Importante Richiesta controllo Logfile of HijackThis

[VIANELLO_85]

Questo, leggendo anche in rete mi insospettisce.

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: [URL,TopResultURLFallback] = http://vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ggfc_15_05_ch&cd=2XzuyEtN2Y1L1QzuyEyEyC0DyDyByCzztA0B0DtAyEyB0F0DtN0D0Tzu0StCtCtByCtN1L2XzutAtFyBtFtBtFtCtN1L1CzutCyEtBzytDyD1V1ByEtN1L1G1B1V1N2Y1L1Qzu2StC0C0EzzyByCyByBtG0CtB0B0FtGzz0DtByEtG0DyD0CtCtGyByEtAtD0EyByEyD0C0C0Czz2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0FyEyCyE0DtAzzyEtGyBzz0E0AtGyE0DyB0CtGzyzztDzztGyDtByDtByCyCyDyC0D0EtC0F2Q&cr=642276483&ir= - Vosteran

Per il resto verificherei i programmi che partono all'avvio, vedo, ccleaner, avast browser, adobe, openoffice... che volendo si possono disattivare all'avvio, così da renderlo leggermente più prestazionale.
Ovviamente quando aprirai tali programmi ci metteranno leggermente di più ad aprirsi la prima volta, ma nulla di sconvolgente.

 

[scarfacecik84]

a seguito di anomalie al pc dove non si avviavano più alcune app , ho dovuto fare un ripristino del sistema perchè prima di entrare in windows veniva riavviato e in seguito ho dovuto reinstallare alcune app
(vorrei sapere se è tutto apposto dal log) grazie

Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.2.0.1

Platform: x64 Windows 11 (Pro), 10.0.26100.2605 (ReleaseId: 2009, 24H2), Service Pack: 0
Time: 12.12.2024 - 11:49 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 11202 MiB Free. Loading RAM (32 %), CPU (1 %)
Elevated: Yes
Ran by: Utente (group: Unknown; type: Microsoft) on DESKTOP-ISBNC43, FirstRun: yes

Chrome: 131.0.6778.109
Internet Explorer: 11.0.26100.1882
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal (Secure Boot: Off)

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Steam\steamservice.exe
1 C:\Program Files (x86)\Nero\Nero 2020\Nero BackItUp\NBService.exe
7 C:\Program Files (x86)\Steam\bin\cef\cef.win7x64\steamwebhelper.exe
1 C:\Program Files (x86)\Steam\steam.exe
1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSSrcExt.exe
1 C:\Program Files\AMD\CNext\CNext\cncmd.exe
1 C:\Program Files\AMD\CNext\CNext\CPUMetricsServer.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe
1 C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe
1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe
1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.1.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_524.30502.30.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.CrossDevice_1.24111.37.0_x64__cw5n1h2txyewy\CrossDeviceService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
1 C:\Windows\explorer.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\servicing\TrustedInstaller.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\Dism\DismHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrsr.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0407412.inf_amd64_101d3d4e34955a9f\B407018\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0407412.inf_amd64_101d3d4e34955a9f\B407018\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\GigabyteUpdateService.exe
1 C:\Windows\System32\lsass.exe
2 C:\Windows\System32\RtkAudUService64.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\ShellHost.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\SystemSettingsAdminFlows.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\upfc.exe
1 C:\Windows\System32\VSSVC.exe
3 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.26100.2592_none_a51f478d77516870\TiWorker.exe
1 E:\Documenti\HiJackThis\HiJackThis.exe

