Preso da un altro pc. Da quello che leggo sul web, dovrebbe trattarsi del virus shortcut
Problema PC: Chiavetta USB infetta?
- Creatore Discussione Shark81
- Data di inizio
Preso da un altro pc. Da quello che leggo sul web, dovrebbe trattarsi del virus shortcut
forse l'ha fatto la completa/full col 1° software, tu il 2° l'hai provato?
Ho fatto la scandsione completa con trendmicro e mi ha trovato un trojan In C:\program files (x86)\winsoft update service\program.pyz ed ho cliccato su fix
Il problema però persiste. Ogni volta che inserisco la chiavetta, mi si crea il collegamento.
Nel log postato precedentemente era tutto ok?
Il problema però persiste. Ogni volta che inserisco la chiavetta, mi si crea il collegamento.
Nel log postato precedentemente era tutto ok?
- Registrato
- 4 Luglio 2011
- Messaggi
- 13.183
Disattiva l'autoplay
In windows 10 vai in -> Impostazioni -> Dispositivi -> Autoplay (disattivalo)
Riavvia il sistema e fai una nuova pulizia (anche della chiavetta)
Ho controllato meglio il tuo log devi eliminare
O22 - Tasks: WinSoft Update Service - C:\Program Files (x86)\WinSoft Update Service\pythonw.exe bootstrap.pyc (sign: 'Python Software Foundation')
Prima di cancellare la riga 022 che ti ho messo, verifica nel task manager se risulta in esecuzione pythonw.exe, nel caso fai termina, poi cancella la 022 sopra e successivamente elimina tutta la cartella WinSoft Update Service che si trova in Program Files (x86)
Generalmente quando è in esecuzione pythonw.exe può star ad indicare che è presente probabilmente un virus che è compilato in linguaggio Python
Cancella anche tutto il contenuto della cartella Temp (solo il contenuto)
C:\Windows
Poi rifai la scansione completa con Trend micro e Malwarebytes
O22 - Tasks: WinSoft Update Service - C:\Program Files (x86)\WinSoft Update Service\pythonw.exe bootstrap.pyc (sign: 'Python Software Foundation')
Prima di cancellare la riga 022 che ti ho messo, verifica nel task manager se risulta in esecuzione pythonw.exe, nel caso fai termina, poi cancella la 022 sopra e successivamente elimina tutta la cartella WinSoft Update Service che si trova in Program Files (x86)
Generalmente quando è in esecuzione pythonw.exe può star ad indicare che è presente probabilmente un virus che è compilato in linguaggio Python
Cancella anche tutto il contenuto della cartella Temp (solo il contenuto)
C:\Windows
Poi rifai la scansione completa con Trend micro e Malwarebytes
In gestione attività non mi sembra di vedere pythonw.exe. In compenso vedo un Runtime Broker (32 bit).
Inoltre ho notato che in Program Files (x86) oltre alla cartella WinSoft Update Service, ce n'è un'altra chiamata pyt37 che come contenuto ha gli stessi file di WinSoft Update Service
Inoltre ho notato che in Program Files (x86) oltre alla cartella WinSoft Update Service, ce n'è un'altra chiamata pyt37 che come contenuto ha gli stessi file di WinSoft Update Service
Elimina la 022, poi cancella completamente le cartelle WinSoft Update Service e pyt37 e tutto il contenuto della cartella temp
Ovviamente elimina tutto anche dal cestino
Poi fai nuovamente una scansione con trend micro
Ho eliminato 022.
La cartella pyt37 me l'ha fatta eliminare.
L'altra no. Mi dice impossibile completare l'operazione perchè la cartella o un file all'interno di essa è aperto in un altro programma. Io non ho nulla aperto. Prova a riavviare e a riprovare l'eliminazione della cartella?
La cartella pyt37 me l'ha fatta eliminare.
L'altra no. Mi dice impossibile completare l'operazione perchè la cartella o un file all'interno di essa è aperto in un altro programma. Io non ho nulla aperto. Prova a riavviare e a riprovare l'eliminazione della cartella?
Prova in modalità provvisoria.
