HiJackThis log analysis - HijackThis.nl (2024)

Hi there, I'm new. Can you help me understanding the hijackthis log? Thank you.

Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.1.0.2

Platform: x64 Windows 10 (Home), 10.0.19045.3393 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 31.08.2023 - 15:59 (UTC+02:00)
Language: OS: English (0x809). Display: English (0x809). Non-Unicode: English (0x809)
Memory: 3903 MiB Free (52 %). CPU Loading: (13 %)
Elevated: Yes
Ran by: x_emo(group: Administrators; type: Microsoft) on DESKTOP-54LJ53H, FirstRun: yes

Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal (Secure Boot: On)
Scan mode: Environment variables

Environment variables:

[System]
ComSpec = C:\Windows\system32\cmd.exe
DriverData = C:\Windows\System32\Drivers\DriverData
OS = Windows_NT
Path = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\
PATHEXT = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE = AMD64
PSModulePath = C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
TEMP = C:\Windows\TEMP
TMP = C:\Windows\TEMP
USERNAME = SYSTEM
windir = C:\Windows
NUMBER_OF_PROCESSORS = 4
PROCESSOR_LEVEL = 6
PROCESSOR_IDENTIFIER = Intel64 Family 6 Model 142 Stepping 9, GenuineIntel
PROCESSOR_REVISION = 8e09
ZES_ENABLE_SYSMAN = 1

[User]
Path = C:\Users\x_emo\AppData\Local\Microsoft\WindowsApps;
TEMP = C:\Users\x_emo\AppData\Local\Temp
TMP = C:\Users\x_emo\AppData\Local\Temp
OneDrive = C:\Users\x_emo\OneDrive
OneDriveConsumer = C:\Users\x_emo\OneDrive

[Current process]
=:: = ::\
ALLUSERSPROFILE = C:\ProgramData
APPDATA = C:\Users\x_emo\AppData\Roaming
CommonProgramFiles = C:\Program Files (x86)\Common Files
CommonProgramFiles(x86) = C:\Program Files (x86)\Common Files
CommonProgramW6432 = C:\Program Files\Common Files
COMPUTERNAME = DESKTOP-54LJ53H
ComSpec = C:\Windows\system32\cmd.exe
DriverData = C:\Windows\System32\Drivers\DriverData
HOMEDRIVE = C:
HOMEPATH = \Users\x_emo
LOCALAPPDATA = C:\Users\x_emo\AppData\Local
LOGONSERVER = \\DESKTOP-54LJ53H
NUMBER_OF_PROCESSORS = 4
OneDrive = C:\Users\x_emo\OneDrive
OneDriveConsumer = C:\Users\x_emo\OneDrive
OS = Windows_NT
Path = C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\x_emo\AppData\Local\Microsoft\WindowsApps
PATHEXT = .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
PROCESSOR_ARCHITECTURE = x86
PROCESSOR_ARCHITEW6432 = AMD64
PROCESSOR_IDENTIFIER = Intel64 Family 6 Model 142 Stepping 9, GenuineIntel
PROCESSOR_LEVEL = 6
PROCESSOR_REVISION = 8e09
ProgramData = C:\ProgramData
ProgramFiles = C:\Program Files (x86)
ProgramFiles(x86) = C:\Program Files (x86)
ProgramW6432 = C:\Program Files
PSModulePath = C:\Program Files\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules
PUBLIC = C:\Users\Public
SystemDrive = C:
SystemRoot = C:\Windows
TEMP = C:\Users\x_emo\AppData\Local\Temp
TMP = C:\Users\x_emo\AppData\Local\Temp
USERDOMAIN = DESKTOP-54LJ53H
USERDOMAIN_ROAMINGPROFILE = DESKTOP-54LJ53H
USERNAME = x_emo
USERPROFILE = C:\Users\x_emo
windir = C:\Windows
ZES_ENABLE_SYSMAN = 1
__COMPAT_LAYER = DetectorsAppHealth Installer

Special folders:

