31/2023 06:05:14 PM) (Source: MsiInstaller) (EventID: 11920) (User: DESKTOP-54LJ53H) Description: Product: Update for Windows 10 for x64-based Systems (KB4023057) -- Error 1920. Service 'Windows Remediation Service' (sedsvc) failed to start. Verify that you have sufficient privileges to start system services. Error: (08/31/2023 10:15:39 AM) (Source: VSS) (EventID: 13) (User: ) Description: Volume Shadow Copy Service information: The COM Server with CLSID {4e14fba2-2e22-11d1-9964-00c04fbbb345} and name CEventSystem cannot be started. [0x8007045b, A system shutdown is in progress. ] Error: (08/30/2023 11:18:50 PM) (Source: Software Protection Platform Service) (EventID: 8198) (User: ) Description: License Activation (slui.exe) failed with the following error code: hr=0x80072EE7 Command-line arguments: RuleId=31e71c49-8da7-4a2f-ad92-45d98a1c79ba;Action=AutoActivate;AppId=55c92734-d682-4d71-983e-d6ec3f16059f;SkuId=0567073a-7d74-403b-b2d5-6b35da372d8d;NotificationInterval=1440;Trigger=TimerEvent Error: (08/30/2023 11:18:50 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d Error: (08/30/2023 11:18:50 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 Error: (08/30/2023 11:18:49 PM) (Source: Software Protection Platform Service) (EventID: 1014) (User: ) Description: Acquisition of End User License failed. hr=0x80072EE7 Sku Id=0567073a-7d74-403b-b2d5-6b35da372d8d Error: (08/30/2023 11:18:49 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: ) Description: License acquisition failure details. hr=0x80072EE7 System errors: ============= Error: (09/01/2023 09:41:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-54LJ53H) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (09/01/2023 09:40:59 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (09/01/2023 09:40:59 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY) Description: DCOM got error "1084" attempting to start the service UsoSvc with arguments "Unavailable" in order to run the server: {B91D5831-B1BD-4608-8198-D72E155020F7} Error: (09/01/2023 09:40:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-54LJ53H) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (09/01/2023 09:39:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-54LJ53H) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (09/01/2023 09:38:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-54LJ53H) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (09/01/2023 09:37:03 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-54LJ53H) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Error: (09/01/2023 09:36:02 AM) (Source: DCOM) (EventID: 10005) (User: DESKTOP-54LJ53H) Description: DCOM got error "1084" attempting to start the service TokenBroker with arguments "Unavailable" in order to run the server: Windows.Internal.Security.Authentication.Web.WamProviderRegistration Windows Defender: ================ Date: 2023-08-31 16:17:35 Description: Microsoft Defender Antivirus scan has been stopped before completion. Scan Type: Antimalware Scan Parameters: Full Scan Event[0]: Date: 2023-08-31 19:20:47 Description: Microsoft Defender Antivirus Real-Time Protection feature has encountered an error and failed. Feature: On Access Error Code: 0x8007043c Error description: This service cannot be started in Safe Mode Reason: Antimalware security intelligence has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem. CodeIntegrity: =============== Date: 2023-09-01 09:47:57 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\com_antivirus.dll that did not meet the Windows signing level requirements. Date: 2023-09-01 09:47:27 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\System32\SecurityHealthService.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky 21.14\x64\com_antivirus.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== BIOS: Insyde Corp. V1.14 10/31/2018 Motherboard: KBL Venusaur_KL Processor: Intel® Core™ i3-7130U CPU @ 2.70GHz Percentage of memory in use: 55% Total physical RAM: 8069.22 MB Available physical RAM: 3565.8 MB Total Virtual: 9989.22 MB Available Virtual: 5649.64 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:237.84 GB) (Free:201.26 GB) (Model: HFS256G39TND-N210A) NTFS \\?\Volume{aabfa820-0388-4781-bb05-af056f9fc23c}\ () (Fixed) (Total:0.52 GB) (Free:0.08 GB) NTFS \\?\Volume{5b916d28-3e35-42fb-a541-36ff4572e723}\ () (Fixed) (Total:0.09 GB) (Free:0.07 GB) FAT32 ==================== MBR & Partition Table ==================== ========================================================== Disk: 0 (Protective MBR) (Size: 238.5 GB) (Disk ID: 00000000) Partition: GPT. ==================== End of Addition.txt ======================= |
|
|
|
|
|
02-09-2023, 08:18
|
#13 |
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Per me è tutto a posto ma è anche vero che non mi sono messo a spulciare parola per parola quel lungo log, a fare ricerche su tutti i processi a me sconosciuti, ma il loro path completo mi sembra lecito. Sistema tra l'altro abbastanza "pulito", cioè c'è poca roba in esecuzione.
Vedo che ora hai installato Kaspersky e Malwarebytes quindi ricapitolando hai fatto controlli con Kaspersky, Eset, Trend Micro, McAfee, Malwarebytes, il Defender integrato in Windows, hai prodotto due log in cui non si evince alcun evidente sospetto, io a questo punto smetterei di cercare "fantasmi" e mi dedicherei a fare cose più tangibili tipo fare una reinstallazione di Windows veramente "pulita" cioè da zero (cancellazione delle partizioni) e con una chiavetta di installazione realizzata con il MediaCreationTool su un computer sicuramente ben funzionante. Parto sempre dal presupposto che hai dichiarato che gli stessi malfunzionamenti sono presenti su due computer diversi, il che dovrebbe escludere problemi relativi a RAM o SSD fallati. Se il computer fosse sempre solo uno, allora ci sarebbe spazio per verifiche sulla bontà della RAM e dell'SSD o Hard Disk che sia. Ultima modifica di Nicodemo Timoteo Taddeo : 02-09-2023 alle 08:21. |
|
|
|
|
02-09-2023, 13:04
|
#14 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
|
|
|
|
|
|
02-09-2023, 13:55
|
#15 | |
|
Senior Member
Iscritto dal: Mar 2008
Messaggi: 20720
|
Quote:
 Speriamo sia effettivamente solo questo il problema, per il momento procedi con una reinstallazione da zero (vuol dire con cancellazione delle attuali partizioni) e vediamo cosa succede dopo. |
|
|
|
|
|
02-09-2023, 15:51
|
#16 | |
|
Junior Member
Iscritto dal: Aug 2023
Messaggi: 9
|
Quote:
|
|
|
|
|
|
|
| Strumenti | |
|
|
Tutti gli orari sono GMT +1. Ora sono le: 14:17.
