pastefile1
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.30
Platform: x64 Windows 11 (Pro), 10.0.22631.3737 (ReleaseId: 2009, 23H2), Service Pack: 0
Time: 25.06.2024 - 09:51 (UTC-07:00)
Language: OS: English (0x409). Display: English (0x409). Non-Unicode: English (0x409)
Memory: 18909 MiB Free (43 %). CPU Loading: (3 %)
Elevated: No
Ran by: gengh (group: Limited Users) on DESKTOP-KBU6161, FirstRun: yes
Chrome: 122.0.6261.112
Internet Explorer: 11.0.22621.3527
Default: "C:\Users\gengh\AppData\Local\Programs\Opera GX\Launcher.exe" -noautoupdate -- "%1" (Opera GX Internet Browser)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\126.0.2592.68\msedgewebview2.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
1 C:\Program Files (x86)\Sophos\Sophos Home\SophosUI.exe
1 C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe
2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
3 C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA Share.exe
1 C:\Program Files\NVIDIA Corporation\ShadowPlay\nvsphelper64.exe
1 C:\Program Files\Positive Grid\USB Audio Device Driver\W10_x64\Spark40USBAudioDriverCpl.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.5142.0_x64__8wekyb3d8bbwe\GameBar.exe
1 C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_7.124.5142.0_x64__8wekyb3d8bbwe\GameBarFTServer.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24051.101.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.13200.20.0_x64__cw5n1h2txyewy\Dashboard\WidgetService.exe
1 C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
5 C:\ProgramData\Wargaming.net\GameCenter\dlls\wgc_renderer_host.exe
1 C:\ProgramData\Wargaming.net\GameCenter\wargamingerrormonitor.exe
1 C:\ProgramData\Wargaming.net\GameCenter\wgc.exe
1 C:\Users\gengh\.lunarclient\jre\56e53accb20696f802d92bd011174126b5e3154e\zulu21.30.15-ca-jre21.0.1-win_x64\bin\javaw.exe
6 C:\Users\gengh\AppData\Local\Discord\app-1.0.9151\Discord.exe
1 C:\Users\gengh\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
5 C:\Users\gengh\AppData\Local\Programs\launcher\Lunar Client.exe
1 C:\Users\gengh\AppData\Local\Programs\Opera GX\109.0.5097.142\opera_crashreporter.exe
30 C:\Users\gengh\AppData\Local\Programs\Opera GX\opera.exe
1 C:\Windows\explorer.exe
1 C:\WINDOWS\system32\AggregatorHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\WINDOWS\system32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\WINDOWS\system32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\WINDOWS\system32\dwm.exe
2 C:\WINDOWS\system32\fontdrvhost.exe
1 C:\Windows\System32\GameBarPresenceWriter.exe
2 C:\WINDOWS\system32\GameInputSvc.exe
1 C:\Windows\System32\LocationNotificationWindows.exe
1 C:\WINDOWS\system32\LsaIso.exe
1 C:\WINDOWS\system32\lsass.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\WINDOWS\system32\SearchIndexer.exe
1 C:\WINDOWS\system32\SearchProtocolHost.exe
1 C:\WINDOWS\system32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\WINDOWS\system32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\WINDOWS\system32\smss.exe
1 C:\WINDOWS\system32\spoolsv.exe
89 C:\WINDOWS\system32\svchost.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
2 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\Wbem\WmiPrvSE.exe
1 C:\WINDOWS\system32\wininit.exe
1 C:\WINDOWS\system32\winlogon.exe
1 C:\WINDOWS\system32\WUDFHost.exe
1 C:\Windows\System32\xgamehelper.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 D:\Downloads\GOG Galaxy\GalaxyClient Helper.exe
1 D:\Downloads\GOG Galaxy\GalaxyClient.exe
1 D:\Downloads\GOG Galaxy\GOG Galaxy Notifications Renderer.exe
1 D:\Downloads\scoped_dir5016_1525157333\HiJackThis.exe
4 E:\Spanish HW\steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 E:\Spanish HW\steam\steam.exe
1 gamingservices.exe
1 gamingservicesnet.exe
1 hmpalert.exe
1 jhi_service.exe
1 LMS.exe
1 McsAgent.exe
1 McsClient.exe
1 Memory Compression
1 nvcontainer.exe
2 NVDisplay.Container.exe
1 OfficeClickToRun.exe
1 PsiService_2.exe
1 Registry
1 Secure System
1 SEDService.exe
2 SophosFileScanner.exe
1 SophosFS.exe
1 SophosHealth.exe
1 SophosNetFilter.exe
1 SophosNtpService.exe
1 SSPService.exe
1 SteamService.exe
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre-1.8\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre-1.8\bin\ssv.dll
O4 - HKCU\..\Run: [Discord] = C:\Users\gengh\AppData\Local\Discord\Update.exe --processStart Discord.exe
O4 - HKCU\..\Run: [Gaijin.Net Updater] = C:\Users\gengh\AppData\Local\Gaijin\Program Files (x86)\NetAgent\gjagent.exe
O4 - HKCU\..\Run: [GogGalaxy] = D:\Downloads\GOG Galaxy\GalaxyClient.exe /launchViaAutoStart
O4 - HKCU\..\Run: [Lunar Client] = C:\Users\gengh\AppData\Local\Programs\launcher\Lunar Client.exe --hidden
O4 - HKCU\..\Run: [Opera GX Browser Assistant] = C:\Users\gengh\AppData\Local\Programs\Opera GX\assistant\browser_assistant.exe