Guarda nel task manager bene se qualche file è in esecuzione
Inoltre da Start/esegui digita
msconfig
E verifica i programmi che partono all'avvio, se c'è qualcosa di strano riferito a quella cartella togli la spunta e riavvia il pc
Poi controlla se è eliminato tutto
riavviando il pc sono riuscito ad eliminarla. Ho svuotato anche la cartella Temp. Ora sto facendo scansione completa del pc.
Ma nel momento in cui inserisco le penne usb con cui ho avuto problemi, la situazione si ripresenta?
Ma nel momento in cui inserisco le penne usb con cui ho avuto problemi, la situazione si ripresenta?
Premettendo di avere la penna usb pulita, e pc ok, problemi non dovrebbero presentarsi.
Vianello sulla pennetta il problema c'è. Quando la inserisco, si crea il collegamento. O meglio, prima di fare le operazioni indicate da Ercolino, la situazione era presente. Comunque ora sto facendo la scansione completa del pc. Una volta completata, posso fare la prova. Il discorso è che prima di eseguire le indicazioni di Ercolino, le scansioni effettuate sulla pennetta davano tutto pulito però il problema c'era.
Ho eseguito le stesse operazioni anche su un altro pc perchè purtroppo non pensando potesse trattarsi di virus, avevo inserito la pennetta anche lì. Ed in programmi mi sono ritrovato le medesime cartelle
Ho eseguito le stesse operazioni anche su un altro pc perchè purtroppo non pensando potesse trattarsi di virus, avevo inserito la pennetta anche lì. Ed in programmi mi sono ritrovato le medesime cartelle
Prima pulisci completamente i Pc, poi prova con una chiavetta diversa cosa succede, e se proprio l'altra chiavetta non riesci a recuperarla la manderei in pensione
Purtroppo ho file di lavoro. Prima di fare pulizia nel pc, ho copiato tutto quello che c'era nella pennetta e li ho messi su una cartella sul desktop.
Per non fare aprire la pennetta in automatico una volta inserita nella porta usb, è sufficiente andare su impostazioni----dispositivi---autoplay e disattivarlo? Ho windows 10 pro. Così almeno posso anche provare ad inserire la pennetta e ripetere la scansione
Per non fare aprire la pennetta in automatico una volta inserita nella porta usb, è sufficiente andare su impostazioni----dispositivi---autoplay e disattivarlo? Ho windows 10 pro. Così almeno posso anche provare ad inserire la pennetta e ripetere la scansione
Buongiorno, potete dare un'occhiata se c'è qualcos'altro da togliere? Credo di essere riuscito ad eliminarlo dal pc. L'unica cosa è che quando accendo il pc o dopo un determinato intervallo di tempo, mi compare un riquadro sul desktop denominato "ScreenDim". Non ho capito se ha a che fare con la luminosità. Sta di fatto che prima di beccare questo virus non mi era mai successo.
Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.2.0.2
Platform: x64 Windows 10 (Pro), 10.0.19045.3693 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 03.12.2023 - 08:46 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 4452 MiB Free. Loading RAM (46 %), CPU (6 %)
Elevated: Yes
Ran by: Utente (group: Administrators; type: Local) on DESKTOP-6TNITRT, FirstRun: yes
Chrome: 119.0.6045.200
Firefox: 120.0.1.8733
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
1 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
1 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
1 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
5 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
1 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
1 C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23092.158.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\Users\Utente\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\rundll32.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\SppExtComObj.Exe
1 C:\Windows\System32\sppsvc.exe
79 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (sign: 'Zeon Corporation')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_B171DF7C782C6549CCED649E6C8247F6] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Microsoft')
O4 - MountPoints2: HKCU\..\{4d93cb17-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - MountPoints2: HKCU\..\{4d93cb8a-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (not signed)
O4-32 - HKLM\..\Run: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (not signed)
O4-32 - HKLM\..\Run: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (sign: 'Brother Industries, Ltd.')
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (sign: 'SEIKO EPSON Corporation')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [IndexSearch] = C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (sign: 'Nuance Communications, Inc.')
O4-32 - HKLM\..\Run: [ISUSPM] = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler (sign: 'Flexera Software LLC')
O4-32 - HKLM\..\Run: [M17A] = C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [PaperPort PTD] = C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (sign: 'Nuance Communications, Inc.')
