Importante Richiesta controllo Logfile of HijackThis (Versione 2.10.0.31) del 06/05/2023

VIANELLO_85 · 19 Luglio 2021

Eliminerei questi e aggiorna firefox.

O1 - Hosts.ICS: 192.168.137.199 iPad-di-Utente.mshome.net # 2021 7 1 26 9 17 51 925
O1 - Hosts.ICS: 192.168.137.227 iPhonedessandro.mshome.net # 2021 7 1 26 9 17 8 967
O1 - Hosts.ICS: 192.168.137.1 TECH-GA-42.mshome.net # 2026 7 6 18 9 17 51 925
O1 - Hosts.ICS: 20
O1 - Hosts.ICS: 192.168.137.1 TECH-GA-42.mshome.net # 2025 12 3 3 14 22 47 152
O1 - Hosts.ICS: 71
O1 - Hosts.ICS: 52
O1 - Hosts.ICS: 570
O1 - Hosts.ICS: 120
O1 - Hosts.ICS: 192.168.137.1 TECH-GA-42.mshome.net # 2025 12 3 3 14 22 47 152

Che problemi ti da il pc?

Alessandro1987 · 19 Luglio 2021

Grazie.

Da qualche ora ha iniziato ad avere problemi di reattività con frequenti "blocchi" delle app office e Adobe Reader.

Malwarebytes è attivo in tempo reale (licenziato) e non rileva nulla, ma qualcosa pare non andare.

Non navigo in siti non sicuri e non ci sono programmi "strani" installati, ma non si sa mai, ci sono vulnerabilità ovunque :icon_bounce:

Vedo anche di rimpiazzare adobe reader con qualche altro lettore.

jolly · 16 Settembre 2021

Buonasera, mi appaiono banner pubblicitari, per favore vi incollo il file log, grazie

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 8.1 (Pro), 6.3.9600.20094, Service Pack: 0
Time: 16.09.2021 - 19:59 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Gianluca (group: Administrator) on PC-CASA, FirstRun: yes

