Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Alla cortese attenzione di cbbusto

Alla cortese attenzione di cbbusto Opzioni
Topic Precedente · Topic Sucessivo
salvo14
Inviato: Sunday, March 20, 2022 11:47:55 AM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Buogiorno, il mio sistema operativo è windows10 da un pò di tempo è comparso questo maledetto virus PUA:Win32/PcMechanic e PUP.Optional.Legaly e non riesco con nessun antivirus ad eliminare.
Gentilmente potresti controllare il log e indicarmi quale riga debbo togliere?
Grazie

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19044.1586 (ReleaseId: 2009), Service Pack: 0
Time: 20.03.2022 - 11:41 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Salvo (group: Administrator) on DESKTOP-TVMVEDA, FirstRun: yes

Chrome: 99.0.4844.74
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
1 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
1 C:\Program Files (x86)\Volume2\Volume2.exe
1 C:\Program Files (x86)\iISystem Wiper\SystemWiper.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Macrium\Common\ReflectMonitor.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.147.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Users\Salvo\AppData\Local\MEGAsync\MEGAsync.exe
1 C:\Users\Salvo\Documents\Download\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHeciSvc.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
1 C:\Windows\System32\PrintIsolationHost.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
65 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.46\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O2-32 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2-32 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3-32 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3-32 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [RoboForm] = C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKCU\..\Run: [iIWiper] = C:\Program Files (x86)\iISystem Wiper\SystemWiper.exe m
O4 - User Startup: C:\Users\Salvo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Salvo\AppData\Local\MEGAsync\MEGAsync.exe
O4-32 - HKLM\..\Run: [Volume2] = C:\Program Files (x86)\Volume2\Volume2.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Compila Modulo: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Personalizza: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\RF Barra strumenti: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Salva Moduli: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O17 - DHCP DNS 1: 192.168.43.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX32.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX32.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX32.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /AllUsersRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /CalendarRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /WakeupRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - Salvo - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EOSv3 Scheduler onLogOn - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (file missing)
O22 - Task: EOSv3 Scheduler onTime - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: Intel PTT EK Recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1025282367-3084422637-3164669770-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1908716372-1856947639-1881081324-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Open URL by RoboForm - C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOLKMJLJLPMNLOLGMCNJLMLMMJLCNOMHMPMJLCNKMKLJMJMCNMLPMNLMMLLNMMMNMIMNMJMPMJNJICMIMCNGMCNGMFMOMOMCNIMHMGMCNOMGMPMLMOMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMLMPMGMNMJNHICMEKMICNJJCKJNBJCMMKOJDJJIAJJNKJCMJNNICMJNDJCMGJLIJNMJCMPMFMJMIMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
O22 - Task: Run RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O22 - Task: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
O22 - Task: \MEGA\MEGAsync Update Task S-1-5-21-1025282367-3084422637-3164669770-1001 - C:\Users\Salvo\AppData\Local\MEGAsync\MEGAupdater.exe
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay - C:\Program Files\ruxim\ruximics.exe /nonetwork (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync - C:\Program Files\ruxim\ruximics.exe /onlyloadcampaigns (Microsoft)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHeciSvc.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service S2: AsusUpdateCheck - C:\WINDOWS\System32\AsusUpdateCheck.exe
O23 - Service S2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: TTHOMEService - C:\Program Files\TomTom HOME\TTHOMEService.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\99.0.4844.74\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NBService - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service S3: NMIndexingService - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"


--
End of file - Time spent: 8,3 sec. - 40030 bytes, CRC32: FFFFFFFF. Sign: 輽
Torna in alto
 
Sponsor
Inviato: Sunday, March 20, 2022 11:47:55 AM

 
Torna in alto
 
cbbusto
Inviato: Sunday, March 20, 2022 4:01:38 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora il problema che hai segnalato è un adware, cioè un dirottatore ti potrebbe indirizzare verso siti pericolosi o truffaldini, non si elimina con gli antivirus.
A proposito con win 10 devi usare Defender e nessun altro antivirus.
per cercare di eliminare quel PUA devi fare delle scansioni:

Scarica ed installa MalwareBytes:
clicca qui per il download : http://www.aiutamici.com/software?id=80346
Prima di fare la scansione AGGIORNALO. (è molto importante)
Esegui una scansione completa del sistema. (NON veloce)
Elimina gli eventuali file infetti trovati. (li devi selezionare, e poi cliccare su "Rimuovi selezionati")
Posta il log.

