Cortesemente mi controllate il log, qualcuno invia mail a mio nome, ho eseguite le operazioni preliminari con AdwCleaned e Malwarebyt.
Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Pro), 10.0.19045.2728 (ReleaseId: 2009), Service Pack: 0
Time: 22.03.2023 - 13:16 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: bibri (group: Administrator) on DESKTOP-V99SUOU, FirstRun: yes
Chrome: 111.0.5563.65
Firefox: 104.0.2.8280
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1 C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
18 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\McAfee\WebAdvisor\browserhost.exe
1 C:\Program Files\Microsoft Office\root\Office16\WINWORD.EXE
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2310.3.0_x64__cv1g1gvanyjgm\WhatsApp.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
78 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
2 C:\Windows\explorer.exe
1 D:\Programmi Vari\Antivirus\HijackThis\HijackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] =
http://it.msn.com/?ocid=U220DHP&pc=U220R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local;127.0.0.1
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 activation.acronis.com
O1 - Hosts: 0.0.0.0 web-api-tih.acronis.com
O1 - Hosts: 0.0.0.0 web-api-tie.acronis.com
O1 - Hosts: 0.0.0.0 web-api-vmp.acronis.com
O1 - Hosts: 0.0.0.0 cloud-rs-ru2.acronis.com
O1 - Hosts: 0.0.0.0 cloud-fes-ru2.acronis.com
O1 - Hosts: 0.0.0.0 rpc.acronis.com 127.0.0.1
www.diskpart.comO1 - Hosts: 127.0.0.1
www.aomeitech.comO1 - Hosts: 127.0.0.1
http://www.driver-soft.comO1 - Hosts: 127.0.0.1
www.driver-soft.comO1 - Hosts: 127.0.0.1 account.wondershare.com
O1 - Hosts: 127.0.0.1 activation.easeus.com
O1 - Hosts: 127.0.0.1
www.easeus.comO1 - Hosts: 127.0.0.1 track.easeus.com
O1 - Hosts: 127.0.0.1 66.39.112.91
O1 - Hosts: 127.0.0.1 216.92.151.227
O1 - Hosts: 127.0.0.1 216.92.61.7
O1 - Hosts: 127.0.0.1 update.easeus.com
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.44\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.44\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: McAfee WebAdvisor - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O4 - HKCU\..\StartupApproved\Run: [CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (2021/03/20)
O4 - HKCU\..\StartupApproved\Run: [EPLTarget\P0000000000000000] = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-402 403 405 406 Series" (2021/11/20)
O4 - HKCU\..\StartupApproved\Run: [EPLTarget\P0000000000000001] = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIIJE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-402 403 405 406 Series" (2021/11/20)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_F4BAF9803FB9BD7B1094F54CA2E5DF5D] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2023/02/17)
O4 - HKLM\..\StartupApproved\Run32: [AcronisTibMounterMonitor] = C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe (2020/04/07)
O4 - HKLM\..\StartupApproved\Run32: [Nuance OmniPage 18-reminder] = C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini" (2023/02/17)
O4 - HKLM\..\StartupApproved\Run32: [OmniPage Preload] = C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preload (2023/02/17)
O4 - HKLM\..\StartupApproved\Run32: [TeamsMachineInstaller] = C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (file missing) (2021/03/20)
O4 - HKLM\..\StartupApproved\Run32: [TrueImageMonitor.exe] = C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (2020/04/07)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (2023/02/17)
O4 - HKLM\..\StartupApproved\Run: [Acronis Scheduler2 Service] = C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (2020/10/06)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2021/03/20)
O4 - HKLM\..\StartupApproved\Run: [CmPCIaudio] = C:\WINDOWS\syswow64\RunDll32.exe C:\WINDOWS\Syswow64\CMICNFG3.dll,CMICtrlWnd (2021/12/31)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2020/04/07)
O4 - HKU\.DEFAULT\..\Run: [OpAgent] = OpAgent.exe /agent (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi destinazione lin&k a PDF esistente: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi pagina Web a PDF esistente: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti destinazione link in Adobe PDF: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti pagina &Web in Adobe PDF: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O9 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\x64\IEPlugin.dll
O9-32 - Button: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O9-32 - Tools menu item: HKLM\..\{48A61126-9A19-4C50-A214-FF08CB94995C}: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\win32\IEPlugin.dll
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AcronisDrive: (no name) - {5D74FD4B-4EFB-4586-8022-8637BBE40970} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AcronisSyncError: (no name) - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AcronisSyncInProgress: (no name) - {00F848DC-B1D4-4892-9C25-CAADC86A215D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AcronisSyncOk: (no name) - {71573297-552E-46fc-BE3D-3DFAF88D47B7} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: Acronis Nonstop Backup Service - (afcdpsrv) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service R2: Acronis Scheduler2 Service - (AcrSch2Svc) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service R2: Acronis Sync Agent Service - (syncagentsrv) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Microsoft Office Click-to-Run Service - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service S2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service S2: Acronis Managed Machine Service Mini - (mmsminisrv) - C:\Program Files (x86)\Common Files\Acronis\Infrastructure\mms_mini.exe
O23 - Service S2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: Servizio Aggiornamento Microsoft Edge (edgeupdate) - (edgeupdate) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /svc
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Windows Net Service Helper - (windowsnetservicehelper.exe) - C:\Program Files (x86)\WindowsNetService\daemon\windowsnetservicehelper.exe
O23 - Service S3: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service
O23 - Service S3: Acronis Active Protection (TM) Service - (AcronisActiveProtectionService) - C:\Program Files (x86)\Common Files\Acronis\ActiveProtection\anti_ransomware_service.exe
O23 - Service S3: Acronis Mobile Backup Server - (mobile_backup_server) - C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe "--config-path=C:\ProgramData\Acronis\MobileBackupServer\Conf\WRM.conf"
O23 - Service S3: Acronis Mobile Backup Status Server - (mobile_backup_status_server) - C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\23.043.0226.0001\FileSyncHelper.exe
O23 - Service S3: Game Updater - (gameupdater) - C:\Program Files (x86)\Common Files\Game Updater\gameupdater.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\111.0.5563.65\elevation_service.exe
O23 - Service S3: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service S3: Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - (MicrosoftEdgeElevationService) - C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.44\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\23.043.0226.0001\OneDriveUpdaterService.exe
O23 - Service S3: Servizio Aggiornamento Microsoft Edge (edgeupdatem) - (edgeupdatem) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /medsvc
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
--
End of file - Time spent: 35 sec. - 30342 bytes, CRC32: FFFFFFFF. Sign: ጯ䢱