Chrome: 93.0.4577.63
Internet Explorer: 11.0.9600.20091
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
1 C:\Program Files (x86)\Avira\Antivirus\avguard.exe
2 C:\Program Files (x86)\Avira\Antivirus\avscan.exe
1 C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
1 C:\Program Files (x86)\Avira\Antivirus\protectedservice.exe
1 C:\Program Files (x86)\Avira\Antivirus\sched.exe
1 C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
1 C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
1 C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
1 C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
1 C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
1 C:\Program Files (x86)\Avira\VPN\Avira.WebAppHost.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
2 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\Google\Update\Install\{C85FAE6B-1003-445B-B479-360502D5C926}\93.0.4577.82_93.0.4577.63_chrome_updater.exe
2 C:\Program Files (x86)\Google\Update\Install\{C85FAE6B-1003-445B-B479-360502D5C926}\CR_44E55.tmp\setup.exe
1 C:\Program Files\Classic Shell\ClassicStartMenu.exe
23 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Users\Gianluca\Desktop\HiJackThis\HiJackThis.exe
2 C:\Windows\System32\CompatTelRunner.exe
1 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\taskhostex.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\Temp\A4A6FC3D-E06E-4A90-B119-647B9002DF91\DismHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.19991_none_fa0fb7959b4c8c91\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = https://www.msn.com/it-it/?ocid=iehp
O2 - HKLM\..\BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
O2 - HKLM\..\BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
O2-32 - HKLM\..\BHO: ClassicIEBHO Class - {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
O2-32 - HKLM\..\BHO: ExplorerBHO Class - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O3 - HKLM\..\Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
O3-32 - HKLM\..\Toolbar: Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2021/04/12)
O4 - HKLM\..\Run: [Classic Start Menu] = C:\Program Files\Classic Shell\ClassicStartMenu.exe -autorun
O9 - Button: HKLM\..\{56753E59-AF1D-4FBA-9E15-31557124ADA2}: (no name) - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9 - Tools menu item: HKLM\..\{56753E59-AF1D-4FBA-9E15-31557124ADA2}: Classic IE Settings - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9-32 - Button: HKLM\..\{56753E59-AF1D-4FBA-9E15-31557124ADA2}: (no name) - C:\Program Files\Classic Shell\ClassicIE_32.exe
O9-32 - Tools menu item: HKLM\..\{56753E59-AF1D-4FBA-9E15-31557124ADA2}: Classic IE Settings - C:\Program Files\Classic Shell\ClassicIE_32.exe
O17 - DHCP DNS 1: 172.20.10.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ShareOverlay: ShareOverlay Class - {594D4122-1F87-41E2-96C7-825FB4796516} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ShareOverlay: ShareOverlay Class - {594D4122-1F87-41E2-96C7-825FB4796516} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\CompatTelRunner.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\Windows\system32\compattel\DiagTrackRunner.exe /UploadEtlFilesOnly (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\ProgramDataUpdater - C:\Windows\system32\CompatTelRunner.exe -maintenance (Microsoft)
O22 - Task: AviraSystemSpeedupUpdate - C:\ProgramData\Avira\SystemSpeedup\Update\avira_speedup_setup_update.exe /VERIFY /VERYSILENT /NOSTART /NODOTNET /NORESTART
O22 - Task: Avira_Antivirus_Systray - C:\Program Files (x86)\Avira\Antivirus\avgnt.exe /min
O22 - Task: Avira_Security_Service_SCM_Watchdog - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.Worker.exe HandleServiceControlManagerEvent 7000
O22 - Task: Avira_Security_Systray - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Systray.Application.exe
O22 - Task: Avira_Security_Update - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Common.Updater.exe /CheckAndInstall
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O23 - Service R2: Avira Optimizer Host - (AviraOptimizerHost) - C:\Program Files (x86)\Avira\Optimizer Host\Avira.OptimizerHost.exe
O23 - Service R2: Avira Phantom VPN - (AviraPhantomVPN) - C:\Program Files (x86)\Avira\VPN\Avira.VpnService.exe
O23 - Service R2: Avira Pianificatore - (AntiVirSchedulerService) - C:\Program Files (x86)\Avira\Antivirus\sched.exe
O23 - Service R2: Avira Protezione in tempo reale - (AntiVirService) - C:\Program Files (x86)\Avira\Antivirus\avguard.exe
O23 - Service R2: Avira Security - (AviraSecurity) - C:\Program Files (x86)\Avira\Security\Avira.Spotlight.Service.exe
O23 - Service R2: Avira Servizio protetto - (AntivirProtectedService) - C:\Program Files (x86)\Avira\Antivirus\ProtectedService.exe
O23 - Service R2: Avira Updater Service - (AviraUpdaterService) - C:\Program Files (x86)\Avira\SoftwareUpdater\Avira.SoftwareUpdater.ServiceHost.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Avira Protezione email - (AntiVirMailService) - C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe
O23 - Service S2: Avira Protezione web - (AntiVirWebService) - C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\93.0.4577.63\elevation_service.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc

--
End of file - Time spent: 93,1 sec. - 17220 bytes, CRC32: FFFFFFFF. Sign: ┙惢

VIANELLO_85 · 16 Settembre 2021

Eliminerei

O17 - DHCP DNS 1: 172.20.10.1

Poi svuoterei cartella temp e cache del browser.

ERCOLINO · 16 Settembre 2021

Cancella completamente cache e cookies dei browser.

Poi cancella tutto il contenuto della cartella Temp

C:Windows/temp

ClassicStartMenu.exe l'hai messo tu?

Hai cambiato IP della rete interna del Modem?

jolly · 16 Settembre 2021

ERCOLINO ha scritto:
Cancella completamente cache e cookies dei browser.

Poi cancella tutto il contenuto della cartella Temp

C:Windows/temp

ClassicStartMenu.exe l'hai messo tu?

Hai cambiato IP della rete interna del Modem?

Si ho installato io Classic Menu.

Per quanto riguarda l'ip non saprei, forse perchè stasera sono fuori e navigo con il pc connesso con l'hotspot del cellulare?

Grazie ragazzi, buonaserata

ERCOLINO · 16 Settembre 2021

Si è quello

cslash89 · 23 Settembre 2021

Buonasera, ho un problema con virus "Behavior:Win32/SuspCopy.B" potete dare un'occhiata al log file per capire se c'è qualche problema?
Ringrazio anticipatamente

