• Non sono ammesse registrazioni con indirizzi email temporanei usa e getta

Importante Richiesta controllo Logfile of HijackThis (Versione 2.10.0.31) del 06/05/2023

Buongiorno!
Avrei per favore bisogno di un aiuto per un Task Manager che non funziona a dovere: ha il problema del tab Processi vuoto.
Ho già usato sfc/ scannow ed i comandi DISM ma senza successo. Tuttavia in modalità provvisora il Task Manager ripristina il tab Processi con l'elenco dei processi attivi. Mi viene da pensare che ci sia qualche misconfigurazione software.

Da sempre uso il QuickStartup per la gestione dei processi di avvio.

Per cui eccomi per una cortese richiesta di controllo con HiJackThis. Ringrazio in anticipo:

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.25

Platform: x64 Windows 10 (Enterprise LTSB), 10.0.14393.5648 (ReleaseId: 1607), Service Pack: 0
Time: 04.02.2023 - 17:25 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 7293 MiB Free (34 %). CPU Loading: (15 %)
Elevated: Yes
Ran by: Guzz (group: Administrators) on DESKTOP-P3K0HSE, FirstRun: yes

Chrome: 103.0.5060.134
Firefox: 102.7.0.8409
Internet Explorer: 11.0.14393.2007
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
1 C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
1 C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\ai.exe
1 C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
1 C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
19 C:\Program Files\Mozilla Firefox\firefox.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\TechSmith\Snagit 2021\crashpad_handler.exe
1 C:\Program Files\TechSmith\Snagit 2021\Snagit32.exe
1 C:\Program Files\TechSmith\Snagit 2021\SnagPriv.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\platform\4.18.2211.5-0\NisSrv.exe
1 C:\Users\Guzz\Desktop\HiJackThis 2.9.0.6\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
2 C:\Windows\System32\nvwmi64.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
17 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
3 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SysWOW64\NLSSRV32.EXE
1 C:\Windows\SysWOW64\rundll32.exe
1 C:\Windows\SysWOW64\vmnat.exe
1 C:\Windows\SysWOW64\vmnetdhcp.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = https://www.msn.com/it-it/?ocid=iehp
O1 - Hosts: 127.0.0.1 sharpened.com
O1 - Hosts: 127.0.0.1 pingplotter.com
O1 - Hosts: 127.0.0.1 www.pingplotter.com
O4 - HKCU\..\Run: [GUSDelayStartup] = C:\Program Files (x86)\Glarysoft\Quick Startup\StartupManager.exe -delayrun
O4 - HKLM\..\Run: [Logitech Download Assistant] = C:\Windows\System32\LogiLDA.dll C:\Windows\System32\LogiLDA.dll,LogiFetch
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (file missing) (User 'Local service')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (file missing) (User 'Network service')
O4-32 - HKLM\..\Run: [SafeDiveCertMgm] = stCNSUtil.dll stCNSUtil.dll,DeleteCertStore (file missing)
O4-32 - HKLM\..\Run: [vmware-tray.exe] = C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 45.60.124.187 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 52.162.107.7 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 65.52.217.59 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 65.52.24.41 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 69.167.144.15 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 69.167.144.18 (mirrored) - Action: Block
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 0
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DpaDisabled] = 1
O7 - TroubleShooting: (EV) HKLM\..\Environment: [PSModulePath] = %ProgramFiles%\WindowsPowerShell\Modules;%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files\Intel\Wired Networking\
O17 - DHCP DNS 1: 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - DHCP DNS 2: 74.141.81.250
O17 - DHCP DNS 3: 9.9.9.9 (Well-known DNS: Quad9)
O17 - DHCP DNS 4: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{c1498493-979c-4397-a30d-46583cc533fb}: [NameServer] = 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{c1498493-979c-4397-a30d-46583cc533fb}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dc9a2887-182f-4e4d-a1e3-86c5fcac58da}: [NameServer] = 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dc9a2887-182f-4e4d-a1e3-86c5fcac58da}: [NameServer] = 74.141.81.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{dc9a2887-182f-4e4d-a1e3-86c5fcac58da}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dc9a2887-182f-4e4d-a1e3-86c5fcac58da}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dcb5d383-eb38-4d0c-b3f4-c75e64be530e}: [NameServer] = 1.1.1.1 (Well-known DNS: Cloudflare / APNIC)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dcb5d383-eb38-4d0c-b3f4-c75e64be530e}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O18 - Printer Port: C:\ProgramData\TechSmith\Snagit 21\PrinterPortFile
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\OO Software\DiskImage\oodishi.dll