O1 - Hosts: 0.0.0.0 www.nero.com
O1 - Hosts: 0.0.0.0 ftp25.deu.nero.com
O1 - Hosts: 0.0.0.0 ocsp.globalsign.com
O1 - Hosts: 0.0.0.0 ocsp2.globalsign.com
O1 - Hosts: 0.0.0.0 i2am.nero.com
O1 - Hosts: 0.0.0.0 iam.nero.com
O1 - Hosts: 0.0.0.0 2.19.38.243
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\131.0.6778.109\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [AMDNoiseSuppression] = C:\Windows\system32\AMD\ANR\AMDNoiseSuppression.exe (file missing)
O4 - HKCU\..\Run: [EADM] = C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EALauncher.exe -silent (sign: 'Electronic Arts, Inc.')
O4 - HKCU\..\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (sign: 'Valve Corp.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_B171DF7C782C6549CCED649E6C8247F6] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start (2023/11/07) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background (2023/11/07) (sign: 'Microsoft')
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [DriveSpan] = C:\Program Files (x86)\Nero\Transfer\Transfer.exe (2023/11/07) (sign: 'Nero AG')
O4 - HKLM\..\StartupApproved\Run32: [Nero BackItUp] = C:\Program Files (x86)\Nero\Nero 2020\Nero BackItUp\BackItUp.exe /WinStart (2023/11/07) (sign: 'Nero AG')
O4 - HKU\S-1-5-19\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-19\..\RunOnce: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background /setautostart (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Local service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\Run: [OneDriveSetup] = C:\Windows\System32\OneDriveSetup.exe /thfirstsetup (User 'Network service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\RunOnce: [OneDrive] = C:\Program Files\Microsoft OneDrive\OneDrive.exe /background /setautostart (User 'Network service') (sign: 'Microsoft')
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'Network service') (sign: 'Microsoft')
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [ConsentPromptBehaviorAdmin] = 0
O7 - Policy: (UAC) HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System: [PromptOnSecureDesktop] = 0
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Flighting\FeatureConfig\BootstrapUsageDataReporting - {D759C938-B375-41CB-A2A2-E6D866A767F4} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Servicing\OOBEFodSetup - C:\WINDOWS\system32\OOBEFodSetup.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\SharedPC\Account Cleanup - {7750564D-D61C-4557-8A9D-7DF56BDCFF96} - C:\WINDOWS\system32\Windows.SharedPC.AccountManager.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Shell\ThemeAssetTask_SyncFODState - {3BC5DD7D-EA3B-428C-B9B6-0723DB6A1057} - C:\Windows\System32\Windows.UI.Immersive.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\WaaSMedic\MaintenanceWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},MaintenanceWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser - C:\WINDOWS\system32\sc.exe start InventorySvc (sign: '')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser Exp - C:\WINDOWS\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun express (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\SdbinstMergeDbTask - C:\WINDOWS\system32\sdbinst.exe -mm (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Sustainability\SustainabilityTelemetry - {6EE41D75-D091-4FB7-9AD5-018760DD25D4} - C:\WINDOWS\system32\EcoScoreTask.dll (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{4418C692-6939-4E39-98D4-51FE959A7558} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\WINDOWS\system32\UCPDMgr.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\WINDOWS\System32\unifiedconsent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Containers\CmCleanup - {F50E9363-6BC8-4DC5-8CAB-7D9F8C1B81B4} - C:\WINDOWS\System32\cmcleanup.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Diagnosis\UnexpectedCodepath - C:\WINDOWS\system32\UCConfigTask.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Flighting\FeatureConfig\UsageDataReceiver - {D4C0420F-76BD-4F66-A91F-918A93ABEBEB} - C:\Windows\System32\fcon.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\InputSettingsRestoreDataAvailable - {378EAB97-EFD6-4ED5-9AD9-E64A6AA1E6FA},InputSettingsRestoreDataAvailable - C:\Windows\System32\InputCloudStore.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Input\syncpensettings - {3ECEE215-83F5-4123-A592-74F1FE4C3D59},SYNC_PEN_SETTINGS - C:\Windows\System32\SettingsHandlers_Pen.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\InstallService\RestoreDevice - {7F019157-05C8-473F-8664-2BA04A090DC8} - C:\Windows\System32\InstallServiceTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Location\Notifications - C:\WINDOWS\System32\LocationNotificationWindows.exe (file missing)
