|
|
Rank: AiutAmico
Iscritto dal : 3/9/2001
Posts: 58
|
Buonasera, il mio sistema operativo è windows10 da un pò di tempo è comparso questo maledetto virus PUA:Win32/PcMechanic e non riesco con nessun antivirus ad eliminare.
Gentilmente potete controllare il log e indicarmi quale riga debbo togliere?
Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26
Platform: x64 Windows 10 (Pro), 10.0.19044.1586 (ReleaseId: 2009), Service Pack: 0
Time: 14.03.2022 - 17:51 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Salvo (group: Administrator) on DESKTOP-TVMVEDA, FirstRun: yes
Chrome: 99.0.4844.51
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
1 C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome-nm-host.exe
1 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
1 C:\Program Files (x86)\Volume2\Volume2.exe
1 C:\Program Files (x86)\WinZip\WINZIP32.EXE
1 C:\Program Files (x86)\iISystem Wiper\SystemWiper.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
16 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Macrium\Common\ReflectMonitor.exe
1 C:\Program Files\Macrium\Common\ReflectUI.exe
1 C:\Program Files\TomTom HOME\TTHOMEService.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2021.21090.10008.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22012.167.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22011.10031.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
1 C:\Users\Salvo\AppData\Local\MEGAsync\MEGAsync.exe
1 C:\Users\Salvo\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
9 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O2-32 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3-32 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3-32 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] = C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
O4 - HKCU\..\Run: [RoboForm] = C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKCU\..\Run: [TomTomHOME.exe] = C:\Program Files\TomTom HOME\TTHOMERunner.exe -s (file missing)
O4 - HKCU\..\Run: [iIWiper] = C:\Program Files (x86)\iISystem Wiper\SystemWiper.exe m
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2021/10/02)
O4 - HKLM\..\Run: [Reflect UI] = C:\Program Files\Macrium\Common\ReflectUI.exe
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O4 - User Startup: C:\Users\Salvo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Salvo\AppData\Local\MEGAsync\MEGAsync.exe
O4-32 - HKLM\..\Run: [Intel Driver & Support Assistant] = C:\Program Files (x86)\Intel\Driver and Support Assistant\DSATray.exe
O4-32 - HKLM\..\Run: [Volume2] = C:\Program Files (x86)\Volume2\Volume2.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Compila Modulo: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Personalizza: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\RF Barra strumenti: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Salva Moduli: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O17 - DHCP DNS 1: 192.168.43.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\� MEGA (Pending): � MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\� MEGA (Synced): � MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\� MEGA (Syncing): � MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /AllUsersRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /CalendarRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /WakeupRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - Salvo - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EOSv3 Scheduler onLogOn - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON
O22 - Task: EOSv3 Scheduler onTime - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: Intel PTT EK Recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1025282367-3084422637-3164669770-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1908716372-1856947639-1881081324-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Open URL by RoboForm - C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNJJMKMJJMJMJJJPMCNOMLMJJLMCNLMJMLMMJCNHMNJIMNMCNIMLJIMNMOJLMMJNMKMJMMJOJJNJICMIMCNGMCNGMFMOMOMCNIMHMGMCNOMGMPMLMOMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMKOJDJJIAJJNKJCMJNNICMJNDJCMGJLIJNMJCMPMFMPMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
O22 - Task: Run RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O22 - Task: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
O22 - Task: \MEGA\MEGAsync Update Task S-1-5-21-1025282367-3084422637-3164669770-1001 - C:\Users\Salvo\AppData\Local\MEGAsync\MEGAupdater.exe
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay - C:\Program Files\ruxim\ruximics.exe /nonetwork (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync - C:\Program Files\ruxim\ruximics.exe /onlyloadcampaigns (Microsoft)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: TTHOMEService - C:\Program Files\TomTom HOME\TTHOMEService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service S2: AsusUpdateCheck - C:\WINDOWS\System32\AsusUpdateCheck.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\99.0.4844.51\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NBService - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service S3: NMIndexingService - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"
--
|
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 3/9/2001
Posts: 58
|
Scusate non cè nessuno competente che possa aiutarmi? Grazie
|
|
Rank: AiutAmico
Iscritto dal : 10/27/2006
Posts: 9,424
|
lo hijactisologo al momento è latente.