O22 - BITS Job: (download) {10E39B5C-AFFE-4210-8EBF-13CEA3FCB10A} - http://b.c2r.ts.cdn.office.net/pr/4...f67d60/Office/Data/16.0.16026.20146/i640.c2rx -> C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.16026.20146\2910A1AC-E51C-4299-A6D6-0535CDA964E7_i640.c2rx
O22 - BITS Job: (download) {10E39B5C-AFFE-4210-8EBF-13CEA3FCB10A} - Microsoft Office Click-to-Run - (no URL)
O22 - BITS Job: (download) {10E39B5C-AFFE-4210-8EBF-13CEA3FCB10A} - Microsoft Office Click-to-Run - (no URL)
O22 - BITS Job: (download) {E73585A7-2D26-48F7-8D88-8A6214947003} - https://download-installer.cdn.mozi.../it/firefox-102.6.0esr-102.7.0esr.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\Windows\explorer.exe
O22 - Task (.job): (disabled) CCleanerCrashReporting.job - C:\-- Programmi Portable 10\CCleaner Portable 6.08\x64\CCleanerBugReport.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47E231B1-B275-45DA-90CD-CD4ACFEC63BF} - \Microsoft\Windows\Windows Defender\Windows Defender Cleanup (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{66130687-8E3A-4D14-BE47-A6692E462A51} - \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{92187648-9D42-4BFD-845F-4F66ABE8395F} - \Microsoft\Windows\Windows Defender\Windows Defender Verification (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E980C10B-F56A-44FE-8D5D-1A7C9E77E181} - \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance (no xml)
O22 - Tasks: (disabled) CCleanerCrashReporting - C:\-- Programmi Portable 10\CCleaner Portable 6.08\x64\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\-- Programmi Portable 10\CCleaner Portable 6.08\LOG" --programpath "C:\-- Programmi Portable 10\CCleaner Portable 6.08" --configpath "C:\-- Programmi Portable 10\CCleaner Portable 6.08\Setup" --guid "65bcb362-bb37-4202-a665-1d7a498c0b55" --version "6.08.10255" --silent
O22 - Tasks: (disabled) OneDrive Reporting Task-S-1-5-21-1983604686-772651299-2931576442-1001 - C:\Users\Guzz\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Tasks: (disabled) OO DiskImage {4f29bbd1-d7c2-4458-84d1-d8ad0e0d6e91} - C:\Program Files\OO Software\DiskImage\oodiag.exe /run {4f29bbd1-d7c2-4458-84d1-d8ad0e0d6e91}
O22 - Tasks: (disabled) OO DiskImage {5d36478b-1dec-4333-9f10-eccf24de5ae0} - C:\Program Files\OO Software\DiskImage\oodiag.exe /run {5d36478b-1dec-4333-9f10-eccf24de5ae0}
O22 - Tasks: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\KernelCeipTask - {E7ED314F-2816-4C26-AEB5-54A34D02404C} - C:\Windows\System32\kernelceip.dll (Microsoft)
O22 - Tasks: \Microsoft\Windows\EDP\EDP App Launch Task - {35EF4182-F900-4632-B072-8639E4478A61},AppLaunch - (no file)
O22 - Tasks: \Microsoft\Windows\EDP\EDP Auth Task - {35EF4182-F900-4632-B072-8639E4478A61},ReAuth - (no file)
O22 - Tasks: \Mozilla\Firefox Background Update 2458AE2D3F56CE9F - J:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\2458AE2D3F56CE9F\backgroundupdate.moz_log --backgroundtask backgroundupdate (file missing)
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 2458AE2D3F56CE9F - J:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "2458AE2D3F56CE9F" (file missing)
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Tasks: BraveSoftwareUpdateTaskMachineCore - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler
O22 - Tasks: CCleanerSkipUAC - Guzz - C:\-- Programmi Portable 10\CCleaner Portable 6.08\CCleaner.exe $(Arg0)
O22 - Tasks: CIE Middleware Update - C:\Windows\system32\rundll32.exe "C:\Windows\system32\CIEPKI.dll",Update
O22 - Tasks: nWizard_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O23 - Service R2: Nalpeiron Licensing Service - (nlsX86cc) - C:\Windows\SysWOW64\NLSSRV32.EXE
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA WMI Provider - (NVWMI) - C:\Windows\System32\nvwmi64.exe
O23 - Service R2: VMware Authorization Service - (VMAuthdService) - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service R2: VMware DHCP Service - (VMnetDHCP) - C:\Windows\SysWoW64\vmnetdhcp.exe
O23 - Service R2: VMware NAT Service - C:\Windows\SysWoW64\vmnat.exe
O23 - Service R2: VMware USB Arbitration Service - (VMUSBArbService) - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service S2: Servizio Brave Update (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\109.1.47.186\elevation_service.exe (file missing)
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NitroPDFDriverCreatorReadSpool9 - (NitroDriverReadSpool9) - C:\Program Files\Nitro\Pro 9\NitroPDFDriverService9x64.exe
O23 - Service S3: Servizio Brave Update (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc
O23 - Service S3: VMware vCenter Converter Standalone Agent - (vmware-converter-agent) - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-agent.xml"
O23 - Service S3: VMware vCenter Converter Standalone Server - (vmware-converter-server) - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-server.xml"
O23 - Service S3: VMware vCenter Converter Standalone Worker - (vmware-converter-worker) - C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe -s "C:\ProgramData\VMware\VMware vCenter Converter Standalone\converter-worker.xml"