O22 - Tasks: \Microsoft\Windows\Network Connectivity Status Indicator\NcsiIdentifyUserProxies - {706B965A-8308-4CD4-9900-87C2D79C121B} - C:\Windows\System32\netprofm.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\PerformanceTrace\RequestTrace - {9EFEB182-2EE3-4AF9-AFFA-521410D110D1} - C:\WINDOWS\system32\PerformanceTraceHandler.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ReFsDedupSvc\Initialization - {DCFF735B-64F7-45F3-B39C-6C66BBE2120F} - C:\WINDOWS\System32\ReFsDedupSvc.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Sense\InstallSenseClient - C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Task\SenseTask.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Sustainability\PowerGridForecastTask - {251E5B1F-E370-4E12-B5BD-B7AD2A8EE810} - C:\WINDOWS\system32\PowerGridForecastTask.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\TPM\Tpm-PreAttestationHealthCheck - {5014B7C8-934E-4262-9816-887FA745A6C4},TpmPreAttestationHealthCheck - C:\WINDOWS\system32\TpmTasks.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (file missing)
O22 - Tasks: \Microsoft\Windows\UpdateOrchestrator\UUS Failover Task - C:\WINDOWS\System32\MLEngineStub.exe HandleUusFailoverEvaluationSignalFromWnf (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Nero\Nero Info - C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe -shedul (sign: 'Nero AG')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP (sign: 'Advanced Micro Devices')
O22 - Tasks: AMDRyzenMasterSDKTask - C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe (sign: 'Advanced Micro Devices')
O22 - Tasks: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser (sign: 'Advanced Micro Devices')
O22 - Tasks: OneDrive Per-Machine Standalone Update Task - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe (sign: 'Microsoft')
O22 - Tasks: OneDrive Reporting Task-S-1-5-21-1101469992-360566321-1039958364-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks: StartAUEP - C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (sign: 'Advanced Micro Devices')
O22 - Tasks: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices')
O22 - Tasks: StartCNBM - C:\Program Files\AMD\CNext\CNext\cncmd.exe benchmark (sign: 'Advanced Micro Devices')
O22 - Tasks: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\WINDOWS\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\MdmDiagnosticsCleanup - C:\WINDOWS\system32\MdmDiagnosticsTool.exe /clean (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\WaaSMedic\DeferredWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},DeferralWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (disabled) \Microsoft\Windows\WaaSMedic\MaintenanceWork - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},MaintenanceWork - C:\WINDOWS\System32\WaaSMedicSvc.dll (sign: 'Microsoft')
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks_Migrated: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{4418C692-6939-4E39-98D4-51FE959A7558} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks_Migrated: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks_Migrated: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks_Migrated: \Microsoft\Office\Office Performance Monitor - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX64\Microsoft Shared\Office16\operfmon.exe (sign: 'Microsoft')
O22 - Tasks_Migrated: \Microsoft\Windows\Location\Notifications - C:\WINDOWS\System32\LocationNotificationWindows.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\NetTrace\GatherNetworkInfo - C:\WINDOWS\system32\gatherNetworkInfo.vbs (file missing)
O22 - Tasks_Migrated: \Nero\Nero Info - C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe -shedul (sign: 'Nero AG')
O22 - Tasks_Migrated: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks_Migrated: AMDInstallLauncher - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe /InstallAUEP (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: AMDRyzenMasterSDKTask - C:\Program Files\AMD\CNext\CNext\cpumetricsserver.exe (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: ModifyLinkUpdate - C:\Program Files\AMD\CIM\Bin64\InstallManagerApp.exe -UpdateCurrentUser (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: OneDrive Per-Machine Standalone Update Task - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe (sign: 'Microsoft')
O22 - Tasks_Migrated: OneDrive Reporting Task-S-1-5-21-1101469992-360566321-1039958364-1001 - C:\Program Files\Microsoft OneDrive\OneDriveStandaloneUpdater.exe /reporting (sign: 'Microsoft')
O22 - Tasks_Migrated: StartAUEP - C:\Program Files\AMD\Performance Profile Client\AUEPMaster.exe (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: StartCN - C:\Program Files\AMD\CNext\CNext\cncmd.exe startwithdelay (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: StartCNBM - C:\Program Files\AMD\CNext\CNext\cncmd.exe benchmark (sign: 'Advanced Micro Devices')
O22 - Tasks_Migrated: StartDVR - C:\Program Files\AMD\CNext\CNext\RSServCmd.exe (sign: 'Advanced Micro Devices')
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe (sign: 'Microsoft')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: AMD Crash Defender Service - C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrsr.exe (sign: 'Microsoft')