Scarica Adwcleaner sul desktop:
http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Scan".
Finita la scansione clicca su "Clean"
Conferma con OK le varie finestre che ti compariranno.
Il pc si riavvierà, e uscirà il log con le eliminazioni.
Postalo qui.

Scarica Junkware Removal Tool sul desktop.
http://www.majorgeeks.com/mg/get/junkware_removal_tool,1.html
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.
Tutte le scansioni vanno fatte in modalità NORMALE.
Hai 2 programmi che è meglio eliminare anche percgè servono a poco e possono creare dei problemi.

Fixa ed elimina le seguenti righe:

1 C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.1525_none_7e00daaa7c97a563\TiWorker.exe
O2 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O2-32 - HKLM\..\BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O3 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
O3-32 - HKLM\..\Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O3-32 - HKLM\..\Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [RoboForm] = C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
O4 - HKCU\..\Run: [iIWiper] = C:\Program Files (x86)\iISystem Wiper\SystemWiper.exe m
O4 - User Startup: C:\Users\Salvo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk -> C:\Users\Salvo\AppData\Local\MEGAsync\MEGAsync.exe
O4-32 - HKLM\..\Run: [Volume2] = C:\Program Files (x86)\Volume2\Volume2.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Personalizza: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\RF Barra strumenti: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Salva Moduli: (default) = C:/Program Files (x86)/Siber Systems/AI RoboForm (file missing)
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Button: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: Mostra Toolbar - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F46}: Compila Modulo - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{320AF880-6646-11D3-ABEE-C5DBF3571F49}: Salva Moduli - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O9-32 - Tools menu item: HKLM\..\{724d43aa-0d85-11d4-9908-00400523e39a}: RF Barra strumenti - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
O22 - Task: Open URL by RoboForm - C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOLKMJLJLPMNLOLGMCNJLMLMMJLCNOMHMPMJLCNKMKLJMJMCNMLPMNLMMLLNMMMNMIMNMJMPMJNJICMIMCNGMCNGMFMOMOMCNIMHMGMCNOMGMPMLMOMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMLMPMGMNMJNHICMEKMICNJJCKJNBJCMMKOJDJJIAJJNKJCMJNNICMJNDJCMGJLIJNMJCMPMFMJMIMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
O22 - Task: Run RoboForm TaskBar Icon - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe

Finito le eliminazioni fai una pulizia del registro:
Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Fammi sapere se tutto va bene. Ciao
Torna in alto
 
salvo14
Inviato: Sunday, March 20, 2022 5:32:46 PM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Ciao, ho fatto tutto quello che mi hai indicato, spero di non avere sbagliato niente.
Purtroppo il maledetto è sempre presente nelle scanzioni con AdwCleaner 8.3.1.0 lo vede solo lui e non cè verso di di eliminarlo. Vedi un pò tu!!! Grazie per la disponibilità.

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19044.1586 (ReleaseId: 2009), Service Pack: 0
Time: 20.03.2022 - 17:24 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Salvo (group: Administrator) on DESKTOP-TVMVEDA, FirstRun: yes

Chrome: 99.0.4844.74
Internet Explorer: 11.0.19041.1566
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
1 C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv.exe
1 C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Macrium\Common\ReflectMonitor.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\TomTom HOME\TTHOMEService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22022.147.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
1 C:\Users\Salvo\Documents\Download\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxEM.exe
1 C:\Windows\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
1 C:\Windows\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHeciSvc.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
69 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\explorer.exe

