Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » ho mica un virus...??

2 pages: [1] 2
ho mica un virus...?? Opzioni
Topic Precedente · Topic Sucessivo
giusi75
Inviato: Monday, March 11, 2024 6:35:05 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
salve posto il mio hijackthis
temo di avere un virus...
potreste dargli una occhiata?
grazie di cuore :

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.4123 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 11.03.2024 - 12:08 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on PC, FirstRun: yes

Chrome: 115.0.5790.171
Firefox: 123.0.1.8829
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files (x86)\Softland\FBackup 9\bService.exe
1 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\WindowsApps\AD2F1837.HPDisplayCenter_1.0.68.0_x64__v10z8vjag6ke6\HPDisplayCenter.exe
2 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmptrap.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
77 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 D:\DESKTOP\ANTIVIRUS\HiJackThis_2.10.0.13\HiJackThis_2.10.0.13.exe
1 D:\DESKTOP\BROWSERS\Windscribe\WindscribeService.exe
1 N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe -> (PE EXE) (2023/03/10)
O4 - HKLM\..\StartupApproved\Run: [MouseDriver] = C:\WINDOWS\system32\TiltWheelMouse.exe (2020/06/19)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2022/11/27)
O4 - HKLM\..\StartupApproved\Run: [SafeDiveCertMgm] = C:\WINDOWS\system32\rundll32.exe stCNSUtil.dll,DeleteCertStore (2022/02/21)
O4 - HKLM\..\StartupApproved\Run32: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (2020/06/27)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEExt.htm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica tutti i link con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEGetAll.htm (file missing)
O17 - DHCP DNS 1: 127.0.0.1
O17 - DHCP DNS 2: 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O21 - HKLM\..\ShellIconOverlayIdentifiers\AutorunsDisabled: (no name) - - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing)
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft) (user missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-875700017-217750280-4135200879-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) CIE Middleware Update - C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\CIEPKI.dll",Update
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -f:DoScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-875700017-217750280-4135200879-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Softland\FBackup 9\fba_Desktop Backup - C:\Program Files (x86)\Softland\FBackup 9\bSchedStarter.EXE /HIDE /R "{35B1880B-8428-46F8-ADD4-B5FC1D5CC6E1}" -PRIORITY 2
O23 - Service R2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
O23 - Service R2: Diskeeper - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service R2: DNSCrypt client proxy - (dnscrypt-proxy) - N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe -config dnscrypt-proxy.toml
O23 - Service R2: FBackup 9 Service - (FBackup9Srv) - C:\Program Files (x86)\Softland\FBackup 9\bService.exe -name:"FBackup9Srv" -disp:"FBackup 9 Service"
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: Windscribe Service - (WindscribeService) - D:/DESKTOP/BROWSERS/Windscribe/WindscribeService.exe
O23 - Service S2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (file missing)
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe "C:\Program Files\Proton\VPN\v3.2.10\ServiceData\WireGuard\ProtonVPN.conf"
O23 - Service S3: VirtualBox system service - (VBoxSDS) - c:\myVirtualBox\VBoxSDS.exe
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
O23 - Service S3: Wondershare Install Assist Service - (Wondershare InstallAssist) - C:\ProgramData\Wondershare\Service\InstallAssistService.exe


--
End of file - Time spent: 12,6 sec. - 24452 bytes, CRC32: FFFFFFFF. Sign: 惸糇
Torna in alto
 
Sponsor
Inviato: Monday, March 11, 2024 6:35:05 PM

 
Torna in alto
 
giza
Inviato: Tuesday, March 12, 2024 9:16:07 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
fai tutto quello indicato qui, poi fixa gli o4 e riposta il log di HiJackThis

http://forum.aiutamici.com/yaf_postst96025_ELIMINARE-PAGINE-PUBBLICITARIE-E-PORCHERIE-VARIE-E-PULIRE-SISTEMA.aspx
Torna in alto
 
giusi75
Inviato: Tuesday, March 12, 2024 3:14:25 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
innanzitutto grazie
si ho già eseguito le istruzioni della pagina linkata
gli 04 sono programmi che ho in avvio da anni sul pc
riguardano il monitor hp,il mio mouse,la mia scheda audio,e i lettori carta sanitaria e carta identità elettronica
vorrei sapere se trovate altre cose strane ecco il mio nuovo log:

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.4123 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 11.03.2024 - 19:47 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on PC, FirstRun: yes

Chrome: 115.0.5790.171
Firefox: 123.0.1.8829
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files (x86)\Softland\FBackup 9\bService.exe
1 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\WindowsApps\AD2F1837.HPDisplayCenter_1.0.68.0_x64__v10z8vjag6ke6\HPDisplayCenter.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MpCmdRun.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.23110.3-0\MsMpEng.exe
2 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmptrap.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
75 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 D:\DESKTOP\ANTIVIRUS\HiJackThis_2.10.0.13\HiJackThis_2.10.0.13.exe
1 D:\DESKTOP\BROWSERS\Windscribe\WindscribeService.exe
1 N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe -> (PE EXE) (2023/03/10)
O4 - HKLM\..\StartupApproved\Run: [MouseDriver] = C:\WINDOWS\system32\TiltWheelMouse.exe (2020/06/19)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2022/11/27)
O4 - HKLM\..\StartupApproved\Run: [SafeDiveCertMgm] = C:\WINDOWS\system32\rundll32.exe stCNSUtil.dll,DeleteCertStore (2022/02/21)
O4 - HKLM\..\StartupApproved\Run32: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (2020/06/27)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEExt.htm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica tutti i link con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEGetAll.htm (file missing)
O17 - DHCP DNS 1: 127.0.0.1
O17 - DHCP DNS 2: 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O21 - HKLM\..\ShellIconOverlayIdentifiers\AutorunsDisabled: (no name) - - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-875700017-217750280-4135200879-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) CIE Middleware Update - C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\CIEPKI.dll",Update
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-875700017-217750280-4135200879-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Softland\FBackup 9\fba_Desktop Backup - C:\Program Files (x86)\Softland\FBackup 9\bSchedStarter.EXE /HIDE /R "{35B1880B-8428-46F8-ADD4-B5FC1D5CC6E1}" -PRIORITY 2
O22 - Task: EOSv3 Scheduler onTime - C:\Users\Luca\AppData\Local\ESET\ESETOnlineScanner\ESETOnlineScanner.exe SCHED
O23 - Service R2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
O23 - Service R2: Diskeeper - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service R2: DNSCrypt client proxy - (dnscrypt-proxy) - N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe -config dnscrypt-proxy.toml
O23 - Service R2: FBackup 9 Service - (FBackup9Srv) - C:\Program Files (x86)\Softland\FBackup 9\bService.exe -name:"FBackup9Srv" -disp:"FBackup 9 Service"
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: Windscribe Service - (WindscribeService) - D:/DESKTOP/BROWSERS/Windscribe/WindscribeService.exe
O23 - Service S2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (file missing)
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe "C:\Program Files\Proton\VPN\v3.2.10\ServiceData\WireGuard\ProtonVPN.conf"
O23 - Service S3: VirtualBox system service - (VBoxSDS) - c:\myVirtualBox\VBoxSDS.exe
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
O23 - Service S3: Wondershare Install Assist Service - (Wondershare InstallAssist) - C:\ProgramData\Wondershare\Service\InstallAssistService.exe