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\u0407412.inf_amd64_101d3d4e34955a9f\B407018\atiesrxx.exe (sign: 'Microsoft')
O23 - Service R2: GIGABYTE Update Service - (GigabyteUpdateService) - C:\WINDOWS\system32\GigabyteUpdateService.exe (sign: 'GIGA-BYTE TECHNOLOGY CO., LTD.')
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (sign: 'HP Inc.')
O23 - Service R2: Nero BackItUp Background Service 2021 - (NeroBackItUpBackgroundService2021) - C:\Program Files (x86)\Nero\Nero 2020\Nero BackItUp\NBService.exe (sign: 'Nero AG')
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\WINDOWS\System32\RtkAudUService64.exe (sign: 'Microsoft')
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R3: EABackgroundService - C:\Program Files\Electronic Arts\EA Desktop\EA Desktop\EABackgroundService.exe -start (sign: 'Electronic Arts, Inc.')
O23 - Service R3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\steamservice.exe /RunAsService (sign: 'Valve Corp.')
O23 - Service S2: AMD User Experience Program Data Uploader - (AUEPLauncher) - C:\Program Files\AMD\Performance Profile Client\AUEPDU.exe (sign: 'Advanced Micro Devices')
O23 - Service S2: Nero Update - (NAUpdate) - C:\Program Files (x86)\Nero\Update\NASvc.exe (sign: 'Nero AG')
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService132.0.6833.0) - (GoogleUpdaterService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService132.0.6833.0) - (GoogleUpdaterInternalService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S3: EAAntiCheatService - C:\Program Files\EA\AC\eaanticheat.gameservice.exe (sign: 'Electronic Arts, Inc.')
O23 - Service S3: FileSyncHelper - C:\Program Files\Microsoft OneDrive\24.221.1103.0003\FileSyncHelper.exe (sign: 'Microsoft')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\131.0.6778.109\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: OneDrive Updater Service - C:\Program Files\Microsoft OneDrive\24.221.1103.0003\OneDriveUpdaterService.exe (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Driver R0: AMD PCI Root Bus Lower Filter - (amdkmpfd) - C:\WINDOWS\System32\drivers\amdkmpfd.sys (+safe mode) (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R0: AMD PSP Service - (amdpsp) - C:\WINDOWS\System32\drivers\amdpsp.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R1: CTIIO - C:\Windows\system32\drivers\CtiIo64.sys (sign: 'Microsoft' - Creative Technology Innovation Co., LTd.)
O23 - Driver R2: AMDRyzenMasterDriverV26 - C:\Windows\system32\AMDRyzenMasterDriver.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Controller Emulation - (AMDXE) - C:\WINDOWS\System32\drivers\amdxe.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Crash Defender Driver - (amdfendr) - C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: AMD Crash Defender Manager Driver - (amdfendrmgr) - C:\WINDOWS\System32\DriverStore\FileRepository\amdfendr.inf_amd64_987f8cede005f427\amdfendrmgr.sys (sign: 'Microsoft' - Advanced Micro Devices, Inc.)
O23 - Driver R3: AMD Function Driver for HD Audio Service - (AtiHDAudioService) - C:\WINDOWS\System32\DriverStore\FileRepository\atihdwt6.inf_amd64_4ad1437aef138551\AtihdWT6.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio2) - C:\WINDOWS\System32\drivers\amdgpio2.sys (sign: 'Advanced Micro Devices INC.')
O23 - Driver R3: AMD GPIO Client Driver - (amdgpio3) - C:\WINDOWS\System32\drivers\amdgpio3.sys (sign: 'ASMedia Technology Inc.')
O23 - Driver R3: AMD PCI - (AMDPCIDev) - C:\WINDOWS\System32\drivers\AMDPCIDev.sys (sign: 'Advanced Micro Devices Inc.')
O23 - Driver R3: AMD Special Tools Driver - (AmdTools64) - C:\WINDOWS\System32\drivers\AmdTools64.sys (sign: 'Microsoft' - )
O23 - Driver R3: AMDSAFD - C:\WINDOWS\System32\DriverStore\FileRepository\amdsafd.inf_amd64_d4de13a10f2586d0\amdsafd.sys (sign: 'Microsoft' - Advanced Micro Devices)
O23 - Driver R3: amduw23g - C:\WINDOWS\System32\DriverStore\FileRepository\u0407412.inf_amd64_101d3d4e34955a9f\B407018\amdkmdag.sys (sign: 'Advanced Micro Devices')
O23 - Driver R3: Realtek Bluetooth Filter Driver - (RtkBtFilter) - C:\WINDOWS\System32\drivers\RtkBtfilter.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\WINDOWS\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Realtek Wireless LAN 802.11ax PCI-E Network Adapter - (rtwlane601) - C:\WINDOWS\System32\drivers\rtwlane601.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\WINDOWS\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: EAAntiCheat - C:\WINDOWS\system32\drivers\eaanticheat.sys (file missing)
O23 - Driver S3: gdrv3 - C:\Windows\System32\drivers\gdrv3.sys (sign: 'GIGA-BYTE TECHNOLOGY CO., LTD.')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\WINDOWS\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\WINDOWS\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: Service for NVIDIA High Definition Audio Driver - (NVHDA) - C:\WINDOWS\system32\drivers\nvhda64v.sys (sign: 'Nvidia Corporation')
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rtwlane601'