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.102\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
1 C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
1 C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
1 C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\cncmd.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
1 C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
1 C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
1 C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
1 C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
1 C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
1 C:\Program Files\Intel\ConnectCenter\bin\CCFManager.exe
1 C:\Program Files\Microsoft Office\root\Office16\SDXHelper.exe
7 C:\Program Files\Mozilla Firefox\firefox.exe
2 C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2108.25001.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservices.exe
1 C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\gamingservicesnet.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.2103.8.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12107.1001.15.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21084.67.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.21061.10121.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MpCopyAccelerator.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2108.7-0\NisSrv.exe
1 C:\Users\Cosmo\Documents\Cosmo\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\SysWOW64\dllhost.exe
2 C:\Windows\SysWOW64\svchost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\DbxSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0366400.inf_amd64_4021c2cb607d5b92\B366217\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0366400.inf_amd64_4021c2cb607d5b92\B366217\atiesrxx.exe
9 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\bitsadmin.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\notepad.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\rundll32.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
88 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\InputApp\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 C:\Windows\explorer.exe
1 C:\Windows\runSW.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page Redirect Cache] = https://www.msn.com/it-it/?pc=UE01&ocid=UE01DHP
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\BHO\ie_to_edge_bho.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\Cosmo\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (2021/08/12)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Cosmo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ecocerved SmartCardManager.lnk -> C:\Users\Cosmo\AppData\Local\Ecocerved.SmartCardManager\Ecocerved.SmartCardMaganer.exe (2018/04/26)
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Cosmo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (2017/10/27)
O4 - HKLM\..\Run: [IntelConnectCenter] = C:\Program Files\Intel\ConnectCenter\bin\ICCLauncher.exe /tasktrayonly
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\WINDOWS\system32\bit4upki-store.dll "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer
O4 - HKLM\..\StartupApproved\Run32: [DropboxOEM] = C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe auto (2019/09/28)
O4 - HKLM\..\StartupApproved\Run32: [Dropbox] = C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /systemstartup (2019/09/28)
O4 - HKLM\..\StartupApproved\Run32: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (2017/10/19)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [HP Software Update] = C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\WINDOWS\SysWOW64\RUNDLL32.EXE "C:\WINDOWS\system32\bit4upki-store.dll",RunImportServer
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&sporta in Microsoft Excel: (default) = C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll (file missing)
O9 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Viene lanciato HP Network Check, che aiuta a risolvere i problemi di connessione - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Button: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (file missing)
O9 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Network Check (Controllo rete HP) - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Tools menu item: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (file missing)
O9-32 - Button: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9-32 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Viene lanciato HP Network Check, che aiuta a risolvere i problemi di connessione - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Tools menu item: HKLM\..\{22CC3EBD-C286-43aa-B8E6-06B115F74162}: HP Smart Print - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
O9-32 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Network Check (Controllo rete HP) - C:\Program Files (x86)\HP\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_221-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-00221-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_221-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_221-windows-i586.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{e404c534-e4a2-4b2e-9c8d-2178e30b7715}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{e404c534-e4a2-4b2e-9c8d-2178e30b7715}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt64.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt01: DropboxExt1 Class - {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt02: DropboxExt7 Class - {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt03: DropboxExt9 Class - {FB314EE1-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt04: DropboxExt3 Class - {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt05: DropboxExt2 Class - {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt06: DropboxExt4 Class - {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt07: DropboxExt5 Class - {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt08: DropboxExt8 Class - {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt09: DropboxExt10 Class - {FB314EE2-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ DropboxExt10: DropboxExt6 Class - {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} - C:\Program Files (x86)\Dropbox\Client\DropboxExt.48.0.dll
O22 - Task (.job): (disabled) (Not scheduled) DropboxUpdateTaskMachineCore.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /c
O22 - Task (.job): (disabled) (Not scheduled) DropboxUpdateTaskMachineUA.job - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /ua /installsource scheduler
O23 - Service R2: HP SimplePass Service - (omniserv) - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\system32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0366400.inf_amd64_4021c2cb607d5b92\B366217\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Cyberlink RichVideo64 Service(CRVS) - (RichVideo64) - C:\Program Files\CyberLink\Shared files\RichVideo64.exe
O23 - Service R2: DbxSvc - C:\WINDOWS\system32\DbxSvc.exe
O23 - Service R2: Gaming Services - (GamingServices) - C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\GamingServices.exe
O23 - Service R2: Gaming Services - (GamingServicesNet) - C:\Program Files\WindowsApps\Microsoft.GamingServices_2.56.11001.0_x64__8wekyb3d8bbwe\GamingServicesNet.exe
O23 - Service R2: HP App Helper HSA Service - (HPAppHelperCap) - C:\Program Files\HP\HP Enabling Services\AppHelperCap.exe
O23 - Service R2: HP Diagnostics HSA Service - (HPDiagsCap) - C:\Program Files\HP\HP Enabling Services\DiagsCap.exe
O23 - Service R2: HP Network HSA Service - (HPNetworkCap) - C:\Program Files\HP\HP Enabling Services\NetworkCap.exe
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
O23 - Service R2: HP Support Solutions Framework Service - (HPSupportSolutionsFrameworkService) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service R2: HP System Info HSA Service - (HPSysInfoCap) - C:\Program Files\HP\HP Enabling Services\SysInfoCap.exe
O23 - Service R2: MySQL80 - C:\Program Files\MySQL\MySQL Server 8.0\bin\mysqld.exe --defaults-file="C:\ProgramData\MySQL\MySQL Server 8.0\my.ini" MySQL80
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: RunSwUSB - C:\Windows\runSW.exe
O23 - Service R2: SAMSUNG Mobile Connectivity Service - (ss_conn_service) - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
O23 - Service R2: Servizio A portata di clic di Microsoft Office - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service S2: HP Touchpoint Analytics - (HPTouchpointAnalyticsService) - C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
O23 - Service S2: Intel(R) Common Connectivity Framework - (STCServ) - C:\Program Files\Intel\STCServ\STCServ.exe
O23 - Service S2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S2: Servizio Aggiornamento Dropbox (dbupdate) - (dbupdate) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /svc
O23 - Service S2: Servizio Aggiornamento Microsoft Edge (edgeupdate) - (edgeupdate) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /svc
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\93.0.4577.82\elevation_service.exe
O23 - Service S3: HP Software Framework Service - (hpqwmiex) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service S3: Microsoft Edge Elevation Service (MicrosoftEdgeElevationService) - (MicrosoftEdgeElevationService) - C:\Program Files (x86)\Microsoft\Edge\Application\93.0.961.52\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: ProtonVPN Service - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPNService.exe
O23 - Service S3: ProtonVPN Update Service - C:\Program Files (x86)\Proton Technologies\ProtonVPN\ProtonVPN.UpdateService.exe
O23 - Service S3: Servizio Aggiornamento Dropbox (dbupdatem) - (dbupdatem) - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe /medsvc
O23 - Service S3: Servizio Aggiornamento Microsoft Edge (edgeupdatem) - (edgeupdatem) - C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe /medsvc
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Visual Studio Standard Collector Service 150 - (VSStandardCollectorService150) - C:\Program Files (x86)\Microsoft Visual Studio\Shared\Common\DiagnosticsHub.Collection.Service\StandardCollector.Service.exe