[CLSID]
3D Objects = C:\Users\x_emo\3D Objects
AccountPictures = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\AccountPictures
Administrative Tools = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
AppData = C:\Users\x_emo\AppData\Roaming
AppDataDesktop = C:\Users\x_emo\AppData\Local\Desktop
AppDataDocuments = C:\Users\x_emo\AppData\Local\Documents
AppDataFavorites = C:\Users\x_emo\AppData\Local\Favorites
AppDataProgramData = C:\Users\x_emo\AppData\Local\ProgramData
Application Shortcuts = C:\Users\x_emo\AppData\Local\Microsoft\Windows\Application Shortcuts
AppMods = C:\Users\x_emo\AppMods
Cache = C:\Users\x_emo\AppData\Local\Microsoft\Windows\INetCache
Camera Roll = C:\Users\x_emo\Pictures\Camera Roll
CameraRollLibrary = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries\CameraRoll.library-ms
Captures = C:\Users\x_emo\Videos\Captures
CD Burning = C:\Users\x_emo\AppData\Local\Microsoft\Windows\Burn\Burn
Common Administrative Tools = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common AppData = C:\ProgramData
Common Desktop = C:\Users\Public\Desktop
Common Documents = C:\Users\Public\Documents
Common Programs = C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Common Start Menu = C:\ProgramData\Microsoft\Windows\Start Menu
Common Start Menu Places = C:\ProgramData\Microsoft\Windows\Start Menu Places
Common Startup = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
Common Templates = C:\ProgramData\Microsoft\Windows\Templates
CommonDownloads = C:\Users\Public\Downloads
CommonMusic = C:\Users\Public\Music
CommonPictures = C:\Users\Public\Pictures
CommonRingtones = C:\ProgramData\Microsoft\Windows\Ringtones
CommonVideo = C:\Users\Public\Videos
Contacts = C:\Users\x_emo\Contacts
Cookies = C:\Users\x_emo\AppData\Local\Microsoft\Windows\INetCookies
CredentialManager = C:\Users\x_emo\AppData\Roaming\Microsoft\Credentials
CryptoKeys = C:\Users\x_emo\AppData\Roaming\Microsoft\Crypto
Desktop = C:\Users\x_emo\Desktop
Development Files = C:\Users\x_emo\AppData\Local\DevelopmentFiles
Device Metadata Store = C:\ProgramData\Microsoft\Windows\DeviceMetadataStore
DocumentsLibrary = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
Downloads = C:\Users\x_emo\Downloads
DpapiKeys = C:\Users\x_emo\AppData\Roaming\Microsoft\Protect
Favorites = C:\Users\x_emo\Favorites
Fonts = C:\Windows\Fonts
GameTasks = C:\Users\x_emo\AppData\Local\Microsoft\Windows\GameExplorer
History = C:\Users\x_emo\AppData\Local\Microsoft\Windows\History
ImplicitAppShortcuts = C:\Users\x_emo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts
Libraries = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries
Links = C:\Users\x_emo\Links
Local AppData = C:\Users\x_emo\AppData\Local
Local Documents = C:\Users\x_emo\Documents
Local Downloads = C:\Users\x_emo\Downloads
Local Music = C:\Users\x_emo\Music
Local Pictures = C:\Users\x_emo\Pictures
Local Videos = C:\Users\x_emo\Videos
LocalAppDataLow = C:\Users\x_emo\AppData\LocalLow
LocalizedResourcesDir = C:\Windows\resources\0809
MusicLibrary = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries\Music.library-ms
My Music = C:\Users\x_emo\Music
My Pictures = C:\Users\x_emo\Pictures
My Video = C:\Users\x_emo\Videos
NetHood = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Network Shortcuts
OEM Links = C:\ProgramData\OEM Links
OneDrive = C:\Users\x_emo\OneDrive
OneDriveCameraRoll = C:\Users\x_emo\OneDrive\Pictures\Camera Roll
OneDriveDocuments = C:\Users\x_emo\OneDrive\Documents
OneDriveMusic = C:\Users\x_emo\OneDrive\Music
OneDrivePictures = C:\Users\x_emo\OneDrive\Pictures
Original Images = C:\Users\x_emo\AppData\Local\Microsoft\Windows Photo Gallery\Original Images
Personal = C:\Users\x_emo\Documents
PhotoAlbums = C:\Users\x_emo\Pictures\Slide Shows
PicturesLibrary = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries\Pictures.library-ms
Playlists = C:\Users\x_emo\Music\Playlists
PrintHood = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Profile = C:\Users\x_emo
ProgramFiles = C:\Program Files (x86)
ProgramFilesCommon = C:\Program Files (x86)\Common Files
ProgramFilesCommonX86 = C:\Program Files (x86)\Common Files
ProgramFilesX86 = C:\Program Files (x86)
Programs = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Public = C:\Users\Public
PublicAccountPictures = C:\Users\Public\AccountPictures
PublicGameTasks = C:\ProgramData\Microsoft\Windows\GameExplorer
PublicLibraries = C:\Users\Public\Libraries
Quick Launch = C:\Users\x_emo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch
Recent = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Recent
Recorded Calls = C:\Users\x_emo\Recorded Calls
RecordedTVLibrary = C:\Users\Public\Libraries\RecordedTV.library-ms
ResourceDir = C:\Windows\resources
Ringtones = C:\Users\x_emo\AppData\Local\Microsoft\Windows\Ringtones
Roamed Tile Images = C:\Users\x_emo\AppData\Local\Microsoft\Windows\RoamedTileImages
Roaming Tiles = C:\Users\x_emo\AppData\Local\Microsoft\Windows\RoamingTiles
SampleMusic = C:\Users\Public\Music\Sample Music
SamplePictures = C:\Users\Public\Pictures\Sample Pictures
SampleVideos = C:\Users\Public\Videos\Sample Videos
SavedGames = C:\Users\x_emo\Saved Games
SavedPictures = C:\Users\x_emo\Pictures\Saved Pictures
SavedPicturesLibrary = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries\SavedPictures.library-ms
Screenshots = C:\Users\x_emo\Pictures\Screenshots
Searches = C:\Users\x_emo\Searches
SearchHistoryFolder = C:\Users\x_emo\AppData\Local\Microsoft\Windows\ConnectedSearch\History
SearchTemplatesFolder = C:\Users\x_emo\AppData\Local\Microsoft\Windows\ConnectedSearch\Templates
SendTo = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu
Startup = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
System = C:\Windows\system32
SystemCertificates = C:\Users\x_emo\AppData\Roaming\Microsoft\SystemCertificates
SystemX86 = C:\Windows\SysWOW64
Templates = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Templates
ThisPCDesktopFolder = C:\Users\x_emo\Desktop
User Pinned = C:\Users\x_emo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
UserProfiles = C:\Users
UserProgramFiles = C:\Users\x_emo\AppData\Local\Programs
UserProgramFilesCommon = C:\Users\x_emo\AppData\Local\Programs\Common
VideosLibrary = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries\Videos.library-ms
Windows = C:\Windows