--
End of file - Time spent: 26,1 sec. - 57636 bytes, CRC32: FFFFFFFF. Sign: 볋껓

 

[IamRoby]

Avevi fatto un controllo con antivirus ecc.?

 

[scarfacecik84]

Avevi fatto un controllo con antivirus ecc.?

fatto, c'era un virus bloccato da windows defender , poi ho scoperto che era un falso positivo (era un gameplay modificato di un gioco) non so se quello mi ha fatto quel macello anche perchè essendo bloccato non penso sia andato in esecuzione

 

[VIANELLO_85]

Farei pulizia degli 01 HOSTS

 

[scarfacecik84]

Farei pulizia degli 01 HOSTS

Devo fare fix checked sempre tramite hijack?

 

[ERCOLINO]

Devo fare fix checked sempre tramite hijack?

Si

Fai una scansione completa anche con malwarebytes

Discussione su Malwarebytes

Update del 10/03/2025 by Ercolino Malwarebytes 5.2.8.173 Change log https://www.malwarebytes.com/it/

www.digital-forum.it

 

[scarfacecik84]

Si

Fai una scansione completa anche con malwarebytes

Discussione su Malwarebytes

Update del 10/03/2025 by Ercolino Malwarebytes 5.2.8.173 Change log https://www.malwarebytes.com/it/

www.digital-forum.it

01 HOSTS rimossi
scansione con malwarebytes: nessuna minaccia rilevata

grazie

 

[Shark81]

Buongiorno, ieri pomeriggio defender durante la navigazione mi ha segnalato due minacce. Come apro la notifica per vedere di cosa si tratta, leggo che è un trojan di nome Phonzy. L'altra mi pare facesse riferimento ad Amadey. Nemmeno Il tempo di iconizzare per capire di cosa si trattasse e la finestra di defender in cui segnalava i trojan sparisce. A quel punto faccio con defender una scansione veloce e non trova nulla. Ho scaricato trend micro dal link in prima pagina ed ho avviato una scansione completa. Dopo 1053 minuti è ancora al 67%. E' normale? Come devo comportarmi?
Grazie

 

[VIANELLO_85]

Apri una discussione, questa è per verifica dei log

 

[IamRoby]

Buongiorno, ieri pomeriggio defender durante la navigazione mi ha segnalato due minacce. Come apro la notifica per vedere di cosa si tratta, leggo che è un trojan di nome Phonzy. L'altra mi pare facesse riferimento ad Amadey. Nemmeno Il tempo di iconizzare per capire di cosa si trattasse e la finestra di defender in cui segnalava i trojan sparisce. A quel punto faccio con defender una scansione veloce e non trova nulla. Ho scaricato trend micro dal link in prima pagina ed ho avviato una scansione completa. Dopo 1053 minuti è ancora al 67%. E' normale? Come devo comportarmi?
Grazie

Defender quelli li ha messi in quaratena o cancellati? dipende come hai impostato.

 

[Shark81]

Defender quelli li ha messi in quaratena o cancellati? dipende come hai impostato.

Ora apro una discussione. Dove si vede come è impostato? Quando ho aperto la finestra, mi chiedeva se mettere in quarantena o eliminare. Subito dopo ho iconizzato e come ho riaperto non c'era più la segnalazione di minaccia. Se vado in "protezione da virus e minacce"---Cronologia della protezione, mi dice nessuna azione recente

 

[Shark81]

Logfile of HiJackThis+ (Alpha version) by Alex Dragokas v.3.2.0.2

Platform: x64 Windows 10 (Pro), 10.0.19045.5247 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 16.12.2024 - 08:08 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Memory: 5118 MiB Free. Loading RAM (38 %), CPU (7 %)
Elevated: Yes
Ran by: Utente (group: Administrators; type: Local) on DESKTOP-6TNITRT, FirstRun: yes

