Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log risolto

Controllo log risolto Opzioni
Topic Precedente · Topic Sucessivo
carlito83
Inviato: Tuesday, January 28, 2020 1:01:28 PM
Rank: AiutAmico

Iscritto dal : 3/28/2012
Posts: 72
In "task manager" mi appare il file WPFFONTcache_v0400.exe che consuma CPU;sono costretto ogni volta, ad eliminarlo manualmente. Temo che ci sia un malware. Ho provato con ANTIMALWARE ma senza successo. Vorrei sottoporvi questo log per verificare se ci sono problematiche:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time: 28.01.2020 - 12:26 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Ran by: carlo (group: Administrator) on CASA, FirstRun: no

Chrome: 49.0.2623.112
Firefox: 52.9.0.6746
Internet Explorer: 8.0.6001.18702
Default: "C:\Programmi\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Documents and Settings\carlo\Desktop\HijackThis.exe
1 C:\Programmi\Agnitum\Outpost Firewall\acs.exe
1 C:\Programmi\Agnitum\Outpost Firewall\feedback.exe
1 C:\Programmi\Agnitum\Outpost Firewall\op_mon.exe
1 C:\Programmi\Avira\Antivirus\avgnt.exe
1 C:\Programmi\Avira\Antivirus\avguard.exe
1 C:\Programmi\Avira\Antivirus\avshadow.exe
1 C:\Programmi\Avira\Antivirus\sched.exe
1 C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe
1 C:\Programmi\Avira\Launcher\Avira.Systray.exe
1 C:\Programmi\Bonjour\mDNSResponder.exe
1 C:\Programmi\CCleaner\CCleaner.exe
1 C:\Programmi\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
1 C:\Programmi\Canon\Quick Menu\CNQMMAIN.EXE
1 C:\Programmi\Canon\Quick Menu\CNQMSWCS.exe
1 C:\Programmi\Canon\Quick Menu\CNQMUPDT.EXE
1 C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Programmi\Fujitsu\Wireless_Utility\Wireless Selector.exe
7 C:\Programmi\Google\Chrome\Application\chrome.exe
1 C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1 C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
1 C:\Programmi\Softland\FBackup 5\bService.exe
1 C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
1 C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
1 C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
1 C:\WINDOWS\Explorer.EXE
1 C:\WINDOWS\System32\alg.exe
1 C:\WINDOWS\System32\smss.exe
6 C:\WINDOWS\System32\svchost.exe
1 C:\WINDOWS\system32\csrss.exe
1 C:\WINDOWS\system32\ctfmon.exe
1 C:\WINDOWS\system32\lsass.exe
1 C:\WINDOWS\system32\nvsvc32.exe
1 C:\WINDOWS\system32\services.exe
1 C:\WINDOWS\system32\spoolsv.exe
1 C:\WINDOWS\system32\taskmgr.exe
1 C:\WINDOWS\system32\winlogon.exe
1 C:\WINDOWS\system32\wscntfy.exe
1 c:\programmi\WiperSoft\WiperSoft.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://it.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Collegamenti
R3 - HKU\S-1-5-21-1343024091-1801674531-839522115-1005: Default URLSearchHook is missing
O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexbho.dll
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Programmi\CCleaner\CCleaner.exe /MONITOR
O4 - HKCU\..\Run: [FBackup 5 Tray Agent] = C:\Programmi\Softland\FBackup 5\bTray.exe
O4 - HKLM\..\Run: [Adobe ARM] = C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] = C:\Programmi\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [CanonQuickMenu] = C:\Programmi\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] = C:\Programmi\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [KernelFaultCheck] = C:\WINDOWS\system32\dumprep.exe 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] = C:\WINDOWS\system32\NvCpl.dll C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OutpostFeedBack] = C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] = C:\Programmi\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [SynTPEnh] = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless_Selector] = C:\Programmi\Fujitsu\Wireless_Utility\Wireless Selector.exe