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
AppData = %USERPROFILE%\AppData\Roaming
Cache = %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCache
Cookies = %USERPROFILE%\AppData\Local\Microsoft\Windows\INetCookies
Desktop = C:\Users\x_emo\OneDrive\Desktop
Favorites = %USERPROFILE%\Favorites
History = %USERPROFILE%\AppData\Local\Microsoft\Windows\History
Local AppData = %USERPROFILE%\AppData\Local
My Music = %USERPROFILE%\Music
My Pictures = C:\Users\x_emo\OneDrive\Immagini
My Video = %USERPROFILE%\Videos
NetHood = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Network Shortcuts
Personal = C:\Users\x_emo\OneDrive\Documenti
PrintHood = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
Programs = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Recent = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Recent
SendTo = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu
Startup = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Templates = %USERPROFILE%\AppData\Roaming\Microsoft\Windows\Templates
{374DE290-123F-4565-9164-39C4925E467B} = %USERPROFILE%\Downloads
{24D89E24-2F19-4534-9DDE-6A6671FBB8FE} = C:\Users\x_emo\OneDrive\Documenti
{339719B5-8C47-4894-94C2-D8F77ADD44A6} = C:\Users\x_emo\OneDrive\Immagini
{767E6811-49CB-4273-87C2-20F355E1085B} = C:\Users\x_emo\OneDrive\Immagini\Rullino
{F42EE2D3-909F-4907-8871-4C22FC0BF756} = C:\Users\x_emo\OneDrive\Documenti
{0DDD015D-B06C-45D5-8C4C-F59713854639} = C:\Users\x_emo\OneDrive\Immagini
{B7BEDE81-DF94-4682-A7D8-57A52620B86F} = C:\Users\x_emo\OneDrive\Immagini\Catture di schermata
{AB5FB87B-7CE2-4F83-915D-550846C9537B} = C:\Users\x_emo\OneDrive\Immagini\Rullino