--
End of file - Time spent: 16,5 sec. - 28716 bytes, CRC32: FFFFFFFF. Sign: 射
 
Le righe che mi insospettiscono, sempre che non ti riconducano a qualche programma installato, sono le seguenti:

Codice: 
O1 - Hosts: 127.0.0.1 sharpened.com
O1 - Hosts: 127.0.0.1 pingplotter.com
O1 - Hosts: 127.0.0.1 www.pingplotter.com
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 45.60.124.187 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 52.162.107.7 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 65.52.217.59 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 65.52.24.41 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 69.167.144.15 (mirrored) - Action: Block
O7 - IPSec: Name: Snagit ButtPlug (2020/11/11) - {eec91783-919b-4e49-982e-f0ea4e965cbd} - Source: my IP - Destination: IP: 69.167.144.18 (mirrored) - Action: Block
O17 - DHCP DNS 2: 74.141.81.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{dc9a2887-182f-4e4d-a1e3-86c5fcac58da}: [NameServer] = 74.141.81.250
 
Grazie per la risposta, VIANELLO_85.

In effetti quel sharpened non lo capisco mentre il blocco verso Snagit é voluto per motivi di privacy ma doveva essere su Windows firewall... ed ora controllando nel firewall non trovo voci di blocco in uscita di Snagit.
Dunque che sarebbero quel IPSec: Name: Snagit ButtPlug ? Quel che intuisco comunque pare essere bloccato in uscita verso quegli IP. E' un potenziale problema? :eusa_think:
Ricordo anche di aver disabilitato delle share preferences del relativo Editor...

Riguardo invece
O17 - DHCP DNS 2: 74.141.81.250
O17 - HKLM\System\CCS\Services\Tcpip\..\{dc9a2887-182f-4e4d-a1e3-86c5fcac58da}: [NameServer] = 74.141.81.250

é un DNS aggiunto nelle impostazioni avanzate TCP/IP della scheda di rete. Mi era stato suggerito effettuando un test con DNS Benchmark di GRC.COM . Comunque d'accordo, l'ho eliminato.

Mi par di capire che nel complesso, non esista nulla in grado di interferire con il Task Manager.
 
Ultima modifica:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.23

Platform: x64 Windows 11 (Home), 10.0.22621.1485 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 09.04.2023 - 17:07 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 3783 MiB Free (54 %). CPU Loading: (4 %)
Elevated: Yes
Ran by: Lorenzo (group: Administrators) on DESKTOP-K11V5FN, FirstRun: yes