Chrome: 131.0.6778.140
Firefox: 133.0.3.387
Internet Explorer: 11.0.19041.4355
Default: "C:\Program Files\Google\Chrome\Application\chrome.exe" --single-argument %1 (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe
1 C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain_gui.exe
1 C:\Program Files (x86)\Bit4id\UKC\UKC\etc\notify\QtToastServer.exe
1 C:\Program Files (x86)\Brother\BrUtilities\BrLogRx.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe
1 C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe
1 C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe
1 C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
1 C:\Program Files (x86)\Browny02\BrYNSvc.exe
1 C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
1 C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
1 C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
1 C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2411.1.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.24111.10061.0_x64__8wekyb3d8bbwe\Video.UI.exe
2 C:\ProgramData\Adobe\Creative Cloud Experience Node\node.exe
1 C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\NisSrv.exe
1 C:\Users\Utente\AppData\Local\Temp\pcsc-client.dll\pcsc-client.dll.exe
1 C:\Users\Utente\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\CompPkgSrv.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
2 C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\rundll32.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
1 C:\Windows\System32\sppsvc.exe
79 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\SystemSettingsBroker.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.SecHealthUI_cw5n1h2txyewy\SecHealthUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_421\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_421\bin\ssv.dll (sign: 'Oracle America, Inc.')
O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\131.0.6778.140\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - HKCU\..\Run: [RocketDock] = C:\LP GESTIONE STUDIO\RocketDock\RocketDock.exe (not signed)
O4 - HKLM\..\Run: [bit4id csp store register (M x64)] = C:\Windows\system32\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [IndexSearch] = C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (2023/12/03) (sign: 'Nuance Communications, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [M17A] = C:\Windows\twain_32\Brimm17a\Common\TwDsUiLaunch.exe (2023/12/03) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [PaperPort PTD] = C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (2023/12/03) (sign: 'Nuance Communications, Inc.')
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2023/12/03) (sign: 'Oracle America, Inc.')
O4 - MountPoints2: HKCU\..\{4d93cb17-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - MountPoints2: HKCU\..\{4d93cb8a-5f56-11ec-b055-00e04cf72f02}\shell\AutoRun\command: (default) = F:\Setup.exe (file missing)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe (sign: 'BIT4ID SRL')
O4-32 - HKLM\..\Run: [bit4id csp store register (M)] = C:\Windows\SysWOW64\RUNDLL32.EXE "C:\Windows\system32\bit4upki-store.dll",RunImportServer (sign: 'Microsoft')
O4-32 - HKLM\..\Run: [BrotherSoftwareUpdateNotification] = C:\Program Files (x86)\Brother\SoftwareUpdateNotification\SoftwareUpdateNotificationService.exe /Autorun (not signed)
O4-32 - HKLM\..\Run: [BrStsMon00] = C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN (not signed)
O4-32 - HKLM\..\Run: [ControlCenter4] = C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun (sign: 'Brother Industries, Ltd.')
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (sign: 'SEIKO EPSON Corporation')
O4-32 - HKLM\..\Run: [IDProtect Monitor] = C:\Program Files (x86)\Athena\IDProtect Client\Utils\IDProtect Monitor.exe (sign: 'Athena Smartcard Solutions')
O4-32 - HKLM\..\Run: [ISUSPM] = C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe -scheduler (sign: 'Flexera Software LLC')
O8 - Context menu item: HKU\S-1-5-18\..\Internet Explorer\MenuExt\Apri con PDF Viewer 7: (default) = C:\Program Files (x86)\Nuance\PDF Professional 7\Bin\PlusIEContextMenu.dll (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\R@1n-KMS (empty)
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (user missing) (sign: 'Microsoft')
O22 - Tasks: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (user missing) (sign: 'Microsoft')
O22 - Tasks: (disabled) \Agent Activation Runtime\S-1-5-21-824607233-3609746563-3892767088-1001 - C:\Windows\System32\AgentActivationRuntimeStarter.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Clip\LicenseImdsIntegration - C:\Windows\system32\fclip.exe (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\Windows\System32\Autopilot.dll (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\Windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\Windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\Windows\system32\usoclient.exe StartMaintenanceWork (sign: 'Microsoft')
O22 - Tasks: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\Windows\system32\usoclient.exe StartWork (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\Office 15 Subscription Heartbeat - C:\Program Files\Common Files\Microsoft Shared\Office16\OLicenseHeartbeat.exe (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentFallBack2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload mininterval:2880 (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Office\OfficeTelemetryAgentLogOn2016 - C:\Program Files\Microsoft Office\Office16\msoia.exe scan upload (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\Windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\Windows\system32\rundll32.exe C:\Windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (sign: 'Microsoft')