O4-32 - HKLM\..\Run: [PDFProHook] = C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (sign: 'Nuance Communications, Inc.')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\Apri con PDF Viewer 7: (default) = C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (sign: 'Zeon Corporation')
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-824607233-3609746563-3892767088-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\Windows\System32\unifiedconsent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks: ScreenBrightnessRestore - C:\Program Files (x86)\ScreenDim\ScreenDim.exe restore (not signed)
O23 - Service R2: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service (sign: 'ABBYY SOLUTIONS LIMITED')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Adobe Creative Cloud Experience Node - (adobecreativecloudexperiencenode.exe) - C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe (not signed)
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe (not signed)
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (not signed)
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (not signed)
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe (sign: 'SEIKO EPSON Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem (sign: 'Microsoft')
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (sign: 'Nuance Communications, Inc.')
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe (sign: 'TeamViewer Germany GmbH')
O23 - Service R2: Wifi AutoInstall Service - (WifiAutoInstallSrv) - C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe (not signed)
O23 - Service R3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Microsoft') (+safe mode)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\119.0.6045.200\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - (ICCS) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (sign: 'Intel Corporation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Driver R0: pwdrvio - C:\Windows\system32\pwdrvio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\Windows\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R2: MBAMChameleon - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: IWD Bus Enumerator - (iwdbus) - C:\Windows\System32\drivers\iwdbus.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver R3: MBAMFarflt - C:\Windows\system32\DRIVERS\farflt.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMProtection - C:\Windows\system32\DRIVERS\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\Windows\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp')
O23 - Driver R3: Realtek Wireless LAN 802.11n USB 2.0 Network Adapter - (RtlWlanu) - C:\Windows\System32\drivers\rtl8188gu.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: "Intel(R) Display Audio" ; {PlaceHolder="Display Audio","High Definition Audio"} - (IntcDAud) - C:\Windows\system32\DRIVERS\IntcDAud.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed)
O23 - Driver S3: igfx - C:\Windows\system32\DRIVERS\igdkmd64.sys (sign: 'Intel Corporation - pGFX')
O23 - Driver S3: Intel WiDi Audio Device - (intaud_WaveExtensible) - C:\Windows\system32\drivers\intelaud.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: pwdspio - C:\Windows\system32\pwdspio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: USB RNDIS6 Adapter - (usbrndis6) - C:\Windows\System32\drivers\usb80236.sys (+safe mode) (not signed)
O23 - Driver S3: USB Scanner Driver - (usbscan) - C:\Windows\System32\drivers\usbscan.sys (+safe mode) (not signed)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RtlWlanu'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'usbrndis6'
--
End of file - Time spent: 40 sec. - 41692 bytes, CRC32: FFFFFFFF. Sign: 蔙ฬ
Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.2.0.2
Platform: x64 Windows 10 (Pro), 10.0.19045.3693 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 03.12.2023 - 08:46 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 4452 MiB Free. Loading RAM (46 %), CPU (6 %)
Elevated: Yes
Ran by: Utente (group: Administrators; type: Local) on DESKTOP-6TNITRT, FirstRun: yes
Chrome: 119.0.6045.200
Firefox: 120.0.1.8733
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
1 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
1 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
1 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
5 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
1 C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe
1 C:\Program Files (x86)\Nuance\PDF Professional 7\PdfPro7Hook.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2307.4.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23092.158.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22091.10051.0_x64__8wekyb3d8bbwe\Video.UI.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\Users\Utente\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\rundll32.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\SppExtComObj.Exe
1 C:\Windows\System32\sppsvc.exe
79 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre-1.8\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre-1.8\bin\ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (sign: 'Zeon Corporation')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\119.0.6045.200\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_B171DF7C782C6549CCED649E6C8247F6] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Microsoft')
O4 - MountPoints2: HKCU\..\{4d93cb17-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - MountPoints2: HKCU\..\{4d93cb8a-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (not signed)
O4-32 - HKLM\..\Run: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (not signed)
O4-32 - HKLM\..\Run: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (sign: 'Brother Industries, Ltd.')
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (sign: 'SEIKO EPSON Corporation')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [IndexSearch] = C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (sign: 'Nuance Communications, Inc.')
O4-32 - HKLM\..\Run: [ISUSPM] = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler (sign: 'Flexera Software LLC')
O4-32 - HKLM\..\Run: [M17A] = C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [PaperPort PTD] = C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (sign: 'Nuance Communications, Inc.')