--
End of file - Time spent: 13,9 sec. - 22716 bytes, CRC32: FFFFFFFF. Sign: 掂ᮧ


grazie della vostra attenzione e del vostro prezioso aiuto
Torna in alto
 
giza
Inviato: Tuesday, March 12, 2024 4:59:05 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
gli o4 li puoi fixare si ricreano quando li usi.
Torna in alto
 
giusi75
Inviato: Tuesday, March 12, 2024 9:56:40 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
ancora grazie
ma apparte quelli , i 5 processi 04
vedete cose strane o anomale..?
perchè da giorni dopo il winlogon cioè la schermata di blocco del pc che passo sempre senza password dato che l'ho eliminata
per cui allo start mi carica subito il mio desktop
ma da qualche giorno prima del desktop mi appare la videata che mi chiede la password del mio account ms
non è bloccante
basta cliccare sulla freccia bianca in alto alla sn e mi appare il desktop
ma ripeto è una novità...
allora facendo ulteriori prove mi accorgo che anche se killo explorer.exe in task e dopo lo rilancio mi appare tale videata di richiesta passw di ms
anche questa cosa mai accaduta in passato
per cui è un' issue legata a explorer.exe, che è il processo che winlogon richiama allo start per caricare il desktop
ecco non vorrei avere proprio un virus in explorer exe
ho fatto anche ben 4 deep scans con malwarebytes, mi ha impiegato più di 8 ore...
,f secure,eset e infine mcafee stinger e tutto sembra pulito....
grazie per l'attenzione
Torna in alto
 
giusi75
Inviato: Friday, March 15, 2024 10:53:43 AM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
...quindi niente di anomalo nel miom hijackthis...??
Torna in alto
 
giza
Inviato: Friday, March 15, 2024 3:18:32 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,430
devi aspettare l'amico esperto.
Torna in alto
 
maopapof
Inviato: Wednesday, March 20, 2024 3:10:48 AM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
CIAO ............. :O)

punto di ripristino per salvare e non fare disastri durante la pulizia del pc

scarica adwcleaner ................ scansiona il pc e pulisci tutto quello che ti consiglia ....... dopo spegni il pc

riaccendi in modalità provvisoria e fai scansione con defender o altro antivirus che hai sul pc ( VIETATO AVERNE DUE ATTIVI )

spegni e riaccendi e vedi come va il pc

ricorda di non mettere file pesanti sul desktop ..... eventualmente mettili in documenti e poi li rindirizzi sul desk solo con l'icona ( invia a .... )

ciao e fai sapere

scarica
Torna in alto
 
giusi75
Inviato: Wednesday, March 20, 2024 1:39:02 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
innanzitutto grazie
allora queste istruzioni le ho già seguite...
tra parentesi adwcleaner non è neppure parente ,ahimè, di quello pre-acquisizione da parte di malwarebytes....
poi ho fatto deep scans sia con malwarebytes, più di 8 ore...,
...che con eset on line che che f secure che con macafee stinger
...il risultato è che il pc non ha virus o adweare o spyware...
a me interesserebbe se deste comunque un occhiata al log di hijackthis che ho postato
e, a parte gli 04 di avvio
se vedete qualche altra cosa di fixare
grazie ancora
Torna in alto
 
maopapof
Inviato: Wednesday, March 20, 2024 7:59:04 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
hijackthis ....................... per win 10 è inutile

................... ps ...... su esegui, scrivi winver ed avvia

posta l'immagine
Torna in alto
 
giusi75
Inviato: Thursday, March 21, 2024 2:59:53 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
Torna in alto
 
maopapof
Inviato: Friday, March 22, 2024 2:03:19 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
vai gestione attività ..... fai schermata su processi e fai schermata su avvio

il pc cosa è, per caso lenovo notebook ?
ti risulta lento in accensione ?...... oppure lento , ..... quando ?

che problemi pensi di avere sul tuopc ?
Torna in alto
 
wolfestein
Inviato: Friday, March 22, 2024 7:17:07 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,787
Altro consiglio:Vai in C:Windows cerca la cartella Prefetch aprila e svuotala tranne la cartella ReadyBost(anche se al riavvio si ricrea)Se qualche file non si elimina niente di anormale vuol dire che è in uso.
Dopo vai su Esegui e digita questa stringa %temp% si aprirà la cartella dei file temporanei svuotala,quindi svuota il cestino riavvia il pc e vedi come va.
Torna in alto
 
giusi75
Inviato: Saturday, March 23, 2024 12:12:56 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
fatto tutto
e disattivati tutti i processi in avvio in task processi avvio
ma il mio log di hijackthis...??
Torna in alto
 
maopapof
Inviato: Saturday, March 23, 2024 9:01:13 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
@........... ma il mio log di hijackthis...??