O4 - HKLM\..\Run: [avgnt] = C:\Programmi\Avira\Antivirus\avgnt.exe /min
O4 - HKLM\..\Run: [nwiz] = C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - MSConfig\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan Plus.lnk [backup] => C:\Programmi\McAfee Security Scan\3.11.500\SSScheduler.exe (2018/02/22) (file missing)
O5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load: [nvcpl.cpl] (NVIDIA Control Panel Applet 2.2.225.00)
O10 - Unknown file in Winsock LSP: C:\Programmi\Bonjour\mdnsNSP.dll
O16 - DPF: HKLM\..\DirectAnimation Java Classes\DownloadInformation: [CODEBASE] = file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: HKLM\..\Microsoft XML Parser for Java\DownloadInformation: [CODEBASE] = file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellExecuteHooks: [{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}] - SABShellExecuteHook Class - C:\Programmi\SUPERAntiSpyware\SASSEH.DLL
O22 - ScheduledTask: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - ScheduledTask: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - Task (.job): (Ready) (update) Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job - C:\WINDOWS\system32\xp_eos.exe -c
O22 - Task (.job): (Ready) (update) Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job - C:\WINDOWS\system32\xp_eos.exe
O22 - Task (.job): (Ready) AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe -task
O22 - Task (.job): (Ready) Avast TUNEUP Update.job - C:\Programmi\AVAST Software\Avast Cleanup\TUNEUpdate.exe (file missing)
O22 - Task (.job): (Ready) CCleaner Update.job - C:\Programmi\CCleaner\CCUpdate.exe
O22 - Task (.job): (Ready) User_Feed_Synchronization-{6012A4B6-F73B-4C81-8E49-2F8741D8FF4B}.job - C:\WINDOWS\system32\msfeedssync.exe sync
O22 - Task (.job): (disabled) (Ready) Adobe Flash Player NPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe -check plugin
O22 - Task (.job): (disabled) (Ready) Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (.job): (disabled) (Ready) GoogleUpdateTaskMachineCore.job - C:\Programmi\Google\Update\GoogleUpdate.exe /c
O22 - Task (.job): (disabled) (Ready) GoogleUpdateTaskMachineUA.job - C:\Programmi\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task (.job): DriverCure.job - C:\Programmi\ParetoLogic\DriverCure\DriverCure.exe (file missing) -scan
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service R2: Agnitum Client Security Service - (acssrv) - C:\Programmi\Agnitum\Outpost Firewall\acs.exe
O23 - Service R2: Apple Mobile Device - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: Avira Pianificatore - (AntiVirSchedulerService) - C:\Programmi\Avira\Antivirus\sched.exe
O23 - Service R2: Avira Protezione in tempo reale - (AntiVirService) - C:\Programmi\Avira\Antivirus\avguard.exe
O23 - Service R2: Avira Service Host - (Avira.ServiceHost) - C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service R2: FBackup 5 Service - (FBackup5Srv) - C:\Programmi\Softland\FBackup 5\bService.exe -name:"FBackup5Srv" -disp:"FBackup 5 Service"
O23 - Service R2: NVIDIA Driver Helper Service - (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service R2: NVIDIA Update Service Daemon - (nvUpdatusService) - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service R2: Network WanMiniport First Position - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service S2: Avira Protezione email - (AntiVirMailService) - C:\Programmi\Avira\Antivirus\avmailc.exe
O23 - Service S2: Avira Protezione web - (AntiVirWebService) - C:\Programmi\Avira\Antivirus\AVWEBGRD.EXE
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Programmi\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Office Source Engine - (ose) - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Programmi\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: iPod Service - C:\Programmi\iPod\bin\iPodService.exe