Chrome: 111.0.5563.147
Internet Explorer: 11.0.22621.1
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Steam\steamservice.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.152\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe
1 C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostAddin).exe
1 C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(LenovoBoostSystemAddin).exe
1 C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantage-(VantageCoreAddin).exe
1 C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\LenovoVantageService.exe
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\111.0.1661.62\msedgewebview2.exe
8 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 C:\Program Files (x86)\Steam\steam.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
1 C:\Program Files\AMD\CNext\CNext\cncmd.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_423.8900.0.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2302.7-0\NisSrv.exe
1 C:\Windows\explorer.exe
2 C:\Windows\Lenovo\ImController\PluginHost86\Lenovo.Modern.ImController.PluginHost.Device.exe
1 C:\Windows\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\cmd.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\iaahcic.inf_amd64_3de4831720bb2934\RstMwService.exe
1 C:\Windows\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
1 C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_9bc8a839c751c49e\Intel_PIE_Service.exe
2 C:\Windows\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0386220.inf_amd64_1894141ab65df02b\B386218\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0386220.inf_amd64_1894141ab65df02b\B386218\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\Locator.exe
1 C:\Windows\System32\LsaIso.exe
1 C:\Windows\System32\lsass.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\Sgrm\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
84 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
3 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 D:\Download\HiJackThis\HiJackThis.exe
1 D:\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://lenovo17win10.msn.com/?pc=LCTE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://lenovo17win10.msn.com/?pc=LCTE
O4 - HKCU\..\Run: [AMDNoiseSuppression] = C:\WINDOWS\system32\AMD\ANR\AMDNoiseSuppression.exe (file missing)
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent
O4 - HKCU\..\StartupApproved\Run: [EADM] = D:\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (2023/03/10)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_BC68B7E3A3FF3A05DABA32118914F06A] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2022/08/07)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Lorenzo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2021/08/05)
O4 - HKLM\..\Run: [Lenovo Fundamental USB Keyboard] = C:\Program Files (x86)\Lenovo\Lenovo Calliope USB Keyboard\SklFundKb.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe -background
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft) (User 'Local service')
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (Microsoft) (User 'Network service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nlansp_c.dll
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Intel (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Lenovo\BatteryGauge (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\McAfee (empty)
O22 - Tasks: (damaged) \Lenovo\ImController\TimeBasedEvents\28944fb1-7a4e-4b5b-a728-268a7fd5996f - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 28944fb1-7a4e-4b5b-a728-268a7fd5996f (user missing)
O22 - Tasks: (damaged) \Lenovo\ImController\TimeBasedEvents\4b5beea2-80b3-4677-8eb0-61eadff9715f - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 4b5beea2-80b3-4677-8eb0-61eadff9715f (user missing)
O22 - Tasks: (damaged) \Lenovo\ImController\TimeBasedEvents\a652925b-624b-49c3-bb52-29106b6a00b5 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger a652925b-624b-49c3-bb52-29106b6a00b5 (user missing)
O22 - Tasks: (damaged) \Lenovo\ImController\TimeBasedEvents\ad6351c1-b766-48e9-9f58-4ad2bf66bfa5 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger ad6351c1-b766-48e9-9f58-4ad2bf66bfa5 (user missing)
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-1755012876-133732241-365190357-1002 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Printing\PrintJobCleanupTask - {8ABCE260-32B6-476C-AE13-B34D0C91292D} - C:\Windows\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (file missing)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (file missing)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Tasks: (telemetry) \Lenovo\Vantage\Schedule\DailyTelemetryTransmission - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe DailyTelemetryTransmission
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (Microsoft)
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
O22 - Tasks: \Lenovo\ImController\Lenovo iM Controller Monitor - C:\WINDOWS\system32\ImController.InfInstaller.exe -checkremoval
O22 - Tasks: \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService
O22 - Tasks: \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask - C:\WINDOWS\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\28944fb1-7a4e-4b5b-a728-268a7fd5996f - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 28944fb1-7a4e-4b5b-a728-268a7fd5996f
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\4b5beea2-80b3-4677-8eb0-61eadff9715f - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 4b5beea2-80b3-4677-8eb0-61eadff9715f
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\a652925b-624b-49c3-bb52-29106b6a00b5 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger a652925b-624b-49c3-bb52-29106b6a00b5
O22 - Tasks: \Lenovo\ImController\TimeBasedEvents\ad6351c1-b766-48e9-9f58-4ad2bf66bfa5 - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger ad6351c1-b766-48e9-9f58-4ad2bf66bfa5
O22 - Tasks: \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance - C:\WINDOWS\system32\sc.exe start LenovoVantageService
O22 - Tasks: \Lenovo\Vantage\Schedule\BatteryGaugeAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe BatteryGaugeAddinDailyScheduleTask
O22 - Tasks: \Lenovo\Vantage\Schedule\GenericMessagingAddin - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe GenericMessagingAddin
O22 - Tasks: \Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask
O22 - Tasks: \Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport
O22 - Tasks: \Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan
O22 - Tasks: \Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask
O22 - Tasks: \Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.43.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask
O22 - Tasks: \Microsoft\Windows\CloudRestore\Restore - {B4BCFA6F-948D-46B8-BF27-E8B1117E23B3} - C:\WINDOWS\system32\CloudRestoreLauncher.dll (Microsoft)
O22 - Tasks: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Tasks: \Microsoft\Windows\Security\Pwdless\IntelligentPwdlessTask - {8702A841-D5CA-47C3-812D-9CEDC304C200} - C:\WINDOWS\system32\IntelligentPwdlessTask.dll (Microsoft)
O22 - Tasks: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Tasks: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\WINDOWS\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsBackup\AutomaticBackup - C:\WINDOWS\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (Microsoft)
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay - C:\Program Files\ruxim\ruximics.exe /nonetwork (file missing)
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync - C:\Program Files\ruxim\ruximics.exe /onlyloadcampaigns (file missing)
O22 - Tasks: \Microsoft\Windows\WlanSvc\MoProfileManagement - {085EDA12-CF4A-4944-8222-8ADCADE137CB} - C:\Windows\System32\WlanMediaManager.dll (Microsoft)
O22 - Tasks: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Tasks: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Tasks: GoogleUpdateTaskMachineCore{1175AE5B-4AE0-48F1-A74B-6AAA195EBCE0} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks: GoogleUpdateTaskMachineUA{DAB3263D-3160-446A-A730-1C25A9B47B0B} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Tasks: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-1755012876-133732241-365190357-1002 - C:\Users\Lorenzo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Tasks_Migrated: (damaged) \Lenovo\ImController\TimeBasedEvents\29040912-0283-48e9-8e86-a73fe0f107ee - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 29040912-0283-48e9-8e86-a73fe0f107ee (user missing)
O22 - Tasks_Migrated: (damaged) \Lenovo\ImController\TimeBasedEvents\6262e335-7fa2-448c-9f1e-feaec3736f7a - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 6262e335-7fa2-448c-9f1e-feaec3736f7a (user missing)
O22 - Tasks_Migrated: (damaged) \Lenovo\ImController\TimeBasedEvents\6874dd8d-fce5-4e7c-8d61-66f8d478310f - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 6874dd8d-fce5-4e7c-8d61-66f8d478310f (user missing)
O22 - Tasks_Migrated: (damaged) \Lenovo\ImController\TimeBasedEvents\f81adea4-4df3-4ced-aacf-20bc30034ffb - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger f81adea4-4df3-4ced-aacf-20bc30034ffb (user missing)
O22 - Tasks_Migrated: (disabled) \Agent Activation Runtime\S-1-5-21-1755012876-133732241-365190357-1002 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Tasks_Migrated: (telemetry) \Lenovo\Vantage\Schedule\DailyTelemetryTransmission - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe DailyTelemetryTransmission (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Tasks_Migrated: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
O22 - Tasks_Migrated: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe
O22 - Tasks_Migrated: \Lenovo\BatteryGauge\BatteryGaugeMaintenance - C:\ProgramData\Lenovo\ImController\Plugins\LenovoBatteryGaugePackage\x64\BGHelper.exe
O22 - Tasks_Migrated: \Lenovo\ImController\Lenovo iM Controller Monitor - C:\WINDOWS\system32\ImController.InfInstaller.exe -checkremoval
O22 - Tasks_Migrated: \Lenovo\ImController\Lenovo iM Controller Scheduled Maintenance - C:\WINDOWS\system32\sc.exe START ImControllerService
O22 - Tasks_Migrated: \Lenovo\ImController\Plugins\LenovoSystemUpdatePlugin_WeeklyTask - C:\WINDOWS\System32\reg.exe add hklm\SOFTWARE\Lenovo\SystemUpdatePlugin\scheduler /v start /t reg_dword /d 1 /f /reg:32
