Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pc infetto

3 pages: 1 [2] 3
pc infetto Opzioni
Topic Precedente · Topic Sucessivo
giza
Inviato: Tuesday, February 13, 2024 10:21:57 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
avvia azioni . elimina.
Torna in alto
 
carducci
Inviato: Tuesday, February 13, 2024 1:10:53 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
è quello che faccio,ho provato ad eliminarlo ,niente,ho provato a metterlo in quarantena ,niente.
non c'è mezzo di eliminarlo.
Torna in alto
 
giza
Inviato: Tuesday, February 13, 2024 3:01:38 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
NON devi consentire la minaccia
riesci a risalire a quando è comparso la prima volta? controlla nei programmi se in quella data hai installato qualcosa.
guarda anche in start/esecuzione automatica se c'è qualcosa.

vai su start/ esegui e scrivi %temp% si apre la cartella e cancella tutto

poi in C/windows /prefetch cancella tutto tranne ready boot e layout

come dice wolf scarica questo e posta il logo che ti rilascia
https://software.aiutamici.com/software?ID=11175
Torna in alto
 
carducci
Inviato: Tuesday, February 13, 2024 3:40:37 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
la minaccia è comparsa il giorno 4 febbraio scaricando un gioco da Emule
ho fatto quello che mi hai cosigliato senza trovare niente di strano.
ti posto il log.

HiJackThis.log
Torna in alto
 
syslack
Inviato: Tuesday, February 13, 2024 4:18:42 PM
Rank: Member

Iscritto dal : 2/11/2024
Posts: 15
Se la minaccia risulta ancora solo con data 4 febbraio, non è da escludere che sia la persistenza della history di Defender il (falso) problema. Nel dubbio, dopo aver controllato che il file malevolo non esista più nel suo percorso (solitamente scritto in "Minaccia bloccata/Altre informazioni"), cancellerei la cronologia di Defender (qui una guida) e rifarei una scansione, sempre con Defender.
Torna in alto
 
giza
Inviato: Tuesday, February 13, 2024 7:37:03 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
elimina quel gioco, se hai revo uninstaller è meglio,https://software.aiutamici.com/software?ID=80254 poi segni e riaccendi
rifai tutte le scansioni
compreso defender se trova qualcosa metti in quarantena poi eliminali
Torna in alto
 
giza
Inviato: Tuesday, February 13, 2024 7:54:26 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
il log di hiacthis non si apre per possibile minaccia , dovresti selezionarlo e poi fare copia e incolla, grazie
Torna in alto
 
carducci
Inviato: Tuesday, February 13, 2024 10:25:47 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
posto il log di Hijack

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19045.3930 (ReleaseId: 2009), Service Pack: 0
Time: 13.02.2024 - 22:58 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Franco (group: Administrator) on FRANCO121152, FirstRun: yes