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
AppData = C:\Users\x_emo\AppData\Roaming
Local AppData = C:\Users\x_emo\AppData\Local
CD Burning = C:\Users\x_emo\AppData\Local\Microsoft\Windows\Burn\Burn
{1B3EA5DC-B587-4786-B4EF-BD1DC332AEAE} = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Libraries
My Video = C:\Users\x_emo\Videos
My Pictures = C:\Users\x_emo\OneDrive\Immagini
Desktop = C:\Users\x_emo\OneDrive\Desktop
History = C:\Users\x_emo\AppData\Local\Microsoft\Windows\History
NetHood = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Network Shortcuts
{56784854-C6CB-462B-8169-88E350ACB882} = C:\Users\x_emo\Contacts
{00BCFC5A-ED94-4E48-96A1-3F6217F21990} = C:\Users\x_emo\AppData\Local\Microsoft\Windows\RoamingTiles
Cookies = C:\Users\x_emo\AppData\Local\Microsoft\Windows\INetCookies
Favorites = C:\Users\x_emo\Favorites
SendTo = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\SendTo
Start Menu = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu
My Music = C:\Users\x_emo\Music
Programs = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
Recent = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Recent
PrintHood = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Printer Shortcuts
{7D1D3A04-DEBB-4115-95CF-2F29DA2920DA} = C:\Users\x_emo\Searches
{374DE290-123F-4565-9164-39C4925E467B} = C:\Users\x_emo\Downloads
{A520A1A4-1780-4FF6-BD18-167343C5AF16} = C:\Users\x_emo\AppData\LocalLow
Startup = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Administrative Tools = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Personal = C:\Users\x_emo\OneDrive\Documenti
{BFB9D5E0-C6A9-404C-B2B2-AE6DB6AF4968} = C:\Users\x_emo\Links
Cache = C:\Users\x_emo\AppData\Local\Microsoft\Windows\INetCache
Templates = C:\Users\x_emo\AppData\Roaming\Microsoft\Windows\Templates
{4C5C32FF-BB9D-43B0-B5B4-2D72E54EAAA4} = C:\Users\x_emo\Saved Games
Fonts = C:\Windows\Fonts

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
Common AppData = %ProgramData%
Common Desktop = %PUBLIC%\Desktop
Common Documents = %PUBLIC%\Documents
Common Programs = %ProgramData%\Microsoft\Windows\Start Menu\Programs
Common Start Menu = %ProgramData%\Microsoft\Windows\Start Menu
Common Startup = %ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup
Common Templates = %ProgramData%\Microsoft\Windows\Templates
CommonMusic = %PUBLIC%\Music
CommonPictures = %PUBLIC%\Pictures
CommonVideo = %PUBLIC%\Videos
{3D644C9B-1FB8-4f30-9B45-F670235F79C0} = %PUBLIC%\Downloads