O2 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\99.0.1150.46\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O17 - DHCP DNS 1: 192.168.43.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX64.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Pending):  MEGA (Pending) - {056D528D-CE28-4194-9BA3-BA2E9197FF8C} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX32.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Synced):  MEGA (Synced) - {05B38830-F4E9-4329-978B-1DD28605D202} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX32.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ MEGA (Syncing):  MEGA (Syncing) - {0596C850-7BDD-4C9D-AFDF-873BE6890637} - C:\Users\Salvo\AppData\Local\MEGAsync\ShellExtX32.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantAllUsersRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /AllUsersRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /CalendarRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateAssistant\UpdateAssistantWakeupRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:NHV25:{} /WakeupRun (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - Salvo - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EOSv3 Scheduler onLogOn - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe LOGON (file missing)
O22 - Task: EOSv3 Scheduler onTime - C:\Users\Salvo\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED (file missing)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe --automatic (file missing)
O22 - Task: Intel PTT EK Recertification - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\IntelPTTEKRecertification.exe
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132 - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: IntelSURQC-Upgrade-86621605-2a0b-4128-8ffc-15514c247132-Logon - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe --automatic
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1025282367-3084422637-3164669770-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1908716372-1856947639-1881081324-500 - C:\Users\Salvo\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O22 - Task: Open URL by RoboForm - C:\WINDOWS\system32\rundll32.exe url.dll,FileProtocolHandler "http://www.roboform.com/test-pass.html?aaa=KICMOLKMJLJLPMNLOLGMCNJLMLMMJLCNOMHMPMJLCNKMKLJMJMCNMLPMNLMMLLNMMMNMIMNMJMPMJNJICMIMCNGMCNGMFMOMOMCNIMHMGMCNOMGMPMLMOMFMJMCNMMCNGMJMPMPMCNNMJNPICMPMFMEKMICNJJCKFMLMPMGMNMJNHICMEKMICNJJCKJNBJCMMKOJDJJIAJJNKJCMJNNICMJNDJCMGJLIJNMJCMPMFMJMIMFMPMJNFICMGJLJKJBJLIGJLIGJKJMIBNKJHIKJ"
O22 - Task: USER_ESRV_SVC_QUEENCREEK - C:\WINDOWS\System32\Wscript.exe //B //NoLogo "C:\Program Files\Intel\SUR\QUEENCREEK\x64\task.vbs"
O22 - Task: \MEGA\MEGAsync Update Task S-1-5-21-1025282367-3084422637-3164669770-1001 - C:\Users\Salvo\AppData\Local\MEGAsync\MEGAupdater.exe
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMDisplay - C:\Program Files\ruxim\ruximics.exe /nonetwork (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\RUXIMSync - C:\Program Files\ruxim\ruximics.exe /onlyloadcampaigns (Microsoft)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Energy Server Service queencreek - (ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--AUTO_START" "--start" "--start_options_registry_key" "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\ESRV_SVC_QUEENCREEK\_start"
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Driver & Support Assistant - (DSAService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAService.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\WINDOWS\System32\DriverStore\FileRepository\dal.inf_amd64_b5484efd38adbe8d\jhi_service.exe
O23 - Service R2: Intel(R) Graphics Command Center Service - (igccservice) - C:\WINDOWS\System32\DriverStore\FileRepository\igcc_dch.inf_amd64_3d2488852c7b45a0\OneApp.IGCC.WinService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\cui_dch.inf_amd64_23e9be9389950d33\igfxCUIService.exe
O23 - Service R2: Intel(R) System Usage Report Service SystemUsageReportSvc_QUEENCREEK - (SystemUsageReportSvc_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\SurSvc.exe
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: TTHOMEService - C:\Program Files\TomTom HOME\TTHOMEService.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\iigd_dch.inf_amd64_e648bb2a2af8e9de\IntelCpHeciSvc.exe
O23 - Service R3: Intel(R) Driver & Support Assistant Updater - (DSAUpdateService) - C:\Program Files (x86)\Intel\Driver and Support Assistant\DSAUpdateService.exe
O23 - Service S2: AsusUpdateCheck - C:\WINDOWS\System32\AsusUpdateCheck.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\TPMProvisioningService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\99.0.4844.74\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\WINDOWS\System32\DriverStore\FileRepository\iclsclient.inf_amd64_76523213b78d9046\lib\SocketHeciServer.exe
O23 - Service S3: Intel(R) SUR QC Software Asset Manager - (Intel(R) SUR QC SAM) - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NBService - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service S3: NMIndexingService - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Energy Server Service queencreek - (USER_ESRV_SVC_QUEENCREEK) - C:\Program Files\Intel\SUR\QUEENCREEK\x64\esrv_svc.exe "--run_as_user_process"


--
End of file - Time spent: 11,1 sec. - 31504 bytes, CRC32: FFFFFFFF. Sign: ⇴ꘈ
Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2022 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 03/20/2022 05:21:00 PM in x64 mode.
Windows Version: Windows 10 Pro

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 03/20/2022 05:21:52 PM
Execution time: 0 hours(s), 0 minute(s), and 52 seconds(s)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Enterprise x64
Ran by Salvo (Administrator) on 20/03/2022 at 17:18:09,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/03/2022 at 17:19:25,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# -------------------------------
# Malwarebytes AdwCleaner 8.3.1.0
# -------------------------------
# Build: 11-18-2021
# Database: 2022-03-15.3 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 03-19-2022
# Duration: 00:00:00
# OS: Windows 10 Pro
# Cleaned: 1
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

No malicious folders cleaned.