Firefox: 122.0.1.8801
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
1 C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
1 C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
1 C:\Program Files (x86)\EaseUS\ENS\AliyunWrapExe.exe
1 C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
7 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe
7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
15 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
1 C:\Program Files (x86)\Softland\FBackup 5\bService.exe
1 C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
1 C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
1 C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.207.500_x64__8wekyb3d8bbwe\olk.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24012.86.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\NisSrv.exe
1 C:\Users\Franco\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
1 C:\Users\Franco\Desktop\HiJackThis.exe
1 C:\Windows\System32\MoUsoCoreWorker.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\vds.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\explorer.exe
1 C:\Windows\splwow64.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6B08E15-29E8-45EE-BD0B-65CDD03D0DF0}: [URL] = http://www.it-qqle.com/search?q={searchTerms} - Cerca
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: PXCIEaddin5 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O3-32 - HKLM\..\Toolbar: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O4 - HKCU\..\Run: [FBackup 5 Tray Agent] = C:\Program Files (x86)\Softland\FBackup 5\bTray.exe
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_CD59F96E9A75DD4AC719E078EC587A0B] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start
O4 - HKCU\..\Run: [VideoGuardMonitor] = C:\Users\Franco\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2021/01/10)
O4 - HKCU\..\StartupApproved\Run: [EPLTarget\P0000000000000000] = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBGE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2910 Series" (2017/02/11)
O4 - HKLM\..\Run: [EPPCCMON] = C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
O4 - HKLM\..\StartupApproved\Run32: [StartCCC] = C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun (2021/10/13)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2017/02/11)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [BtTray] = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4-32 - HKLM\..\Run: [FUFAXRCV] = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe
O4-32 - HKLM\..\Run: [FUFAXSTM] = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe
O4-32 - HKLM\..\Run: [TrayProcess] = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe autorun
O16-32 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\SysWow64\skype4com.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NoUACCheck
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-3675411980-2463622579-1685437054-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task: CCleanerSkipUAC - Franco - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task: EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task: HPCustParticipation HP DeskJet 2600 series - C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe /UA 19.6 (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-3675411980-2463622579-1685437054-1001 - C:\Users\Franco\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\WINDOWS\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\WINDOWS\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: ABBYY FineReader 15 Licensing Service - (ABBYY.Licensing.FineReader.15.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe -service
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: BlueSoleilCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service R2: EaseUS UPDATE SERVICE - C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
O23 - Service R2: Easy Connection to Screen - C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
O23 - Service R2: Epson PMAService A - C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: FBackup 5 Service - (FBackup5Srv) - C:\Program Files (x86)\Softland\FBackup 5\bService.exe -name:"FBackup5Srv" -disp:"FBackup 5 Service"
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service V2 - (ss_conn_service2) - C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service R2: Servizio EaseUS Agent - (EaseUS Agent) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
O23 - Service R2: Wondershare Application Update Service 3.0 - (WsAppService3) - C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
O23 - Service R2: cPhoneSDKCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
O23 - Service R3: BsHelpCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 66,2 sec. - 37434 bytes, CRC32: FFFFFFFF. Sign: 窄▊
Torna in alto
 
carducci
Inviato: Wednesday, February 14, 2024 1:37:09 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
ciao
ho seguito il consiglio di syslack,cancellando la cronologia di Defender le minacce sono sparite.
Fatta una scansione antivirus completa senza trovare minacce.Sembrerebbe che il problema è stato risolto.
grazie a tutti voi.
il log postato va bene?
Torna in alto
 
giza
Inviato: Wednesday, February 14, 2024 4:29:02 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
si, attendiamo il responso dell'esperto su cosa fixare
Torna in alto
 
giza
Inviato: Friday, February 16, 2024 2:32:06 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
intanto fixa tutti gli 04 sono programmi in avvio che si riformano quando li usi. e poi rifai il logo
Torna in alto
 
carducci
Inviato: Friday, February 16, 2024 2:47:38 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
anche gli 04-32 o solo gli 04
Torna in alto
 
giza
Inviato: Friday, February 16, 2024 4:37:00 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
al momento solo gli o4
Torna in alto
 
carducci
Inviato: Friday, February 16, 2024 5:18:43 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
non ho capito come funziona hijack. quando ho fatto partire il programma per fixare, il log era diverso dal precedente. cosa sbaglio o devo comunque fixare i 04



Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19045.4046 (ReleaseId: 2009), Service Pack: 0
Time: 16.02.2024 - 17:10 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Franco (group: Administrator) on FRANCO121152, FirstRun: no