O4 - HKCU\..\Run: [Wargaming.net Game Center] = C:\ProgramData\Wargaming.net\GameCenter\wgc.exe --background
O4 - HKCU\..\StartupApproved\Run: [EpicGamesLauncher] = C:\Program Files (x86)\Epic Games\Launcher\Portal\Binaries\Win64\EpicGamesLauncher.exe -silent -launchcontext=boot (2021/10/31)
O4 - HKCU\..\StartupApproved\Run: [Medal] = C:\Users\gengh\AppData\Local\Medal\update.exe --processStart "Medal.exe" (2023/06/04)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_82C7A6C4E9BB08E50DD713B38A785675] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2021/10/31)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background (2021/10/31)
O4 - HKCU\..\StartupApproved\Run: [RiotClient] = E:\Spanish HW\Riot Games\Riot Client\RiotClientServices.exe --launch-background-mode (file missing) (2023/07/13)
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\StartupApproved\Run: [Riot Vanguard] = C:\Program Files\Riot Vanguard\vgtray.exe (2024/02/04)
O4 - HKLM\..\StartupApproved\Run32: [Aimersoft Helper Compact.exe] = C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe (2024/03/24)
O4 - HKLM\..\StartupApproved\Run32: [Thecus Smart Utility] = C:\Program Files (x86)\Thecus\Thecus Smart Utility\Thecus Smart Utility.exe -minimize (2024/03/24)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Positive Grid USB Audio Device Control Panel Autostart.lnk -> C:\Program Files\Positive Grid\USB Audio Device Driver\W10_x64\Spark40USBAudioDriverCpl.exe -hide
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Yeti Pro Control Panel Autostart.lnk -> C:\Program Files\BLUE\Yeti_Pro_Driver\YetiProControlPanel.exe -hide
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O15 - Trusted Zone: https://basised-files.sharepoint.com
O15 - Trusted Zone: https://basised-myfiles.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{0e90cdb1-5039-4822-8412-7ee523518b52}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{0e90cdb1-5039-4822-8412-7ee523518b52}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Users\nickj\AppData\Local\MEGAsync\ShellExtX64.dll (file missing)
O23 - Service R2: Corel License Validation Service V2, Powered by arvato - (PSI_SVC_2) - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_22.90.5001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: HitmanPro.Alert service - (hmpalertsvc) - C:\Program Files (x86)\HitmanPro.Alert\hmpalert.exe /service
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_af50fdb80983f7bc\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\WINDOWS\System32\DriverStore\FileRepository\lms.inf_amd64_a55aa2cd52a3429d\LMS.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\WINDOWS\System32\DriverStore\FileRepository\nvmdsi.inf_amd64_eed7905c74f2d7e6\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\WINDOWS\System32\DriverStore\FileRepository\nvmdsi.inf_amd64_eed7905c74f2d7e6\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem /ert
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll" -ert
O23 - Service R2: Sophos Endpoint Defense Service - C:\Program Files\Sophos\Endpoint Defense\SEDService.exe
O23 - Service R2: Sophos File Scanner Service - C:\Program Files\Sophos\Sophos File Scanner\SophosFS.exe
O23 - Service R2: Sophos Health Service - C:\Program Files (x86)\Sophos\Health\SophosHealth.exe
O23 - Service R2: Sophos MCS Agent - C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsAgent.exe
O23 - Service R2: Sophos MCS Client - C:\Program Files (x86)\Sophos\Management Communications System\Endpoint\McsClient.exe
O23 - Service R2: Sophos Network Threat Protection - (SntpService) - C:\Program Files\Sophos\Sophos Network Threat Protection\SophosNtpService.exe
O23 - Service R2: Sophos System Protection Service - C:\Program Files\Sophos\Endpoint Defense\SSPService.exe
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService
O23 - Service S2: GameInput Service - C:\Program Files (x86)\Microsoft GameInput\x64\gameinputsvc.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_fc84dfa25a6a7727\lib\TPMProvisioningService.exe
O23 - Service S3: BattlEye Service - (BEService) - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
O23 - Service S3: EasyAntiCheat - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\24.111.0602.0003\FileSyncHelper.exe
O23 - Service S3: GalaxyClientService - D:\Downloads\GOG Galaxy\GalaxyClientService.exe
O23 - Service S3: GalaxyCommunication - C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe
O23 - Service S3: NVIDIA FrameView SDK service - (FvSvc) - C:\Program Files\NVIDIA Corporation\FrameViewSDK\nvfvsdksvc_x64.exe -service
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\24.111.0602.0003\OneDriveUpdaterService.exe
O23 - Service S3: vgc - C:\Program Files\Riot Vanguard\vgc.exe
--
End of file - Time spent: 8.4 sec. - 26272 bytes, CRC32: FFFFFFFF. Sign: 㺠骐