--
Torna in alto
 
Sponsor
Inviato: Tuesday, January 28, 2020 1:01:28 PM

 
Torna in alto
 
cbbusto
Inviato: Tuesday, January 28, 2020 3:36:38 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Di grossi problemi non se ne vedono, ci sono dei programmi inutili e troppi programmi in Avvio, ma il problema è che usi ancora il vecchio XP e navigare è molto pericoloso.
Ti elenco i file da fixare ed eliminare:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://it.yahoo.com?fr=hp-avast&type=avastbcl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Collegamenti
R3 - HKU\S-1-5-21-1343024091-1801674531-839522115-1005: Default URLSearchHook is missing
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Programmi\CCleaner\CCleaner.exe /MONITOR
O4 - HKCU\..\Run: [FBackup 5 Tray Agent] = C:\Programmi\Softland\FBackup 5\bTray.exe
O4 - HKLM\..\Run: [Adobe ARM] = C:\Programmi\File comuni\Adobe\ARM\1.0\AdobeARM.exe
O4 - HKLM\..\Run: [CanonQuickMenu] = C:\Programmi\Canon\Quick Menu\CNQMMAIN.EXE /logon
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] = C:\Programmi\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [KernelFaultCheck] = C:\WINDOWS\system32\dumprep.exe 0 -k
O4 - HKLM\..\Run: [NvCplDaemon] = C:\WINDOWS\system32\NvCpl.dll C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [OutpostFeedBack] = C:\Programmi\Agnitum\Outpost Firewall\feedback.exe /dump:os_startup
O4 - HKLM\..\Run: [OutpostMonitor] = C:\Programmi\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice
O4 - HKLM\..\Run: [SynTPEnh] = C:\Programmi\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless_Selector] = C:\Programmi\Fujitsu\Wireless_Utility\Wireless Selector.exe
O4 - HKLM\..\Run: [nwiz] = C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - MSConfig\startupfolder: C:^Documents and Settings^All Users^Menu Avvio^Programmi^Esecuzione automatica^McAfee Security Scan Plus.lnk [backup] =>
O22 - Task (.job): (Ready) Avast TUNEUP Update.job - C:\Programmi\AVAST Software\Avast Cleanup\TUNEUpdate.exe (file missing)
Poi fai queste scansioni:

Scarica Adwcleaner sul desktop: http://www.bleepingcomputer.com/download/adwcleaner/
Per il download cliccare su: Download now
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Analisi".
Finita la scansione clicca su "Pulizia"
Conferma con OK le varie finestre che ti compariranno.
Riavvia il pc e uscirà il log con le eliminazioni.
Postalo qui.
ADW crea un backup dei files e delle impostazioni eliminati, si trova in "C:\AdwCleaner\Quarantine" in modo da consentire l'eventuale ripristino di dati erroneamente cancellati.

Scarica Junkware Removal Tool sul desktop.
http://junkware-removal-tool.it.uptodown.com/download
Il download dovrebbe partire entro 5 secondi
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.
Poi pulizia del Registro:

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.

WPFFONTcache_v0400.exe è un prodotto Microsoft® .NET Framework è sicuro e non va eliminato.
Torna in alto
 
carlito83
Inviato: Tuesday, January 28, 2020 6:52:28 PM
Rank: AiutAmico

Iscritto dal : 3/28/2012
Posts: 72
Come suggerito ho eseguito il FIX del log Hijckthis;
ho scaricato ADWCLEANER ma non ho potuto eseguirlo (errore: adwcleaner.exe non è un'applicazione di Win 32 valida).
ho scaricato ed eseguito JRT

posto il log:
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Microsoft Windows XP x86
Ran by carlo (Administrator) on 28/01/2020 at 17.18.58,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 4

Successfully deleted: C:\Documents and Settings\carlo\Dati applicazioni\drivercure (Folder)
Successfully deleted: C:\Programmi\mozilla firefox\defaults\pref\itms.js (File)
Successfully deleted: C:\WINDOWS\Tasks\DriverCure.job (Task)
Successfully deleted: C:\WINDOWS\System32\REN28.tmp (File)



Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)
Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\Search\\SearchAssistant (Registry Value)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/01/2020 at 17.20.44,06
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

ho scaricato Eusing Free Registry Cleaner eseguito ed effettuatala riparazione dei registri

ho nuovamente eseguito HiJackThis; questo il log:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time: 28.01.2020 - 18:48 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Ran by: carlo (group: Administrator) on CASA, FirstRun: no