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem132.0.6833.0{29D4FAF6-FE2C-4817-B31E-878BDA3D0FEF} - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\Windows\system32\AppListBackupLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\Windows\system32\UCPDMgr.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\Clip\ClipESU - C:\Windows\system32\clipesu.exe (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\Windows\System32\CloudRestoreLauncher.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82aa0895-198a-4c1b-b2d1-c16894218afb} - C:\Windows\System32\unifiedconsent.dll (sign: 'Microsoft')
O22 - Tasks: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (sign: 'Microsoft')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O23 - Service R2: ABBYY FineReader 9.0 Sprint Licensing Service - (ABBYY.Licensing.FineReader.Sprint.9.0) - C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -service (sign: 'ABBYY SOLUTIONS LIMITED')
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: Adobe Creative Cloud Experience Node - (adobecreativecloudexperiencenode.exe) - C:\ProgramData\Adobe\Creative Cloud Experience Node\node_modules\loader-module\daemon\adobecreativecloudexperiencenode.exe (not signed)
O23 - Service R2: AK910SwitchService - C:\Program Files (x86)\AK910SwitchService\svc\AK910SwitchService.exe (not signed)
O23 - Service R2: Brother USB Application Controller - (USBAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\USBAppControl.exe (not signed)
O23 - Service R2: Brother Workflow Application Controller - (WorkflowAppControl) - C:\Program Files (x86)\Brother\iPrint&Scan\WorkflowAppControl.exe (not signed)
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\Windows\system32\EscSvc64.exe (sign: 'SEIKO EPSON Corporation')
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\Windows\system32\igfxCUIService.exe (sign: 'Microsoft')
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log -l 3 -d C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\Display.NvContainer\plugins\LocalSystem -r -p 30000 -cfg NVDisplay.ContainerLocalSystem\LocalSystem (sign: 'Microsoft')
O23 - Service R2: PDFProFiltSrvPP - C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe (sign: 'Nuance Communications, Inc.')
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.24090.11-0\MpDefenderCoreService.exe (sign: 'Microsoft')
O23 - Service R2: Wifi AutoInstall Service - (WifiAutoInstallSrv) - C:\Program Files\Tenda\WifiAutoInstall\WifiAutoInstallSrv.exe (sign: 'Realtek Semiconductor Corp.')
O23 - Service R3: BrYNSvc - C:\Program Files (x86)\Browny02\BrYNSvc.exe (not signed)
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService132.0.6833.0) - (GoogleUpdaterService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService132.0.6833.0) - (GoogleUpdaterInternalService132.0.6833.0) - C:\Program Files (x86)\Google\GoogleUpdater\132.0.6833.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\131.0.6778.140\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\Windows\SysWow64\IntelCpHeciSvc.exe (sign: 'Microsoft')
O23 - Service S3: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS - (ICCS) - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (sign: 'Intel Corporation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (sign: 'Microsoft')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Driver R0: pwdrvio - C:\Windows\system32\pwdrvio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver R3: IWD Bus Enumerator - (iwdbus) - C:\Windows\System32\drivers\iwdbus.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver R3: nvlddmkm - C:\Windows\System32\DriverStore\FileRepository\nv_dispi.inf_amd64_1c83a5d7cffd7bff\nvlddmkm.sys (sign: 'NVIDIA Corporation')
O23 - Driver R3: Realtek RT640 NT Driver - (rt640x64) - C:\Windows\System32\drivers\rt640x64.sys (+safe mode) (sign: 'Realtek Semiconductor Corp')
O23 - Driver R3: Realtek Wireless LAN 802.11n USB 2.0 Network Adapter - (RtlWlanu) - C:\Windows\System32\drivers\rtwlanu.sys (+safe mode) (sign: 'Realtek Semiconductor Corp.')
O23 - Driver R3: Service for Realtek HD Audio (WDM) - (IntcAzAudAddService) - C:\Windows\system32\drivers\RTKVHD64.sys (sign: 'Realtek Semiconductor Corp.')
O23 - Driver S3: "Intel(R) Display Audio" ; {PlaceHolder="Display Audio","High Definition Audio"} - (IntcDAud) - C:\Windows\system32\DRIVERS\IntcDAud.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth A2dp driver" ; {Placeholder="Microsoft Bluetooth"} - (BthA2dp) - C:\Windows\System32\drivers\BthA2dp.sys (not signed)
O23 - Driver S3: "Microsoft Bluetooth Hands-Free Profile driver" ; {Placeholder="Microsoft Bluetooth"} - (BthHFEnum) - C:\Windows\System32\drivers\bthhfenum.sys (not signed)
O23 - Driver S3: igfx - C:\Windows\system32\DRIVERS\igdkmd64.sys (sign: 'Intel Corporation - pGFX')
O23 - Driver S3: Intel WiDi Audio Device - (intaud_WaveExtensible) - C:\Windows\system32\drivers\intelaud.sys (sign: 'Intel(R) Wireless Display')
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\Windows\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: pwdspio - C:\Windows\system32\pwdspio.sys (sign: 'MiniTool Solution Ltd')
O23 - Driver S3: SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) - (ssudmdm) - C:\Windows\system32\DRIVERS\ssudmdm.sys (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) - (dg_ssudbus) - C:\Windows\system32\DRIVERS\ssudbus2.sys (+safe mode) (sign: 'Samsung Electronics CO., LTD.')
O23 - Driver S3: USB RNDIS6 Adapter - (usbrndis6) - C:\Windows\System32\drivers\usb80236.sys (+safe mode) (not signed)
O23 - Driver S3: USB Scanner Driver - (usbscan) - C:\Windows\System32\drivers\usbscan.sys (+safe mode) (not signed)
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'rt640x64'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'RtlWlanu'
O23 - Dependency: Microsoft Service Group 'NDIS' contains unknown service: 'usbrndis6'