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

No malicious registry entries cleaned.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

Deleted blekko

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Hosts File Entries ] *****

No malicious hosts file entries cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete IFEO
[+] Delete Prefetch
[+] Delete Tracing Keys
[+] Reset Winsock
[+] Reset Windows Installer

*************************

AdwCleaner[S00].txt - [1405 octets] - [19/03/2022 12:56:19]
AdwCleaner_Debug.log - [6757 octets] - [19/03/2022 17:50:51]
AdwCleaner[S01].txt - [1528 octets] - [19/03/2022 17:50:59]
AdwCleaner[S02].txt - [1594 octets] - [19/03/2022 18:12:52]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C02].txt ##########
Torna in alto
 
cbbusto
Inviato: Sunday, March 20, 2022 5:52:35 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Il log è a posto.
Elimina i prefetch, vai in c windows prefetch e elimina tutto.
Se ci sono delle infezioni alle volte sono li.
Torna in alto
 
salvo14
Inviato: Sunday, March 20, 2022 6:03:30 PM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Ho eliminato tutti i file dalla cartella Prefect all'infuori di questo che non lo vuole togliere per nessun motivo!!
PFPre_c4d62043.mkd
Torna in alto
 
mandela2
Inviato: Monday, March 21, 2022 10:01:00 AM

Rank: AiutAmico

Iscritto dal : 11/21/2014
Posts: 259
x cbbusto. Mi intrometto brevemente nella discussione per avere una spiegazione ad una risposta: "se hai windows 10 devi usare Defender...." Io utilizzo bitdefender internet security, che a detta di molti è più completo ed efficace di Defender. Come argomenti la tua affermazione?
Torna in alto
 
giza
Inviato: Monday, March 21, 2022 2:55:26 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
https://www.aranzulla.it/come-cancellare-i-file-bloccati-da-windows-7834.html
Torna in alto
 
cbbusto
Inviato: Monday, March 21, 2022 5:19:29 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
mandela2 ha scritto:
x cbbusto. Mi intrometto brevemente nella discussione per avere una spiegazione ad una risposta: "se hai windows 10 devi usare Defender...." Io utilizzo bitdefender internet security, che a detta di molti è più completo ed efficace di Defender. Come argomenti la tua affermazione?


Per win 10, da più parti e da vari test Defender è considerato im migliore.
Puoi tenere bitdefender se ti trovi bene, anche lui è un buon antivirus.
questo è un articolo di Aranzulla:
Se ti interessa sapere quelli che, al momento, sono i miglior antivirus gratis per PC, allora faresti bene a leggere attentamente le sezioni successive di questa guida. Come ti ho già accennato poc’anzi, per la sua realizzazione mi sono basato sulle mie esperienze personali e sui test effettuati da AV-Comparatives e AV-Test, due aziende specializzate nel campo della sicurezza informatica che, periodicamente, realizzano e mettono a disposizione dei confronti dettagliati sui più noti e diffusi software antivirus.
In particolare, AV-Comparatives mette in relazione i vari antivirus basandosi su una serie di test basati su precisi aspetti del rilevamento, tra cui: la percentuale di rilevamento delle minacce, la percentuale di rilevamento di falsi positivi, le euristiche comportamentali e, non da meno, il comportamento del software negli scenari di uso comune. AV-Test, invece, fornisce risultati suddivisi per sistema operativo e permette di ordinare i software in base alle prestazioni, al rilevamento di falsi positivi e alla percentuale dei rilevamenti.
I migliori antivirus gratis per Windows 10
Chiariti i parametri di scelta, è giunto il momento di mostrarti quelli che, a mio avviso, corrispondono ai migliori antivirus gratis per Windows 10 attualmente disponibili.
Windows Defender.
Torna in alto
 
cbbusto
Inviato: Monday, March 21, 2022 5:24:24 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
salvo14 ha scritto:
Ho eliminato tutti i file dalla cartella Prefect all'infuori di questo che non lo vuole togliere per nessun motivo!!
PFPre_c4d62043.mkd