Chrome: 49.0.2623.112
Firefox: 52.9.0.6746
Internet Explorer: 8.0.6001.18702
Default: "C:\Programmi\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Documents and Settings\carlo\Desktop\HijackThis.exe
1 C:\Programmi\Agnitum\Outpost Firewall\acs.exe
1 C:\Programmi\Avira\Antivirus\avgnt.exe
1 C:\Programmi\Avira\Antivirus\avguard.exe
1 C:\Programmi\Avira\Antivirus\avshadow.exe
1 C:\Programmi\Avira\Antivirus\sched.exe
1 C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe
1 C:\Programmi\Avira\Launcher\Avira.Systray.exe
1 C:\Programmi\Bonjour\mDNSResponder.exe
1 C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Programmi\Fujitsu\Wireless_Utility\Wireless Selector.exe
4 C:\Programmi\Google\Chrome\Application\chrome.exe
1 C:\Programmi\Microsoft Office\OFFICE11\WINWORD.EXE
1 C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
1 C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
1 C:\Programmi\Softland\FBackup 5\bService.exe
1 C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
1 C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
1 C:\Programmi\WiperSoft\WiperSoft.exe
1 C:\WINDOWS\Explorer.EXE
1 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
1 C:\WINDOWS\System32\alg.exe
1 C:\WINDOWS\System32\smss.exe
6 C:\WINDOWS\System32\svchost.exe
2 C:\WINDOWS\system32\NOTEPAD.EXE
1 C:\WINDOWS\system32\csrss.exe
1 C:\WINDOWS\system32\ctfmon.exe
1 C:\WINDOWS\system32\lsass.exe
1 C:\WINDOWS\system32\nvsvc32.exe
1 C:\WINDOWS\system32\services.exe
1 C:\WINDOWS\system32\spoolsv.exe
1 C:\WINDOWS\system32\winlogon.exe
1 C:\WINDOWS\system32\wscntfy.exe

O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Programmi\Canon\Easy-WebPrint EX\ewpexbho.dll
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] = C:\Programmi\Avira\Launcher\Avira.SystrayStartTrigger.exe
O4 - HKLM\..\Run: [NvCplDaemon] = C:\WINDOWS\system32\NvCpl.dll C:\WINDOWS\system32\NvCpl.dll,NvStartup (file missing)
O4 - HKLM\..\Run: [OutpostMonitor] = C:\Programmi\Agnitum\Outpost Firewall\op_mon.exe /tray /noservice (file missing)
O4 - HKLM\..\Run: [Wireless_Selector] = C:\Programmi\Fujitsu\Wireless_Utility\Wireless Selector.exe
O4 - HKLM\..\Run: [avgnt] = C:\Programmi\Avira\Antivirus\avgnt.exe /min
O4 - HKLM\..\Run: [nwiz] = C:\Programmi\NVIDIA Corporation\nview\nwiz.exe /installquiet
O5 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Control Panel\don't load: [nvcpl.cpl] (NVIDIA Control Panel Applet 2.2.225.00)
O10 - Unknown file in Winsock LSP: C:\Programmi\Bonjour\mdnsNSP.dll
O16 - DPF: HKLM\..\DirectAnimation Java Classes\DownloadInformation: [CODEBASE] = file://C:\WINDOWS\Java\classes\dajava.cab
O16 - DPF: HKLM\..\Microsoft XML Parser for Java\DownloadInformation: [CODEBASE] = file://C:\WINDOWS\Java\classes\xmldso.cab
O16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0071-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_71-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-00111-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0040-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_40-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_111-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellExecuteHooks: [{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}] - (no name) - (no file)
O22 - ScheduledTask: Daemon di cache delle categorie di componenti - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - ScheduledTask: Precaricatore Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - Task (.job): (Ready) (update) Notifica di interruzione del servizio per Microsoft Windows XP - Accesso.job - C:\WINDOWS\system32\xp_eos.exe -c
O22 - Task (.job): (Ready) (update) Notifica di interruzione del servizio per Microsoft Windows XP - Mensile.job - C:\WINDOWS\system32\xp_eos.exe
O22 - Task (.job): (Ready) AppleSoftwareUpdate.job - C:\Programmi\Apple Software Update\SoftwareUpdate.exe -task
O22 - Task (.job): (Ready) CCleaner Update.job - C:\Programmi\CCleaner\CCUpdate.exe
O22 - Task (.job): (Ready) User_Feed_Synchronization-{6012A4B6-F73B-4C81-8E49-2F8741D8FF4B}.job - C:\WINDOWS\system32\msfeedssync.exe sync
O22 - Task (.job): (disabled) (Ready) Adobe Flash Player NPAPI Notifier.job - C:\WINDOWS\system32\Macromed\Flash\FlashUtil32_32_0_0_321_Plugin.exe -check plugin
O22 - Task (.job): (disabled) (Ready) Adobe Flash Player Updater.job - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task (.job): (disabled) (Ready) GoogleUpdateTaskMachineCore.job - C:\Programmi\Google\Update\GoogleUpdate.exe /c
O22 - Task (.job): (disabled) (Ready) GoogleUpdateTaskMachineUA.job - C:\Programmi\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Programmi\Bonjour\mDNSResponder.exe
O23 - Service R2: Agnitum Client Security Service - (acssrv) - C:\Programmi\Agnitum\Outpost Firewall\acs.exe
O23 - Service R2: Apple Mobile Device - C:\Programmi\File comuni\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: Avira Pianificatore - (AntiVirSchedulerService) - C:\Programmi\Avira\Antivirus\sched.exe
O23 - Service R2: Avira Protezione in tempo reale - (AntiVirService) - C:\Programmi\Avira\Antivirus\avguard.exe
O23 - Service R2: Avira Service Host - (Avira.ServiceHost) - C:\Programmi\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service R2: FBackup 5 Service - (FBackup5Srv) - C:\Programmi\Softland\FBackup 5\bService.exe -name:"FBackup5Srv" -disp:"FBackup 5 Service"
O23 - Service R2: NVIDIA Driver Helper Service - (NVSvc) - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service R2: NVIDIA Update Service Daemon - (nvUpdatusService) - C:\Programmi\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service R2: Network WanMiniport First Position - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Programmi\SUPERAntiSpyware\SASCORE.EXE
O23 - Service S2: Avira Protezione email - (AntiVirMailService) - C:\Programmi\Avira\Antivirus\avmailc.exe
O23 - Service S2: Avira Protezione web - (AntiVirWebService) - C:\Programmi\Avira\Antivirus\AVWEBGRD.EXE
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Programmi\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Programmi\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Office Source Engine - (ose) - C:\Programmi\File comuni\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Programmi\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: iPod Service - C:\Programmi\iPod\bin\iPodService.exe