Firefox: 122.0.1.8801
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
1 C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
8 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe
13 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
1 C:\Program Files (x86)\Softland\FBackup 5\bService.exe
1 C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
1 C:\Program Files (x86)\eMule AdunanzA\eMule_AdnzA.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
1 C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.207.500_x64__8wekyb3d8bbwe\olk.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\NisSrv.exe
1 C:\Users\Franco\Desktop\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
71 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\vds.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6B08E15-29E8-45EE-BD0B-65CDD03D0DF0}: [URL] = http://www.it-qqle.com/search?q={searchTerms} - Cerca
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: PXCIEaddin5 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O3-32 - HKLM\..\Toolbar: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O4 - HKCU\..\StartupApproved\Run: [EPLTarget\P0000000000000000] = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YATIBGE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2910 Series" (2017/02/11)
O4 - HKCU\..\StartupApproved\Run: [VideoGuardMonitor] = C:\Users\Franco\AppData\Local\Cisco\VideoGuardPlayer\VideoGuardMonitor\CiscoVideoGuardMonitor.exe (2024/02/14)
O4 - HKLM\..\StartupApproved\Run32: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (2024/02/14)
O4 - HKLM\..\StartupApproved\Run32: [FUFAXRCV] = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (2024/02/14)
O4 - HKLM\..\StartupApproved\Run32: [FUFAXSTM] = C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (2024/02/14)
O4 - HKLM\..\StartupApproved\Run32: [StartCCC] = C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun (2021/10/13)
O4 - HKLM\..\StartupApproved\Run32: [TrayProcess] = C:\Program Files (x86)\EaseUS\Todo Backup\bin\TrayProcess.exe autorun (2024/02/14)
O4 - HKLM\..\StartupApproved\Run: [EPPCCMON] = C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE (2024/02/14)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [BtTray] = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
O16-32 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\SysWow64\skype4com.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NoUACCheck
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-3675411980-2463622579-1685437054-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task: CCleanerSkipUAC - Franco - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task: EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task: HPCustParticipation HP DeskJet 2600 series - C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe /UA 19.6 (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-3675411980-2463622579-1685437054-1001 - C:\Users\Franco\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\WINDOWS\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\WINDOWS\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: ABBYY FineReader 15 Licensing Service - (ABBYY.Licensing.FineReader.15.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe -service
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: BlueSoleilCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service R2: EaseUS UPDATE SERVICE - C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
O23 - Service R2: Easy Connection to Screen - C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
O23 - Service R2: Epson PMAService A - C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: FBackup 5 Service - (FBackup5Srv) - C:\Program Files (x86)\Softland\FBackup 5\bService.exe -name:"FBackup5Srv" -disp:"FBackup 5 Service"
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service V2 - (ss_conn_service2) - C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service R2: Servizio EaseUS Agent - (EaseUS Agent) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
O23 - Service R2: Wondershare Application Update Service 3.0 - (WsAppService3) - C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
O23 - Service R2: cPhoneSDKCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
O23 - Service R3: BsHelpCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 10,3 sec. - 36400 bytes, CRC32: FFFFFFFF. Sign: 䐵䮢
Torna in alto
 
giza
Inviato: Friday, February 16, 2024 6:16:34 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
devi selezionare do a scan only poi spunti le caselle 04 e sotto clicchi su fix

Torna in alto
 
wolfestein
Inviato: Friday, February 16, 2024 6:35:34 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,787
Invece di usare E-Mule ti consiglio qBitTorrent il mulo è antiquato.
Questo non ha bisogno di installazione,lo usi quando ti serve.
Inoltre fai una scansione con ADWCleaner per togliere le eventuali toolbar.
http://software.aiutamici.com/software?ID=11168
Torna in alto
 
carducci
Inviato: Friday, February 16, 2024 6:51:14 PM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
questo è il nuovo log dopo il fix


Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19045.4046 (ReleaseId: 2009), Service Pack: 0
Time: 16.02.2024 - 18:48 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Franco (group: Administrator) on FRANCO121152, FirstRun: no