O22 - Tasks_Migrated: \Lenovo\ImController\TimeBasedEvents\29040912-0283-48e9-8e86-a73fe0f107ee - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 29040912-0283-48e9-8e86-a73fe0f107ee
O22 - Tasks_Migrated: \Lenovo\ImController\TimeBasedEvents\6262e335-7fa2-448c-9f1e-feaec3736f7a - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 6262e335-7fa2-448c-9f1e-feaec3736f7a
O22 - Tasks_Migrated: \Lenovo\ImController\TimeBasedEvents\6874dd8d-fce5-4e7c-8d61-66f8d478310f - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger 6874dd8d-fce5-4e7c-8d61-66f8d478310f
O22 - Tasks_Migrated: \Lenovo\ImController\TimeBasedEvents\f81adea4-4df3-4ced-aacf-20bc30034ffb - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe /timebasedeventtrigger f81adea4-4df3-4ced-aacf-20bc30034ffb
O22 - Tasks_Migrated: \Lenovo\Vantage\Lenovo.Vantage.ServiceMaintainance - C:\WINDOWS\system32\sc.exe start LenovoVantageService
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\GenericMessagingAddin - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe GenericMessagingAddin (file missing)
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\HeartbeatAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe HeartbeatAddinDailyScheduleTask (file missing)
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.MonthlyReport - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.MonthlyReport (file missing)
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\Lenovo.Vantage.SmartPerformance.SScan - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe Lenovo.Vantage.SmartPerformance.SScan (file missing)
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\LenovoCompanionAppAddinDailyScheduleTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe LenovoCompanionAppAddinDailyScheduleTask (file missing)
O22 - Tasks_Migrated: \Lenovo\Vantage\Schedule\LenovoSystemUpdateAddin_WeeklyTask - C:\Program Files (x86)\Lenovo\VantageService\3.13.14.0\ScheduleEventAction.exe LenovoSystemUpdateAddin_WeeklyTask (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Tasks_Migrated: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55 -IdleScheduledJob (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2207.7-0\MpCmdRun.exe -IdleTask -TaskName WdVerification (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\WindowsBackup\AutomaticBackup - C:\WINDOWS\system32\rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup (Microsoft)
O22 - Tasks_Migrated: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay - C:\Program Files\ruxim\ruximics.exe /nonetwork (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync - C:\Program Files\ruxim\ruximics.exe /onlyloadcampaigns (file missing)
O22 - Tasks_Migrated: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP
O22 - Tasks_Migrated: AMDLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -AMDLinkUpdate
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore{1175AE5B-4AE0-48F1-A74B-6AAA195EBCE0} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA{DAB3263D-3160-446A-A730-1C25A9B47B0B} - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Tasks_Migrated: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser
O22 - Tasks_Migrated: OneDrive Reporting Task-S-1-5-21-1755012876-133732241-365190357-1002 - C:\Users\Lorenzo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0386220.inf_amd64_1894141ab65df02b\B386218\atiesrxx.exe
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Management Engine WMI Provider Registration - (WMIRegistrationService) - C:\WINDOWS\System32\DriverStore\FileRepository\mewmiprov.inf_amd64_cad1db73e8c782a6\WMIRegistrationService.exe
O23 - Service R2: Intel(R) Storage Middleware Service - (RstMwService) - C:\WINDOWS\System32\DriverStore\FileRepository\iaahcic.inf_amd64_3de4831720bb2934\RstMwService.exe
O23 - Service R2: LenovoVantageService - C:\Program Files (x86)\Lenovo\VantageService\\3.13.43.0\LenovoVantageService.exe
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\DriverStore\FileRepository\realtekservice.inf_amd64_3d19142d5a057a7c\RtkAudUService64.exe
O23 - Service R2: System Interface Foundation Service - (ImControllerService) - C:\WINDOWS\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
O23 - Service R3: EABackgroundService - D:\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe -start
O23 - Service R3: Intel® PROSet/Wireless Service - (PIEServiceNew) - C:\Windows\System32\DriverStore\FileRepository\piecomponent.inf_amd64_9bc8a839c751c49e\Intel_PIE_Service.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_e936ad8266d026ce\lib\TPMProvisioningService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: EAAntiCheatService - C:\Program Files\EA\AC\eaanticheat.gameservice.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\111.0.5563.147\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_e936ad8266d026ce\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) Optane(TM) Memory Service - (iaStorAfsService) - C:\WINDOWS\System32\iaStorAfsService.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 14,3 sec. - 57502 bytes, CRC32: FFFFFFFF. Sign: 乭
 