--
End of file - Time spent: 3,6 sec. - 16490 bytes, CRC32: FFFFFFFF. Sign: 잲ꗋ


Ancora persiste il problema. c'è ancora qualcosa che posso fare ho contino manualmente a "terminare il processo" da Task Manager?
Torna in alto
 
wolfestein
Inviato: Tuesday, January 28, 2020 10:19:36 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948
In ESEGUI digita msconfig,vai nella sezione avvio e se vedi il file WPFFONTcache_v0400.exe disabilitalo.
Torna in alto
 
cbbusto
Inviato: Tuesday, January 28, 2020 11:45:27 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Adwcleaner per xp scaricalo da qui: https://filehippo.com/it/download_adwcleaner/ clic su scarica l'ultima versione, che è la 7.3.0.0, attento a non installare Avast. Speak to the hand
Torna in alto
 
carlito83
Inviato: Thursday, January 30, 2020 6:05:10 PM
Rank: AiutAmico

Iscritto dal : 3/28/2012
Posts: 72
Ancora persiste...

Ulteriori informazioni:

- dopo che in TASK MANAGER termino il processo "WPFFONTcache_v0400.exe" (per tre volte di seguito!!!) il valore dell'uso della CPU torna normale e si lavora tranquillamente fino alla chiusura o al Riavvio del SO.
- appena faccio ripartire il SO torna il problema;
- ciò mi fa pensare a problemi di "AVVIO". ho provato, come suggerito, ad eseguire MSCONFIG ===> AVVIO ma non ho trovato questo .exe

Cosa posso controllare ancora?
Torna in alto
 
carlito83
Inviato: Saturday, March 14, 2020 9:44:12 AM
Rank: AiutAmico

Iscritto dal : 3/28/2012
Posts: 72
RISOLTO

Sono stati disabilitati 2 servizi: windows presentation foundation font cache 3.0.0.0 e 4.0.0.0
con questa sequenza:
Pannello di Controllo ===> serv di amm.ne ===> servizi
trovati i 2 servizi: "clic tasto dx mouse" ===> proprietà ===> "in tipo avvio" selez Disabilitato


Ringrazio tutti
Saluti[/quote]
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Controllo log risolto


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.