Firefox: 122.0.1.8801
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
1 C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
8 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe
10 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
1 C:\Program Files (x86)\Softland\FBackup 5\bService.exe
1 C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
1 C:\Program Files (x86)\eMule AdunanzA\eMule_AdnzA.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
1 C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.207.500_x64__8wekyb3d8bbwe\olk.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\NisSrv.exe
1 C:\Users\Franco\Desktop\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\vds.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.19041.3989_none_7ddb45627cb30e03\TiWorker.exe
2 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6B08E15-29E8-45EE-BD0B-65CDD03D0DF0}: [URL] = http://www.it-qqle.com/search?q={searchTerms} - Cerca
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: PXCIEaddin5 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O3-32 - HKLM\..\Toolbar: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O4-32 - HKLM\..\Run: [BtTray] = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
O16-32 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\SysWow64\skype4com.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NoUACCheck
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-3675411980-2463622579-1685437054-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task: CCleanerSkipUAC - Franco - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task: EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task: HPCustParticipation HP DeskJet 2600 series - C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe /UA 19.6 (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-3675411980-2463622579-1685437054-1001 - C:\Users\Franco\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\WINDOWS\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\WINDOWS\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: ABBYY FineReader 15 Licensing Service - (ABBYY.Licensing.FineReader.15.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe -service
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: BlueSoleilCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service R2: EaseUS UPDATE SERVICE - C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
O23 - Service R2: Easy Connection to Screen - C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
O23 - Service R2: Epson PMAService A - C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: FBackup 5 Service - (FBackup5Srv) - C:\Program Files (x86)\Softland\FBackup 5\bService.exe -name:"FBackup5Srv" -disp:"FBackup 5 Service"
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service V2 - (ss_conn_service2) - C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service R2: Servizio EaseUS Agent - (EaseUS Agent) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
O23 - Service R2: Wondershare Application Update Service 3.0 - (WsAppService3) - C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
O23 - Service R2: cPhoneSDKCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
O23 - Service R3: BsHelpCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 10,2 sec. - 34060 bytes, CRC32: FFFFFFFF. Sign: 虬﷊
Torna in alto
 
wolfestein
Inviato: Friday, February 16, 2024 10:10:19 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,787
O3-32 - HKLM\..\Toolbar: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange
Per questa toolbar fai una scansione con ADWCleaner.
O4-32 - HKLM\..\Run: [BtTray] = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
Questa è rimasta in avvio automatico.
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\AVAST Software\Overseer\overseer.exe /from_scheduler:1 (file missing)
Fixa queste due righe.
Non so se usi Avast se si io lo toglierei è un mattone (Defender è più che sufficiente) per farlo devi usare l'apposito tool Avast Clear.
https://www.avast.com/it-it/uninstall-utility#pc
Torna in alto
 
carducci
Inviato: Saturday, February 17, 2024 10:35:45 AM
Rank: AiutAmico

Iscritto dal : 12/29/2005
Posts: 479
ciao wolfestein, non sapevo di avere avast installato nel pc,comunque con avast cleaner ho disinstallato.
adwcleaner non riesce ad eliminare il 3-32 e il 4-32 del log, lo faccio io da Hijachk?




Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Pro), 10.0.19045.4046 (ReleaseId: 2009), Service Pack: 0
Time: 17.02.2024 - 10:26 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Franco (group: Administrator) on FRANCO121152, FirstRun: no