ERCOLINO · 23 Settembre 2021

Il log mi sembra Ok.

Cancella tutto il contenuto della cartella Temp

C:windows/temp

Dai vari browser cancella cache e cookies e inoltre controlla che non ci sia nessuna estensione strana installata.

Controlla anche se di recente risulta installato qualche programma che non conosci

cslash89 · 23 Settembre 2021

ERCOLINO ha scritto:
Il log mi sembra Ok.

Cancella tutto il contenuto della cartella Temp

C:windows/temp

Dai vari browser cancella cache e cookies e inoltre controlla che non ci sia nessuna estensione strana installata.

Controlla anche se di recente risulta installato qualche programma che non conosci

Fatto tutto quello che hai detto tranne che nella cartella temp non si cancellano due file perchè risultano in uso con questo errore "impossibile completare l'operazione perchè il file è aperto in Sservizio A portata di click di microsoft office"

VIANELLO_85 · 24 Settembre 2021

Alcune cartelle/files, essendo in uso dal sistema, potrebbero non venir cancellate, normale

ERCOLINO · 21 Ottobre 2021

Nuova versione 2.10.0.10 del 14/10/2021 (Versione precedente era la 2.9.0.26 del 08/08/2020)

2.10.0.10

- Added detection of Windows 11, Windows Server 2016, Windows Server 2022.
- Added DisplayVersion in addition to ReleseId where possible.
- O22 - Tasks: whitelists are updated.

2.10.0.9
- Moved status to a stable release.
- O26 - Fixed false "file missing".
- O7 Policy - Added more keys for detection DisableTaskMgr.
2.10.0.8 beta
- More code clear.
- Improved filter of O22 - Bits whitelists.
2.10.0.7 beta
- Added new 'Files Unlocker' tool (see 'Tools' menu => Files => Unlock File / Folder).
- Global code clear and optimization (thanks to LaVolpe and his 'Project Scaner' tool).
- Some errors are fixed.
- Improved source code building script.