prova ad usarlo per farti una supposta usa e getta :o)
Torna in alto
 
giusi75
Inviato: Sunday, March 24, 2024 9:42:49 AM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
maopapof ha scritto:
@........... ma il mio log di hijackthis...??

prova ad usarlo per farti una supposta usa e getta :o)

se Lei non è in grado di anal-izzarlo...
non occorre che mostri comunque il suo elevatissimo grado di educazione....
Torna in alto
 
maopapof
Inviato: Sunday, March 24, 2024 11:37:55 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
@ luca

ti avevo risposto, nel post precedente

comunque riposta l'analisi aggiornata di hijackthis, ( soft ultima edizione 2010 -11)
che se realmente hai fatto cio che ti era stato detto di fare,
certamente è cambiato nell'analisi, rispetto a quello che avevi postato ad inizio del post

peraltro scrivi che problemi riscontri sul pc

saluti :O)


PS - LE VOCI riportate in definitiva utilizzando hyk

R0, R1, R2, R3. trattano aree del sistema
F0, F1, F2, F3. tratta i programma che vengono avviati automaticamente
N1, N2, N3, N4. tratta gli elementi con riferimento alla pagina iniziale
etc etc

attualmente file spazzatura, barre supplementari di ricerca, malware e virus vengono eliminati con programmi specifici
ecco perchè ti avevo scritto che oramai HYK non lo si usa più
(anche perchè si consiglia prima di spuntare delle voci da eliminare , FARE PRIMA UN PUNTO DI RIPRISTINO O BK ),
attualmente si preferisce utilizzare altri soft , più potenti e più specifici per i problemi riscontrati del pc
Torna in alto
 
giusi75
Inviato: Monday, March 25, 2024 3:55:48 PM
Rank: AiutAmico

Iscritto dal : 8/19/2015
Posts: 245
ecco l'ultimo log, ripeto che le voci 04 le ho disattivate e comunque sono super controllate,trusted e soprattutto stanno sul pc da anni
il problema: da un paio di settimane allo start del pc prima che appaia il desktop mi appare la maschera di log in al mio account ms
stessa cosa se chiudo explorer.exe in task e poi lo rilancio
cosa MAI accaduta
e io accedo come utente locale al mio pc, sono unico utente quindi admin
ho win 10 home 64 ecco il log:

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.4170 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 25.03.2024 - 15:48 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on PC, FirstRun: yes