Buon pomeriggio. Se potete dare un'occhiata al log. Ho ricevuto a raffica delle notiifche indesiderate ogni volta che aprivo Chrome. Ho smanettato nelle impostazioni del browser e ho visto che c'erano nella sezione notifiche delle autorizzazioni relative a Greatcaptchasnow.top che ho puntualmente rimosso. Come antivirus, quello predefinito di windows. Ditemi per favore se devo scaricare qualche programma, tipo malwarebytes, per fare una scansione. Questo è il log:

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.29

Platform: x64 Windows 10 (Pro), 10.0.19045.2846 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 18.04.2023 - 14:42 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 4524 MiB Free (46 %). CPU Loading: (14 %)
Elevated: Yes
Ran by: Utente (group: Administrators) on DESKTOP-6TNITRT, FirstRun: yes

Chrome: 112.0.5615.121
Firefox: 112.0.1.8504
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
1 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
1 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
1 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
1 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
1 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
1 C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
36 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2204.13303.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2210.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23022.140.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2303.8-0\NisSrv.exe
1 C:\Users\Utente\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
3 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
2 C:\Windows\System32\rundll32.exe
9 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\SppExtComObj.Exe
1 C:\Windows\System32\sppsvc.exe
82 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_361\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_361\bin\ssv.dll
O2-32 - HKLM\..\BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIILE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-205 207 Series"
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\bit4upki-store.dll "C:\Windows\system32\bit4upki-store.dll",RunImportServer
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer
O4-32 - HKLM\..\Run: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun
O4-32 - HKLM\..\Run: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
O4-32 - HKLM\..\Run: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
O4-32 - HKLM\..\Run: [IndexSearch] = C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe
O4-32 - HKLM\..\Run: [ISUSPM] = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler
O4-32 - HKLM\..\Run: [M17A] = C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe
O4-32 - HKLM\..\Run: [PaperPort PTD] = C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
O4-32 - HKLM\..\Run: [PDFProHook] = C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O7 - AutoLogon: HKLM\..\Winlogon: \Utente (disabled)
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\Apri con PDF Viewer 7: (default) = C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll
O17 - DHCP DNS 1: 192.168.1.1
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-824607233-3609746563-3892767088-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Tasks: \R@1n-KMS\Office16ProPlus - C:\Windows\System32\Wbem\wmic.exe path SoftwareLicensingProduct where (ID="d450596f-894d-49e0-966a-fd39ed4c4c64") call Activate
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Tasks: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Tasks: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O23 - Service R2: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: Wifi AutoInstall Service - (WifiAutoInstallSrv) - C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
O23 - Service R3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\112.0.5615.121\elevation_service.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - (ICCS) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 13,9 sec. - 26692 bytes, CRC32: FFFFFFFF. Sign: ꬵ
 
Ercolino dopo aver eliminato quelle autorizzazioni nelle notifiche, non ho più riscontrato il problema. Volevo sapere se alla luce di tutto ciò anche il log era ok.
Ho fatto solo una scansione completa con defender e non ha trovato nulla.
 
Il log sembra Ok, comunque farei le cose che ti ho scritto su Chrome e della cartella temp

Una scansione con malwarebytes male non fa sicuramente ;)
 
Grazie per la segnalazione ;)

Aggiornato primo post

[2.10.0.29] - Apr 14, 2023
- Added O7 - AutoLogon.
- O7 - TroubleShooting (EV): [PathExt] and [PSModulePath] moved to "Missing list" method, which means item is displayed if only system defaults missing.
- Fixed Timer class overflow (thanks to Mikle Quits).
- Fixed "Search on Google".
- Some speed optimizations.
 
Buonasera, chiedo cortesemente che venga valutato il risultato del test effettuato qualche minuto fa...
Non ho problemi seri di funzionamento del pc ma soltanto un avvio lento ed il desktop che si blocca qualche secondo dopo aver avviato il sistema e le app d'avvio per un sistema operativo riportato alle impostazioni di fabbrica (recovery da hardisk) per due volte nell'ultimo mese, ciò per ovviare a ventola CPU rumorosa (talvolta tutt'oggi persiste...no problema fisico, sostituita due volte) e all'impossibiità di aggiornamento della scheda video (AMD Radeon) per avvio protetto di Windows e conflitto (noto bug in AMD vs Windows degli ultimi mesi).
Ho un HP Pavilion 570 con processore AMD A10-9700 Radeon R7, 10 compute cores 4C+6G, RAM di 8GB con Windows 10 Home 64bit, programmi HP e NON preinstallati e rimossi quali il pacchetto Microsoft Office per Open Office, DropBox e l'antivirus McAfee per Avast Premium licenziato (vedo tracce persistenti nel log ed ho cartelle in C: non rimosse da RevoUnistaller...).
In linea di massima, ci tengo alla mia privacy, detesto imposizioni e invadenza sempre più marcati da parte di Microsoft Windows quindi procedo da sempre al settaggio delle impostazioni esculendo quanto possibile per blindare le mie attività. Ergo, servizi bloccati ed app disattivate (alcune rimosse del tutto), account Admin e non Microsoft, no a OneDrive...
Nel log, aggiungo di lato in grassetto la nota - DA ME DISINSTALLATO per evidenziare la presunta anomalia che tale voce ci sia...
Ringrazio per la disponibilità... :)


Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.31

Platform: x64 Windows 10 (Home), 10.0.19045.2846 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 09.05.2023 - 14:05 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 3755 MiB Free (51 %). CPU Loading: (3 %)
Elevated: Yes
Ran by: Mark ****** (group: Administrators) on DESKTOP-5MPNR81, FirstRun: yes