Change log completo dalla precedente versione 2.9.0.26 all'ultima 2.10.0.10

Thanks dragokas

Rimuovere il vecchio programma e mettete la nuova versione

Download HijackThis (Versione 2.10.0.10) del 14/10/2021

Ospite · 27 Ottobre 2021

Causa aggiornamento da Windows 10 Pro a Windows 11 Pro su PC del 2016, chiedo gentilmente di analizzarmi questo log, non ho riscontrato nessun problema ed ad occhio non mi sembra di vederne, per sicurezza vi chiedo gentilmente un controllo ed eventuali suggerimenti su cosa fixare, ecco il log:
Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.10

Platform: x64 Windows 11 (Pro), 10.0.22000.282 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 27.10.2021 - 01:55 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: d80di (group: Administrators) on DESKTOP-20CKG13, FirstRun: yes

Chrome: 95.0.4638.54
Firefox: 93.0.0.7940
Internet Explorer: 11.0.22000.120
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.112\GoogleCrashHandler64.exe
12 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\95.0.1020.30\msedgewebview2.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
7 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_3.2109.6305.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21084.79.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\MicrosoftTeams_21253.510.996.1465_x64__8wekyb3d8bbwe\msteams.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_421.20034.345.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2110.5-0\NisSrv.exe
1 C:\ProgramData\Microsoft\Windows Defender\Scans\MsMpEngCP.exe
1 C:\Users\d80di\Desktop\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\vmcompute.exe
1 C:\Windows\System32\vmms.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 C:\Windows\SysWOW64\dllhost.exe

O1 - Hosts.ICS: 172.19.224.1 DESKTOP-20CKG13.mshome.net # 2026 10 0 25 23 28 1 920
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_311\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_311\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\d80di\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2020/09/28)
O4 - HKCU\..\StartupApproved\Run: [Opera Browser Assistant] = C:\Users\d80di\AppData\Local\Programs\Opera\assistant\browser_assistant.exe (2020/10/15)
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2020/09/28)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2020/09/28)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2020/10/15)
O4 - HKLM\..\StartupApproved\Run32: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe (2020/09/28)
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Carroll.lnk -> C:\Program Files (x86)\Carroll\Carroll.exe /OnlySet (2020/09/28)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nlansp_c.dll
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - DHCP DNS 3: 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O22 - BITS Job: (download) {6F099A79-2754-414B-8CF1-8BF858D96920} - http://edgedl.me.gvt1.com/edgedl/re...ib_6925_all_adrr6esxn7kbkeroytipvgajkfeq.crx3 -> C:\Users\d80di\AppData\Local\Temp\chrome_BITS_9044_1236974883\hfnkpimlhhgieaddgfemjhofmfblmnib_6925_all_adrr6esxn7kbkeroytipvgajkfeq.crx3
O22 - BITS Job: Fix all (including legit)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSDFresh\AbLauncher.exe checksettings -autorun
O22 - Task: \Agent Activation Runtime\S-1-5-21-1593497920-3724576141-1433594885-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC
O22 - Task: ASC_SkipUac_d80di - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate
O22 - Task: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" $(Arg0)
O22 - Task: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0)
O22 - Task: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay
O22 - Task: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe
O22 - Task: Sump Task (One-Time) - C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe /sup2 (file missing)
O22 - Task: VivaldiUpdateCheck-5924e1198cc83f03 - C:\Users\d80di\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\system32\amdfendrsr.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\c0360470.inf_amd64_b06c374aee20d185\B360357\atiesrxx.exe
O23 - Service S2: Advanced SystemCare Service 15 - (AdvancedSystemCareService15) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
O23 - Service S2: MxService - C:\Program Files (x86)\Maxthon5\Bin\MxService.exe
O23 - Service S2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (file missing)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\95.0.4638.54\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O25 - WMI Event: Skip TPM Check on Dynamic Update - Skip TPM Check on Dynamic Update - Event="Win32_ProcessStartTrace WHERE ProcessName='vdsldr.exe'", C:\WINDOWS\system32\cmd.exe C:\WINDOWS\system32\cmd.exe /q Skip TPM Check on Dynamic Update (c) AveYo, 2021 /d /rerase appraiserres.dll /f /s /q (WorkDir = C:\$WINDOWS.~BT)
O26 - Tools: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MyComputer\DefragPath (default) = C:\Program Files (x86)\IObit\Advanced SystemCare\DiskDefrag.exe

--
End of file - Time spent: 21 sec. - 22876 bytes, CRC32: FFFFFFFF. Sign: 綴惹

ERCOLINO · 27 Ottobre 2021

Mi sembra ok

Ospite · 28 Ottobre 2021

Ok grazie infinite ERCOLINO.