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
Common Administrative Tools = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools
Common AppData = C:\ProgramData
Common Desktop = C:\Users\Public\Desktop
Common Documents = C:\Users\Public\Documents
Common Programs = C:\ProgramData\Microsoft\Windows\Start Menu\Programs
Common Start Menu = C:\ProgramData\Microsoft\Windows\Start Menu
Common Startup = C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Common Templates = C:\ProgramData\Microsoft\Windows\Templates
CommonMusic = C:\Users\Public\Music
CommonPictures = C:\Users\Public\Pictures
CommonVideo = C:\Users\Public\Videos
OEM Links = C:\ProgramData\OEM\Links

Running processes:
Number | Path
40 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23080.2006-0\NisSrv.exe
1 C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\21.220.1024.0005\FileCoAuth.exe
1 C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\x_emo\Downloads\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\regedit.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\CompPkgSrv.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\drivers\AdminService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_6F1D71E81534CE933752BDD40EC83EC9] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (sign: 'Microsoft')
O4 - HKCU\..\Run: [OneDrive] = C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Microsoft')
O17 - DHCP DNS 1: 192.168.1.1
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client" (sign: '')
O22 - Tasks: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\Windows\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server" (sign: '')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-4232117531-2657500966-1400929814-1001 - C:\Users\x_emo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O23 - Service R2: AtherosSvc - C:\Windows\System32\drivers\AdminService.exe (sign: 'Microsoft')
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHDCPSvc.exe (sign: 'Microsoft')
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_c2ac023763d5d3ad\OneApp.IGCC.WinService.exe (sign: 'Microsoft')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_38cfab2b652e4701\igfxCUIService.exe (sign: 'Microsoft')
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\IntelCpHeciSvc.exe (sign: 'Microsoft')
O23 - Driver R: (no name) - C:\Windows\System32\drivers\dump_iaStorAC.sys (file missing)
O23 - Driver R0: Intel(R) Chipset SATA/PCIe RST Premium Controller - (iaStorAC) - C:\Windows\System32\drivers\iaStorAC.sys (sign: 'Intel(R) Rapid Storage Technology')
O23 - Driver R3: "Intel(R) Smart Sound Technology (Intel(R) SST) Bus" ; {PlaceHolder="UAA","High Definition Audio"} - (IntcAudioBus) - C:\Windows\System32\drivers\IntcAudioBus.sys (sign: 'Intel(R) Smart Sound Technology')
O23 - Driver R3: Acer Airplane Mode Controller - (AcerAirplaneModeController) - C:\Windows\System32\drivers\AcerAirplaneModeController.sys (sign: 'Acer Incorporated')
O23 - Driver R3: BtFilter - C:\Windows\System32\drivers\btfilter.sys (sign: 'Qualcomm Atheros')
O23 - Driver R3: ELAN I2C Filter Driver - (ETDI2C) - C:\Windows\System32\drivers\ETDI2C.sys (sign: 'ELAN MICROELECTRONICS CORPORATION')
O23 - Driver R3: igfx - C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_51f685305808e3a5\igdkmd64.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Display Audio - (IntcDAud) - C:\Windows\System32\DriverStore\FileRepository\intcdaud.inf_amd64_718877413f6508de\IntcDAud.sys (sign: 'Intel Corporation')
O23 - Driver R3: Intel(R) Management Engine Interface - (MEIx64) - C:\Windows\System32\drivers\TeeDriverW8x64.sys (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Driver R3: Intel(R) Serial IO I2C Driver v2 - (iaLPSS2_I2C) - C:\Windows\System32\drivers\iaLPSS2_I2C.sys (+safe mode) (sign: 'Intel(R) Embedded Subsystems and IP Blocks Group')
O23 - Driver R3: Realtek PCIE Card Reader - PER - (RTSPER) - C:\Windows\System32\drivers\RtsPer.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'

--
End of file - Time spent: 43.9 sec. - 50162 bytes, CRC32: FFFFFFFF. Sign: 怦㰩