Firefox: 112.0.2.8514
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe - DA ME DISINSTALLATO
1 C:\Program Files (x86)\HP\HP JumpStart Bridge\HPJumpStartBridge.exe
1 C:\Program Files (x86)\HP\HP JumpStart Launch\HPJumpStartLaunch.exe
1 C:\Program Files (x86)\HP\HP System Event\HPMSGSVC.exe
1 C:\Program Files (x86)\HP\HP System Event\HPWMISVC.exe
1 C:\Program Files (x86)\HP\HPAudioSwitch\HPAudioSwitch.exe
1 C:\Program Files (x86)\MagicTune Premium\GammaTray.exe
1 C:\Program Files (x86)\MagicTune Premium\MagicTuneEngine.exe
1 C:\Program Files (x86)\OpenOffice 4\program\soffice.bin
1 C:\Program Files (x86)\OpenOffice 4\program\soffice.exe
1 C:\Program Files (x86)\OpenOffice 4\program\swriter.exe
1 C:\Program Files\AMD\CNext\CNext\cncmd.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\Avast Software\Avast\afwServ.exe
1 C:\Program Files\Avast Software\Avast\aswEngSrv.exe
1 C:\Program Files\Avast Software\Avast\aswidsagent.exe
1 C:\Program Files\Avast Software\Avast\aswToolsSvc.exe
1 C:\Program Files\Avast Software\Avast\AvastSvc.exe
4 C:\Program Files\Avast Software\Avast\AvastUI.exe
1 C:\Program Files\Avast Software\Avast\wsc_proxy.exe
2 C:\Program Files\Everything\Everything.exe
1 C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
1 C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
1 C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
1 C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
1 C:\Program Files\HPCommRecovery\HPCommRecovery.exe
10 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\WindowsApps\microsoft.mspaint_6.2203.1037.0_x64__8wekyb3d8bbwe\PaintStudio.View.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2023.10030.27002.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21422.0_x64__8wekyb3d8bbwe\HxOutlook.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21422.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\Programmi portables\09 HiJackThis\HiJackThis 2.10.0.29.exe
1 C:\Users\Mark Apples\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0382934.inf_amd64_cbf07db13ec1507d\B381983\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\SysWOW64\tbaseprovisioning.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://hp17win10.msn.com/?pc=HCTE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://hp17win10.msn.com/?pc=HCTE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://hp17win10.msn.com/?pc=HCTE
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://hp17win10.msn.com/?pc=HCTE
R0 - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://hp17win10.msn.com/?pc=HCTE
R0 - HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://hp17win10.msn.com/?pc=HCTE
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CC81AEA-F213-4426-9E98-6A7D82FCB031}: [SuggestionsURL] = http://asp.assoc-amazon.co.uk/suggestions?q={searchTerms}&t=hp-uk1-vsb-21 - Amazon (UK) Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CC81AEA-F213-4426-9E98-6A7D82FCB031}: [SuggestionsURL_JSON] = http://completion.amazon.co.uk/search/complete?method=completion&q={searchTerms}&search-alias=aps&client=amzn-search-suggestions/9fe582406fb5106f343a84083d78795713c12d68&mkt=3 - Amazon (UK) Search Suggestions
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CC81AEA-F213-4426-9E98-6A7D82FCB031}: = http://www.amazon.co.uk/s/ref=az...sec. - 46174 bytes, CRC32: FFFFFFFF. Sign: 궕抱
 
Sul log non vedo nulla di allarmante, hai fatto bene a sottolineare in quelle righe precedenti al log la tua situazione.

Due cose ho notato:
1) Vedo che nel log hai la versione .31 del programma, ma sia la pagina dello sviluppatore che dal changelog vedo sono arrivati al .30
2) ho notato la riga che ti posto sotto, forse qualche residuo dell'eseguibile precedente versione

1 C:\Programmi portables\09 HiJackThis\HiJackThis 2.10.0.29.exe

Nel caso apri una discussione in questa sezione per approfondire la tua problematica.
 
Ultima versione disponibile

[2.10.0.30] - May 06, 2023
- Fixed potential error in retrieving paths of executable images on Windows 8.1- due to OS bug (thanks to HackerVlad).
- TamperProtection will show an error code instead of the number 0 if an access is denied.
- Fixed freezing for 15 seconds on Windows 10+ when checking BITS.
 
Devi accedere o registrarti per poter rispondere.
Indietro
Alto Basso