ERCOLINO · 25 Gennaio 2022

Nuova versione 2.0.0.16 dalla precedente 2.0.0.10

[2.10.0.16] - Jan 12, 2022
- Added Spanish translation (thanks to Andago).
- Added key /LangSP - force use Spanish language for user interface.
- Corrected size of the forms for better match the translation.
- Minor edits of RU/UA/FR translations.
- Updated Merijn Bellekom donation link in StartupList tool.
- StartupList (and HJT): fixed "Show file" context menu didn't work with System32 files.

[2.10.0.14] - Dec 26, 2021
- O22 - BITS: Fixed throwing error when URL is missing (thanks to @Sandor-Helper for report).
- Certificates are updated.

[2.10.0.13] - Dec 02, 2021
- Fixed potential crash related to bad buffer size in codepage encoder (thanks to @thetrik for letting me know).
- Fixed missing translation.
- Fixed font size on some controls.
- [Updates checker] Corrected error code returned.
- System errors description are now displayed on selected language.
- [Uninstall manager] Fixed double-unicode in registry snapshot report on some locales.

[2.10.0.12] - Nov 23, 2021
- Updated MS certificates list.

[2.10.0.11] - Nov 21, 2021
- Improved error logging.

[2.10.0.10] - Oct 14, 2021

- Added detection of Windows 11, Windows Server 2016, Windows Server 2022.
- Added DisplayVersion in addition to ReleseId where possible.
- O22 - Tasks: whitelists are updated.

Download versione 2.0.0.16

pasgal · 2 Marzo 2022

Ciao a tutti, sono nuovo, meno male che esistete.

Ercolino, per piacere, se devi darmi notizie molto brutte, dimmele pian piano, non vorrei reinstallare windows, è un bagno di sangue.
Behavior:Win32/SuspCopy.B mi sta uccidendo.

Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.16

Platform: x64 Windows 10 (Pro), 10.0.19044.1526 (ReleaseId: 2009, 21H2), Service Pack: 0
Time: 02.03.2022 - 16:18 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: PC (group: Administrators) on DESKTOP-80G3K7T, FirstRun: yes