comincia a fixare tutti gli 04 e poi ristampa il log
|
|
Rank: AiutAmico
Iscritto dal : 3/9/2001
Posts: 58
|
Ciao Giza, ho fatto come mi hai indicato ho fixato tutti gli 04 dopodichè ho pulito la cartella temp e Prefect ho pulito il registro con Free Registry Clean e ho riavviato il sistema. Purtroppo il maledetto è sempre presente però il sistema mi ha tolto tutti i collegamenti a molti programmi. Ecco il nuovo Log:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26
Platform: x64 Windows 10 (Pro), 10.0.19044.1586 (ReleaseId: 2009), Service Pack: 0
Time: 16.03.2022 - 18:20 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Salvo (group: Administrator) on DESKTOP-TVMVEDA, FirstRun: yes
Chrome: 99.0.4844.51
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Macrium\Common\ReflectMonitor.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22012.167.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.22011.10031.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2202.4-0\NisSrv.exe
1 C:\Users\Salvo\Documents\Download\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\audiodg.exe
3 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
71 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe
O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O2-32 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.39\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3-32 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3-32 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Compila Modulo: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Personalizza: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\RF Barra strumenti: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Salva Moduli: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O17 - DHCP DNS 1: 192.168.43.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\� MEGA (Pending): � MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\� MEGA (Synced): � MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\� MEGA (Syncing): � MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /AllUsersRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /CalendarRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /WakeupRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - Salvo - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EOSv3 Scheduler onLogOn - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON
O22 - Task: EOSv3 Scheduler onTime - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: Intel PTT EK Recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1025282367-3084422637-3164669770-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1908716372-1856947639-1881081324-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Open URL by RoboForm - C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMNJJMKMJJMJMJJJPMCNOMLMJJLMCNLMJMLMMJCNHMNJIMNMCNIMLJIMNMOJLMMJNMKMJMMJOJJNJICMIMCNGMCNGMFMOMOMCNIMHMGMCNOMGMPMLMOMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMPMJNHICMEKMICNJJCKJNBJCMMKOJDJJIAJJNKJCMJNNICMJNDJCMGJLIJNMJCMPMFMPMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
O22 - Task: Run RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (file missing)
O22 - Task: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
O22 - Task: \MEGA\MEGAsync Update Task S-1-5-21-1025282367-3084422637-3164669770-1001 - C:\Users\Salvo\AppData\Local\MEGAsync\MEGAupdater.exe
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay - C:\Program Files\ruxim\ruximics.exe /nonetwork (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync - C:\Program Files\ruxim\ruximics.exe /onlyloadcampaigns (Microsoft)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_003a6d3c4c50c291\OneApp.IGCC.WinService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_12ed482042e0dee5\igfxCUIService.exe
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_1dc9fc8d5e442f6a\IntelCpHeciSvc.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service S2: AsusUpdateCheck - C:\WINDOWS\System32\AsusUpdateCheck.exe
O23 - Service S2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: TTHOMEService - C:\Program Files\TomTom HOME\TTHOMEService.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\99.0.4844.51\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NBService - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service S3: NMIndexingService - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"
--
End of file - Time spent: 12,7 sec. - 37624 bytes, CRC32: FFFFFFFF. Sign: ô‹“®
|
|
Rank: AiutAmico
Iscritto dal : 10/27/2006
Posts: 9,424
|
se ti riferisci allo 04, sono programmi in avvio che si riformano quando li usi. no problem. per il resto, devi aspettare l'experto. segui quanto indicato qui. http://forum.aiutamici.com/yaf_postst96025_ELIMINARE-PAGINE-PUBBLICITARIE-E-PORCHERIE-VARIE-E-PULIRE-SISTEMA.aspx
|
|
Rank: AiutAmico
Iscritto dal : 3/9/2001
Posts: 58
|
Ok aspetto l'esperto. Grazie
|
|
Rank: Newbie
Iscritto dal : 2/16/2024
Posts: 0
|
|
|
|
Guest |