Questo lo puoi lasciare non è un problema.
Dal post di Giza puoi provare LockHunter, può risolvere.
Comunque ripeto non è un virus.
Torna in alto
 
cbbusto
Inviato: Monday, March 21, 2022 5:28:58 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Torna in alto
 
salvo14
Inviato: Monday, March 21, 2022 6:40:55 PM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Niente ci Cbbusto, non cè niente da fare ho provato di tutto adesso sono veramente stanco
sto pensando di formattare tutto anche se non lo vorrei fare... Ti ringrazio tantissimo sei stato veramente gentile.
Torna in alto
 
giza
Inviato: Tuesday, March 22, 2022 9:08:26 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
hai provato a seguire il percorso win32/ecc... dopo aver spuntato visualizza cartelle nascoste?

oppure fai una prova. disattiva il tuo antivirus e installa questo

https://software.aiutamici.com/software?ID=80362
fai la scansione e se trova il virus eliminalo.
spegni e riavvia e fai un altra scansione, se non lo trova più puoi disinstallarlo e riattivare il tuo antivirus.
Torna in alto
 
salvo14
Inviato: Tuesday, March 22, 2022 11:38:01 AM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Ciao giza, ho fatto come mi hai suggerito ho installato Bitdefender ho scansionato due volte il sistema ma non ha trovato niente. Debbo dire che questo maledetto non lo vede nessun antivirus, ma lo vede solo
AdwCleaner 8.3.1.0 non vorrei che ci prendesse in giro e che il computer sia pulito? ed io sto impazzendo inutilmente? Grazie
Torna in alto
 
giza
Inviato: Tuesday, March 22, 2022 4:22:31 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
se non ti da problemi lascia perdere, potrebbe essereun falso positivo
Torna in alto
 
salvo14
Inviato: Tuesday, March 22, 2022 5:48:01 PM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Ragazzi sono felicissimo, stavo per formattare il computer, avevo inserito il cd di installazione quando ho avuto una intuizione, da 3 giorni le ho provato tutte ma niente sono entrato nel mio account google con l'intenzione di togliere la cronologia della sincronizzazione e con mia grande sorpresa ho trovato un account a me sconosciuto,
l'ho disistallato immediatamente e ho fatto una pulizia generale di tutta la cronologia. Risultato? quel maledetto è scomparso Adwcleaner non segnala più niente.
Meno male che non ho formattato!! avrei fatto un buco nell'acqua!!! Un grande grazie và a cbbusto e giza.
Torna in alto
 
sabbb
Inviato: Wednesday, March 23, 2022 8:41:59 AM
Rank: AiutAmico

Iscritto dal : 9/12/2009
Posts: 6,632
salvo14 ha scritto:
.........
Meno male che non ho formattato!! avrei fatto un buco nell'acqua!!!


Il buco nell'acqua c'è stato uguale, te lo spiego:

Fate un backup del disco (da quello che vedo Macrium\Common\MacriumService.exe) poi perdete tempo per aggiustare un Sistema (a mio vedere gravemente) danneggiato ,
perdete tempo per postare,aspettare poi le risposte,poi dovete eseguire, poi nuovamente postare,e rifai le scansioni
e ricontrolla se è stato eliminato ecc ecc ,
quando sarebbero bastati pochi click del mouse per ripristinare un immagine (spero per voi quando la avete creata) pulita.

Per quanto elementare io sono (e preciso direi) a volte mi è parso difficile capirmi, per cui riformulo:
A cosa serve che fate queste benedette immagini se poi non vi passa minimamente per la mente
che bisogna aggiornarle e sopratutto avete la possibilità di ripristinare?

Peraltro si direbbe che il programma fu installato , come le immagini disco o partizioni
create proprio per questo ... . o mi sbaglio? Speak to the hand
Torna in alto
 
giza
Inviato: Wednesday, March 23, 2022 9:59:45 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,617
hai ragione sabbb, ma per i poco esperti, c'è il rischo che ripristinando un bkup vada tutto storto. lo uso solo quando il pc non parte o da schermate blu
Torna in alto
 
salvo14
Inviato: Thursday, March 24, 2022 11:21:52 AM
Rank: AiutAmico

Iscritto dal : 3/9/2001
Posts: 58
Scusate il ritardo nel rispondere:
1 non ho ripristinato la copia immagine da macrium in quanto la stessa aveva in corpo pure lo stesso Virus,
perciò non avrei concluso niente... ma anche se era una copia pulita si sarebbe subito infettata perche "forse mi sono espresso male" il virus si era infiltrato nella cronologia e sincronizzazione di Google.
Se non avessi avuto questa intuizione e avrei eliminato tutta la cronologia e la sincronizzazione ancora sarei quì
a cercare aiuto.
Un caro saluto
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Alla cortese attenzione di cbbusto


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.