Firefox: 122.0.1.8801
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMA.exe
1 C:\Program Files (x86)\EPSON Software\PMA_A\PMAService.exe
1 C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
1 C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
1 C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
8 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\121.0.2277.112\msedgewebview2.exe
13 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
1 C:\Program Files (x86)\Softland\FBackup 5\bService.exe
1 C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mep.exe
1 C:\Program Files (x86)\epson\MyEpson Portal\mepService.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Macrium\Common\MacriumService.exe
1 C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
1 C:\Program Files\WindowsApps\Microsoft.OutlookForWindows_1.2024.207.500_x64__8wekyb3d8bbwe\olk.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2311.0.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.24012.86.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxCalendarAppImm.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.14326.21830.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\NisSrv.exe
1 C:\Users\Franco\AppData\Local\Microsoft\OneDrive\24.020.0128.0003\Microsoft.SharePoint.exe
1 C:\Users\Franco\Desktop\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\vds.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B6B08E15-29E8-45EE-BD0B-65CDD03D0DF0}: [URL] = http://www.it-qqle.com/search?q={searchTerms} - Cerca
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\121.0.2277.112\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: PXCIEaddin5 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O3-32 - HKLM\..\Toolbar: PDFXChange 2012 - {42DFA04F-0F16-418e-B80C-AB97A5AFAD3A} - C:\Program Files\Tracker Software\PDF-XChange 5\Win32\PXCIEaddin5.dll
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] = C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Franco\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] = C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Franco\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 24.015.0121.0003] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Franco\AppData\Local\Microsoft\OneDrive\24.015.0121.0003"
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_CD59F96E9A75DD4AC719E078EC587A0B] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2024/02/14)
O4-32 - HKLM\..\Run: [BtTray] = C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe
O16-32 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{dda91051-37d0-4d8b-babb-0ee16391795b}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\SysWow64\skype4com.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (Not scheduled) CCleanerCrashReporting.job - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task (.job): (Not scheduled) EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NoUACCheck
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery EngagedRebootReminder (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-3675411980-2463622579-1685437054-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerCrashReporting - C:\Program Files\CCleaner\CCleanerBugReport.exe --product 90 --send dumps|report --path "C:\Program Files\CCleaner\LOG" --programpath "C:\Program Files\CCleaner" --guid "5ab45097-2c63-4766-ae0d-12389f851c74" --version "6.20.10897" --silent
O22 - Task: CCleanerSkipUAC - Franco - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EPSON WF-2910 Series Update {471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{471CB5D1-7812-4EB8-AB8C-83ABFF84DAA8}" /F:"Update"
O22 - Task: EPSON WF-2910 Series Update {C53FF9B3-2B66-47D6-BF57-FAA0268D675C} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E1YTSBGE.EXE /EXE:"{C53FF9B3-2B66-47D6-BF57-FAA0268D675C}" /F:"Update"
O22 - Task: HPCustParticipation HP DeskJet 2600 series - C:\Program Files\HP\HP DeskJet 2600 series\Bin\HPCustPartic.exe /UA 19.6 (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-3675411980-2463622579-1685437054-1001 - C:\Users\Franco\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: PrivaZer_SkipUAC - C:\Program Files (x86)\PrivaZer\PrivaZer.exe $(Arg0)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Printing\PrinterCleanupTask - {C56F065E-DE49-4E42-BE7C-305C45609D25} - C:\WINDOWS\System32\PrinterCleanupTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Shell\ThemesSyncedImageDownload - {79F8E185-4E45-4B74-8182-02AA430661E4} - C:\WINDOWS\System32\Themes.SsfDownload.ScheduledTask.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Install - C:\WINDOWS\system32\usoclient.exe StartInstall (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: ABBYY FineReader 15 Licensing Service - (ABBYY.Licensing.FineReader.15.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReader\15\Licensing\NetworkLicenseServer.exe -service
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: BlueSoleilCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service R2: EaseUS UPDATE SERVICE - C:\Program Files (x86)\EaseUS\ENS\ensserver.exe
O23 - Service R2: Easy Connection to Screen - C:\Program Files\Samsung\Easy Connection to Screen\Service.exe
O23 - Service R2: Epson PMAService A - C:\Program Files (x86)\Epson Software\PMA_A\PMAService.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: FBackup 5 Service - (FBackup5Srv) - C:\Program Files (x86)\Softland\FBackup 5\bService.exe -name:"FBackup5Srv" -disp:"FBackup 5 Service"
O23 - Service R2: Macrium Service - (MacriumService) - C:\Program Files\Macrium\Common\MacriumService.exe
O23 - Service R2: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service V2 - (ss_conn_service2) - C:\Program Files (x86)\Samsung\USB Drivers\28_ssconn2\conn\ss_conn_service2.exe
O23 - Service R2: Servizio EaseUS Agent - (EaseUS Agent) - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24010.7-0\MpDefenderCoreService.exe
O23 - Service R2: Wondershare Application Update Service 3.0 - (WsAppService3) - C:\Program Files (x86)\Wondershare\WAF3\3.0.0.308\WsAppService3.exe
O23 - Service R2: cPhoneSDKCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\cPhoneSDKCS.exe
O23 - Service R3: BsHelpCS - C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE


--
End of file - Time spent: 10 sec. - 34848 bytes, CRC32: FFFFFFFF. Sign: ຮ�
Torna in alto
 
giza
Inviato: Saturday, February 17, 2024 3:40:33 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
si, e fixa anche R4 search scope
Torna in alto
 
Utenti presenti in questo topic
Guest

3 pages: 1 [2] 3

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » pc infetto


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.