Chrome: 98.0.4758.102
Firefox: 97.0.1.8082
Internet Explorer: 11.0.19041.1202
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\AOMEI Backupper\ABService.exe
1 C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe
16 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.36.122\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\Windows Mail\wabmig.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\PDF24\pdf24.exe
1 C:\Users\PC\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\RtkAudUService64.exe
2 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
67 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wscript.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: Reset contents to default
O1 - Hosts: 127.0.0.1 192.150.14.69
O1 - Hosts: 127.0.0.1 192.150.18.101
O1 - Hosts: 127.0.0.1 192.150.18.108
O1 - Hosts: 127.0.0.1 192.150.22.40
O1 - Hosts: 127.0.0.1 192.150.8.100
O1 - Hosts: 127.0.0.1 192.150.8.118
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.de
O1 - Hosts: 127.0.0.1 209-34-83-73.ood.opsource.net
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 3dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.de
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com
O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.de
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 activate.adobe.de
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.de
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.de
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe.activate.com
O1 - Hosts: 127.0.0.1 adobe.tt.omtrdc.net
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 crl.verisign.net
O1 - Hosts: 127.0.0.1 CRL.VERISIGN.NET.*
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.adobe.de
O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip1.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip2.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip4.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.com
O1 - Hosts: 127.0.0.1 hl2rcv.adobe.de
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O1 - Hosts: 127.0.0.1 ims-na1-prprod.adobelogin.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 na2m-pr.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na4r.services.adobe.com
O1 - Hosts: 127.0.0.1 ood.opsource.net
O1 - Hosts: 127.0.0.1 practivate.adobe
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 127.0.0.1 practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 s-2.adobe.com
O1 - Hosts: 127.0.0.1 s-3.adobe.com
O1 - Hosts: 127.0.0.1 tss-geotrust-crl.thawte.com
O1 - Hosts: 127.0.0.1 wip.adobe.com
O1 - Hosts: 127.0.0.1 wip1.adobe.com
O1 - Hosts: 127.0.0.1 wip2.adobe.com
O1 - Hosts: 127.0.0.1 wip3.adobe.com
O1 - Hosts: 127.0.0.1 wip4.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip100.adobe.com #192.1100.8.100
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip101.adobe.com #192.1100.8.101
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip102.adobe.com #192.1100.8.102
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip103.adobe.com #192.1100.8.103
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip104.adobe.com #192.1100.8.104
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip105.adobe.com #192.1100.8.105
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip106.adobe.com #192.1100.8.106
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip107.adobe.com #192.1100.8.107
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip108.adobe.com #192.1100.8.108
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip109.adobe.com #192.1100.8.109
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip110.adobe.com #192.1110.8.110
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip111.adobe.com #192.1110.8.111
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip112.adobe.com #192.1110.8.112
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip113.adobe.com #192.1110.8.113
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip114.adobe.com #192.1110.8.114
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip115.adobe.com #192.1110.8.115
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip116.adobe.com #192.1110.8.116
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip117.adobe.com #192.1110.8.117
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip118.adobe.com #192.1110.8.118
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip119.adobe.com #192.1110.8.119
O1 - Hosts: 127.0.0.1 wwis-dubc1-vip120.a
O2 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2 - HKLM\..\BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O2-32 - HKLM\..\BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O2-32 - HKLM\..\BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2-32 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\x64\AcroIEFavStub.dll
O3 - HKLM\..\Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O3-32 - HKLM\..\Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\DC\AcroIEFavStub.dll
O3-32 - HKLM\..\Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKCU\..\Run: [Chromium] = c:\users\pc\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIUOE.EXE /EPT "EPLTarget\P0000000000000000" /M "ET-2710 Series"
O4 - HKCU\..\Run: [OneDrive] = C:\Users\PC\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKLM\..\Run: [EPPCCMON] = C:\Program Files (x86)\EPSON Software\Epson Printer Connection Checker\EPPCCMON.EXE
O4 - HKLM\..\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [PDF24] = C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKLM\..\StartupApproved\Run32: [Acrobat Assistant 8.0] = C:\Program Files (x86)\Adobe\Acrobat DC\Acrobat\Acrotray.exe (2022/02/20)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service')
O4 - Startup: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Realtime.ffs_real
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O4-32 - HKLM\..\Run: [PowerDVD16Agent] = C:\Program Files (x86)\CyberLink\PowerDVD16\PowerDVD16Agent.exe
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{aa0fab03-b160-4e33-a248-1affe832de15}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{aa0fab03-b160-4e33-a248-1affe832de15}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\ProgramData\MEGAsync\ShellExtX64.dll (file missing)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\ProgramData\MEGAsync\ShellExtX32.dll (file missing)
O22 - Task (.job): (Not scheduled) EPSON ET-2710 Series Update {51E62CA8-7A2E-44BF-9778-3F6634FC6D99}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MEGA (empty)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-3059520638-274081876-2016100579-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: (disabled) Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (file missing)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (Microsoft)
O22 - Task: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \Nero\Nero Info - C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe -shedul
O22 - Task: bookingDesktopAppUpdateTaskMachineCore - C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe /c
O22 - Task: bookingDesktopAppUpdateTaskMachineUA - C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe /ua /installsource scheduler
O22 - Task: CsAYMRu - C:\WINDOWS\system32\wscript.exe /E:vbscript C:\ProgramData\vyststrx\FqpEem.tad
O22 - Task: EPSON ET-2710 Series Update {51E62CA8-7A2E-44BF-9778-3F6634FC6D99} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSUOE.EXE /EXE:"{51E62CA8-7A2E-44BF-9778-3F6634FC6D99}" /F:"Update"
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineCore1d578155e7b8b2b - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: GoogleUpdateTaskMachineUA1d578155e80554e - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: OneDrive Reporting Task-S-1-5-21-3059520638-274081876-2016100579-1001 - C:\Users\PC\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Opera scheduled Autoupdate 1547389305 - C:\Users\PC\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Task: S1jYEJUWRpu - C:\WINDOWS\system32\wscript.exe /nologo /E:vbscript c:\users\PC\AppData\Roaming\\jYEJUWRpu\FBXsGwOW.rock
O23 - Service R2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI Backupper\ABService.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: PDF24 - C:\Program Files\PDF24\pdf24.exe -service
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe
O23 - Service S2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service S2: Acronis OS Selector activator - (OS Selector) - C:\Program Files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe
O23 - Service S2: bookingDesktopApp Update Service (bookingdesktopapp) - (bookingdesktopapp) - C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe /svc
O23 - Service S2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service S2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHDCPSvc.exe
O23 - Service S2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\igfxCUIService.exe
O23 - Service S2: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: bookingDesktopApp Update Service (bookingdesktopappm) - (bookingdesktopappm) - C:\Program Files (x86)\bookingDesktopApp\Update\bookingDesktopAppUpdate.exe /medsvc
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\98.0.4758.102\elevation_service.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\igdlh64.inf_amd64_2cec8fd58a80e6ea\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Servizio iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService

--
End of file - Time spent: 12,4 sec. - 36184 bytes, CRC32: FFFFFFFF. Sign: 蹈牒

ERCOLINO ha scritto:
Nuova versione 2.0.0.16 dalla precedente 2.0.0.10

[2.10.0.16] - Jan 12, 2022
- Added Spanish translation (thanks to Andago).
- Added key /LangSP - force use Spanish language for user interface.
- Corrected size of the forms for better match the translation.
- Minor edits of RU/UA/FR translations.
- Updated Merijn Bellekom donation link in StartupList tool.
- StartupList (and HJT): fixed "Show file" context menu didn't work with System32 files.

[2.10.0.14] - Dec 26, 2021
- O22 - BITS: Fixed throwing error when URL is missing (thanks to @Sandor-Helper for report).
- Certificates are updated.

[2.10.0.13] - Dec 02, 2021
- Fixed potential crash related to bad buffer size in codepage encoder (thanks to @thetrik for letting me know).
- Fixed missing translation.
- Fixed font size on some controls.
- [Updates checker] Corrected error code returned.
- System errors description are now displayed on selected language.
- [Uninstall manager] Fixed double-unicode in registry snapshot report on some locales.

[2.10.0.12] - Nov 23, 2021
- Updated MS certificates list.

[2.10.0.11] - Nov 21, 2021
- Improved error logging.

[2.10.0.10] - Oct 14, 2021

- Added detection of Windows 11, Windows Server 2016, Windows Server 2022.
- Added DisplayVersion in addition to ReleseId where possible.
- O22 - Tasks: whitelists are updated.

Download versione 2.0.0.16

VIANELLO_85 · 2 Marzo 2022

Vedo un sacco di host 01, che io eliminerei.

Elimina i file della cartella temp (alcuni non te lì farà eliminare)

Vedi poi come va se migliora o resta ancora con quell'avviso.

Conunque se possibile farei anche una bella scansione antivirus ( da modalità provvisoria se riesci)

pasgal · 2 Marzo 2022

Non saprei come si elimina quesgli host, col programmino stesso con cui ho fatto il log?
Ho già eliminato tutto dalla cartella temp. Questo visur mi rallenta la connessione, mi blocca whatsapp web e telegram web, non mi fa navigare bene etc etc ma il resto del pc funziona come sempre.

VIANELLO_85 ha scritto:
Vedo un sacco di host 01, che io eliminerei.

Elimina i file della cartella temp (alcuni non te lì farà eliminare)

Vedi poi come va se migliora o resta ancora con quell'avviso.

Conunque se possibile farei anche una bella scansione antivirus ( da modalità provvisoria se riesci)

VIANELLO_85 · 2 Marzo 2022

Esatto, li elimini con lo stesso programma

Importante Richiesta controllo Logfile of HijackThis (Versione 2.10.0.31) del 06/05/2023

VIANELLO_85

Alessandro1987

Digital-Forum Senior Plus

jolly

Digital-Forum Master

VIANELLO_85

ERCOLINO

jolly

Digital-Forum Master

ERCOLINO

cslash89

Digital-Forum Senior Master

ERCOLINO

cslash89

Digital-Forum Senior Master

VIANELLO_85

ERCOLINO

Ospite

ERCOLINO

Ospite

ERCOLINO

pasgal

Digital-Forum New User

VIANELLO_85

pasgal

Digital-Forum New User

VIANELLO_85