fatto ecco il nuovo log,
a questo punto dopo varie scans anche in safe mode con malwarebytes,8 ore, e set , f secure e macafee stinger il pc è pulito...ma...
la finestra che ciede l'account ms allo start del pc oppure ogni volta che explorer.exe si chiude e si riapre
mi compare sempre...
ecco il log hijack:

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.4170 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 26.03.2024 - 11:39 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on PC, FirstRun: no

Chrome: 115.0.5790.171
Firefox: 124.0.0.8836
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
1 C:\Program Files (x86)\Softland\FBackup 9\bService.exe
1 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
6 C:\Users\Luca\AppData\Local\Programs\Python\Python38\python.exe
2 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\rundll32.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmptrap.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 D:\DESKTOP\ANTIVIRUS\HiJackThis_2.10.0.13\HiJackThis_2.10.0.13.exe
19 D:\DESKTOP\BROWSERS\FIREFOX\FirefoxPortable\App\Firefox64\firefox.exe
1 D:\DESKTOP\BROWSERS\FIREFOX\FirefoxPortable\FirefoxPortable.exe
1 D:\DESKTOP\BROWSERS\Windscribe\WindscribeService.exe
1 G:\back up 29.04.2010\C\Documents and Settings\Administrator\Dati applicazioni\qBittorrent-4.5.2\App\qBittorrent\qbittorrent.exe
1 G:\back up 29.04.2010\C\Documents and Settings\Administrator\Dati applicazioni\qBittorrent-4.5.2\qBittorrentPortable.exe
1 N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe -> (PE EXE) (2023/03/10)
O4 - HKLM\..\StartupApproved\Run: [MouseDriver] = C:\WINDOWS\system32\TiltWheelMouse.exe (2020/06/19)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2022/11/27)
O4 - HKLM\..\StartupApproved\Run: [SafeDiveCertMgm] = C:\WINDOWS\system32\rundll32.exe stCNSUtil.dll,DeleteCertStore (2022/02/21)
O4 - HKLM\..\StartupApproved\Run32: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (2020/06/27)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O17 - DHCP DNS 1: 127.0.0.1
O17 - DHCP DNS 2: 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Agent Activation Runtime (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP (empty)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) CIE Middleware Update - C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\CIEPKI.dll",Update
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (file missing)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-875700017-217750280-4135200879-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Softland\FBackup 9\fba_Desktop Backup - C:\Program Files (x86)\Softland\FBackup 9\bSchedStarter.EXE /HIDE /R "{35B1880B-8428-46F8-ADD4-B5FC1D5CC6E1}" -PRIORITY 2
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1915721136-1638656335-3578974293-500 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O23 - Service R2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
O23 - Service R2: Diskeeper - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service R2: DNSCrypt client proxy - (dnscrypt-proxy) - N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe -config dnscrypt-proxy.toml
O23 - Service R2: FBackup 9 Service - (FBackup9Srv) - C:\Program Files (x86)\Softland\FBackup 9\bService.exe -name:"FBackup9Srv" -disp:"FBackup 9 Service"
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: Windscribe Service - (WindscribeService) - D:/DESKTOP/BROWSERS/Windscribe/WindscribeService.exe
O23 - Service S2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (file missing)
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe "C:\Program Files\Proton\VPN\v3.2.10\ServiceData\WireGuard\ProtonVPN.conf"
O23 - Service S3: VirtualBox system service - (VBoxSDS) - c:\myVirtualBox\VBoxSDS.exe
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
O23 - Service S3: Wondershare Install Assist Service - (Wondershare InstallAssist) - C:\ProgramData\Wondershare\Service\InstallAssistService.exe


--
End of file - Time spent: 9,8 sec. - 21898 bytes, CRC32: FFFFFFFF. Sign: 豮

ottimo, grazie syslack
in effetti così sparisce la schermata di richiesta password di account ms
ma però c'e' sempre una finestra blu in cui c'e' una scritta:


rimane qualche secondo e poi scomapare...
come si fa a non avere neppure questa immagine?
perchè a quuanto ho capito ci deve essere una qualche app o servizio ms che da qualche settimana all'accesso del pc oppure alla chiusura e riapertura di explorer.exe
vorrebbe il log in all'account di ms
quindi credo che disabilitando il wlidsvc abbiamo eliminato gli effetti...
ma non abbiamo arrestato la causa
ecco io vorrei che non apparisse neppure la immagine che ho postato
perchè fino a qualche settimana fa non appariva
in sostanza vorrei fermarne la causa
grazie ancora per l'attenzione ed aiuto