Chrome: 115.0.5790.171
Firefox: 123.0.1.8829
Internet Explorer: 11.0.19041.3636
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
1 C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
1 C:\Program Files (x86)\Softland\FBackup 9\bService.exe
1 C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.exe
1 C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe
2 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
3 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmptrap.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 D:\DESKTOP\ANTIVIRUS\HiJackThis_2.10.0.13\HiJackThis_2.10.0.13.exe
13 D:\DESKTOP\BROWSERS\FIREFOX\FirefoxPortable\App\Firefox64\firefox.exe
1 D:\DESKTOP\BROWSERS\FIREFOX\FirefoxPortable\FirefoxPortable.exe
1 D:\DESKTOP\BROWSERS\Windscribe\WindscribeService.exe
1 N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe
1 N:\DESKTOP\VIDEO\CATTURA VIDEO\Free Download Manager\fdm.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Luca\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hpqtra08.exe -> (PE EXE) (2023/03/10)
O4 - HKLM\..\StartupApproved\Run: [MouseDriver] = C:\WINDOWS\system32\TiltWheelMouse.exe (2020/06/19)
O4 - HKLM\..\StartupApproved\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2022/11/27)
O4 - HKLM\..\StartupApproved\Run: [SafeDiveCertMgm] = C:\WINDOWS\system32\rundll32.exe stCNSUtil.dll,DeleteCertStore (2022/02/21)
O4 - HKLM\..\StartupApproved\Run32: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (2020/06/27)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (Sign: 'Realtek Semiconductor Corp')
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEExt.htm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica tutti i link con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEGetAll.htm (file missing)
O17 - DHCP DNS 1: 127.0.0.1
O17 - DHCP DNS 2: 9.9.9.9 (Well-known DNS: Quad9)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{3b997113-d581-4c48-9a3c-6a5f7a071715}: [NameServer] = 9.9.9.9 (Well-known DNS: Quad9)
O21 - HKLM\..\ShellIconOverlayIdentifiers\AutorunsDisabled: (no name) - - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Agent Activation Runtime (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\HP (empty)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) CIE Middleware Update - C:\WINDOWS\system32\rundll32.exe "C:\WINDOWS\system32\CIEPKI.dll",Update
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\PI\SecureBootEncodeUEFI - C:\WINDOWS\system32\SecureBootEncodeUEFI.exe (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (file missing)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-875700017-217750280-4135200879-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Softland\FBackup 9\fba_Desktop Backup - C:\Program Files (x86)\Softland\FBackup 9\bSchedStarter.EXE /HIDE /R "{35B1880B-8428-46F8-ADD4-B5FC1D5CC6E1}" -PRIORITY 2
O22 - Task: OneDrive Standalone Update Task-S-1-5-21-1915721136-1638656335-3578974293-500 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe (file missing)
O23 - Service R2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI\AOMEI Backupper\7.3.3\ABService.exe
O23 - Service R2: Diskeeper - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service R2: DNSCrypt client proxy - (dnscrypt-proxy) - N:\DESKTOP\PC\Dns\dnscrypt-proxy\dnscrypt-proxy.exe -config dnscrypt-proxy.toml
O23 - Service R2: FBackup 9 Service - (FBackup9Srv) - C:\Program Files (x86)\Softland\FBackup 9\bService.exe -name:"FBackup9Srv" -disp:"FBackup 9 Service"
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: Windscribe Service - (WindscribeService) - D:/DESKTOP/BROWSERS/Windscribe/WindscribeService.exe
O23 - Service R3: ProtonVPN Service - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPNService.exe
O23 - Service S2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\system32\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (file missing)
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: ProtonVPN WireGuard - C:\Program Files\Proton\VPN\v3.2.10\ProtonVPN.WireGuardService.exe "C:\Program Files\Proton\VPN\v3.2.10\ServiceData\WireGuard\ProtonVPN.conf"
O23 - Service S3: VirtualBox system service - (VBoxSDS) - c:\myVirtualBox\VBoxSDS.exe
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.225\WsAppService.exe
O23 - Service S3: Wondershare Install Assist Service - (Wondershare InstallAssist) - C:\ProgramData\Wondershare\Service\InstallAssistService.exe


--
End of file - Time spent: 12,7 sec. - 22802 bytes, CRC32: FFFFFFFF. Sign: ꎲ
Torna in alto
 
maopapof
Inviato: Monday, March 25, 2024 10:01:32 PM

Rank: AiutAmico

Iscritto dal : 10/31/2004
Posts: 7,178
creati un punto di ripristino

SPEGNI E RIACCENDI

UTILIZZA anche se prende tanto tempo ....
http://software.aiutamici.com/software?ID=10228 PrivaZer(Scegli la versione AUP non ha bisogno di installazione

SPEGNI E RIACCENDI

con hjk , ........ fixa questi


O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEExt.htm (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Scarica tutti i link con IDM: (default) = N:\DESKTOP\VIDEO\CATTURA VIDEO\Internet Download Manager 6.4.1\App\IDM\IEGetAll.htm (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\AutorunsDisabled: (no name) - - (no file)


SPEGNI E RIACCENDI


come va il pc ?


da quanto tempo non formatti il pc ?
la partizione C quanto è grande ?
che programmi usi per la pulizia
hai bk o immagini conservati in C ?
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » ho mica un virus...??


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.