fatto ecco il nuovo log,
a questo punto dopo varie scans anche in safe mode con malwarebytes,8 ore, e set , f secure e macafee stinger il pc è pulito...ma...
la finestra che ciede l'account ms allo start del pc oppure ogni volta che explorer.exe si chiude e si riapre
mi compare sempre...
ecco il log hijack:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13
Platform: x64 Windows 10 (Home), 10.0.19045.4170 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 26.03.2024 - 11:39 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on PC, FirstRun: no
Chrome: 115.0.5790.171
Firefox: 124.0.0.8836
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
1 C:\Program Files (x86)\Softland\FBackup 9\bService.exe
1 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
6 C:\Users\Luca\AppData\Local\Programs\Python\Python38\python.exe
2 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\rundll32.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmptrap.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 D:\DESKTOP\ANTIVIRUS\HiJackThis_2.10.0.13\HiJackThis_2.10.0.13.exe
19 D:\DESKTOP\BROWSERS\FIREFOX\FirefoxPortable\App\Firefox64\firefox.exe
1 D:\DESKTOP\BROWSERS\FIREFOX\FirefoxPortable\FirefoxPortable.exe
1 D:\DESKTOP\BROWSERS\Windscribe\WindscribeService.exe
1 G:\back up 29.04.2010\C\Documents and Settings\Administrator\Dati applicazioni\qBittorrent-4.5.2\App\qBittorrent\qbittorrent.exe
1 G:\back up 29.04.2010\C\Documents and Settings\Administrator\Dati applicazioni\qBittorrent-4.5.2\qBittorrentPortable.exe
1 N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] =
http://libero.it/O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe -> (PE EXE) (2023/03/10)
O4 - HKLM\..\StartupApproved\Run: [MouseDriver] = C:\WINDOWS\system32\TiltWheelMouse.exe (2020/06/19)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2022/11/27)
O4 - HKLM\..\StartupApproved\Run: [SafeDiveCertMgm] = C:\WINDOWS\system32\rundll32.exe stCNSUtil.dll,DeleteCertStore (2022/02/21)
O4 - HKLM\..\StartupApproved\Run32: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (2020/06/27)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O17 - DHCP DNS 1: 127.0.0.1
O17 - DHCP DNS 2: 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Agent Activation Runtime (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP (empty)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) CIE Middleware Update - C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\CIEPKI.dll",Update
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (file missing)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-875700017-217750280-4135200879-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Softland\FBackup 9\fba_Desktop Backup - C:\Program Files (x86)\Softland\FBackup 9\bSchedStarter.EXE /HIDE /R "{35B1880B-8428-46F8-ADD4-B5FC1D5CC6E1}" -PRIORITY 2
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1915721136-1638656335-3578974293-500 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O23 - Service R2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
O23 - Service R2: Diskeeper - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service R2: DNSCrypt client proxy - (dnscrypt-proxy) - N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe -config dnscrypt-proxy.toml
O23 - Service R2: FBackup 9 Service - (FBackup9Srv) - C:\Program Files (x86)\Softland\FBackup 9\bService.exe -name:"FBackup9Srv" -disp:"FBackup 9 Service"
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: Windscribe Service - (WindscribeService) - D:/DESKTOP/BROWSERS/Windscribe/WindscribeService.exe
O23 - Service S2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (file missing)
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe "C:\Program Files\Proton\VPN\v3.2.10\ServiceData\WireGuard\ProtonVPN.conf"
O23 - Service S3: VirtualBox system service - (VBoxSDS) - c:\myVirtualBox\VBoxSDS.exe
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
O23 - Service S3: Wondershare Install Assist Service - (Wondershare InstallAssist) - C:\ProgramData\Wondershare\Service\InstallAssistService.exe
--
End of file - Time spent: 9,8 sec. - 21898 bytes, CRC32: FFFFFFFF. Sign: 豮