O4-32 - HKLM\..\Run: [PDFProHook] = C:\Program Files (x86)\Nuance\PDF Professional 7\pdfpro7hook.exe (sign: 'Nuance Communications, Inc.')
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (sign: 'Oracle America, Inc.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\Apri con PDF Viewer 7: (default) = C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (sign: 'Zeon Corporation')
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f
oScheduledTelemetryRun (user missing) (sign: 'Microsoft')O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-824607233-3609746563-3892767088-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f
oScheduledTelemetryRun (sign: 'Microsoft')O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\Windows\System32\unifiedconsent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks: ScreenBrightnessRestore - C:\Program Files (x86)\ScreenDim\ScreenDim.exe restore (not signed)
O23 - Service R2: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service (sign: 'ABBYY SOLUTIONS LIMITED')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Adobe Creative Cloud Experience Node - (adobecreativecloudexperiencenode.exe) - C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe (not signed)
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe (not signed)
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (not signed)
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (not signed)
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe (sign: 'SEIKO EPSON Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem (sign: 'Microsoft')
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (sign: 'Nuance Communications, Inc.')
O23 - Service R2: TeamViewer - C:\Program Files\TeamViewer\TeamViewer_Service.exe (sign: 'TeamViewer Germany GmbH')
O23 - Service R2: Wifi AutoInstall Service - (WifiAutoInstallSrv) - C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe (not signed)
O23 - Service R3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (sign: 'Microsoft') (+safe mode)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\119.0.6045.200\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - (ICCS) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (sign: 'Intel Corporation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Driver R0: pwdrvio - C:\Windows\system32\pwdrvio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver R1: Malwarebytes Anti-Exploit - (ESProtectionDriver) - C:\Windows\system32\drivers\mbae64.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R2: MBAMChameleon - C:\Windows\System32\Drivers\MbamChameleon.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: IWD Bus Enumerator - (iwdbus) - C:\Windows\System32\drivers\iwdbus.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver R3: MBAMFarflt - C:\Windows\system32\DRIVERS\farflt.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMProtection - C:\Windows\system32\DRIVERS\mbam.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMSwissArmy - C:\Windows\System32\Drivers\mbamswissarmy.sys (sign: 'Microsoft' - Malwarebytes)
O23 - Driver R3: MBAMWebProtection - C:\Windows\system32\DRIVERS\mwac.sys (sign: 'Malwarebytes Inc.')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp')
O23 - Driver R3: Realtek Wireless LAN 802.11n USB 2.0 Network Adapter - (RtlWlanu) - C:\Windows\System32\drivers\rtl8188gu.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: "Intel(R) Display Audio" ; {PlaceHolder="Display Audio","High Definition Audio"} - (IntcDAud) - C:\Windows\system32\DRIVERS\IntcDAud.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed)
O23 - Driver S3: igfx - C:\Windows\system32\DRIVERS\igdkmd64.sys (sign: 'Intel Corporation - pGFX')
O23 - Driver S3: Intel WiDi Audio Device - (intaud_WaveExtensible) - C:\Windows\system32\drivers\intelaud.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: pwdspio - C:\Windows\system32\pwdspio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: USB RNDIS6 Adapter - (usbrndis6) - C:\Windows\System32\drivers\usb80236.sys (+safe mode) (not signed)
O23 - Driver S3: USB Scanner Driver - (usbscan) - C:\Windows\System32\drivers\usbscan.sys (+safe mode) (not signed)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RtlWlanu'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'usbrndis6'
--
End of file - Time spent: 40 sec. - 41692 bytes, CRC32: FFFFFFFF. Sign: 蔙ฬ
è indicato li...
O22 - Tasks: ScreenBrightnessRestore - C:\Program Files (x86)\ScreenDim\ScreenDim.exe restore (not signed)
prova ad uppare quel file su https://www.virustotal.com/gui/home/upload e vedi che trovano.
O22 - Tasks: ScreenBrightnessRestore - C:\Program Files (x86)\ScreenDim\ScreenDim.exe restore (not signed)
prova ad uppare quel file su https://www.virustotal.com/gui/home/upload e vedi che trovano.