--
End of file - Time spent: 52,3 sec. - 40150 bytes, CRC32: FFFFFFFF. Sign: 蚹Þ

 

[Shark81]

Nessuno? Grazie

 

[ERCOLINO]

Mi sembra ok.

Cancella i file temporanei nella cartella Temp

 

[ERCOLINO]

La versione 3 è uscita dalla fase Alpha.

Ora è in versione beta

L'ultima versione stabile era la [2.10.0.31] - May 06, 2023

[3.4.0.15 Beta] - Jan 10, 2025
- Display free space of system drive, partition style (MBR, GPT) and storage technology (HDD, SSD)
- Fixed inaccurate RAM calculation, also total amount of memory displayed, MiB replaced into GiB.
- Added detection of Windows Server 2025.
- Updated O4, O27 databases.
- More reliable code for change services state.
- Some optimizations.

[3.4.0.14 Alpha] - Dec 25, 2024
- O7 - Policy: added checking for plain login/password usage.
- O26 - Debugger fix (thanks to thyrex).
- Certificates and lolbin base has been updated.

[3.4.0.13 Alpha] - Dec 21, 2024
- O26 - Debugger: Added detection of Stack Rumbling method.


Change log completo, dove potete vedere tutte le modifiche effettuate alla versione 2 all'ultima versione ora beta

hijackthis/src/_ChangeLog_en.txt at devel · dragokas/hijackthis

A free utility that finds malware, adware and other security threats - dragokas/hijackthis

github.com

Aggiornato primo post e titolo discussione

L'ultima versione beta la potete scaricare da qui

https://dragokas.com/tools/HiJackThis_test.zip

 

[IamRoby]

L'ultima versione beta la potete scaricare da qui

https://dragokas.com/tools/HiJackThis_test.zip

Non molto incoraggiante... virus test del sito sorgente , del file zip e del file exe

 

[ERCOLINO]

Per quando riguarda l'IP quello è un IP di CLOUDFLARE che viene condiviso da altri non significa molto

Il file exe è pulito malwarebyte e defender non rilevano altro.

In genere questi programmi avendo funzioni intrusive di analisi, possono essere considerati come potenzialmente pericolosi.

Tra l'altro è segnalato solo da un sistema che è Cinese

 

[IamRoby]

Per quando riguarda l'IP quello è un IP di CLOUDFLARE che viene condiviso da altri non significa molto

quello da 3 anche quelli tutti cinesi?

Il file exe è pulito malwarebyte e defender non rilevano altro.

non è detto perchè sono più popolari come antivirus ecc. rilevino qualcosa o meglio.

In genere questi programmi avendo funzioni intrusive di analisi, possono essere considerati come potenzialmente pericolosi.

Tra l'altro è segnalato solo da un sistema che è Cinese

sicurezza totale mai

 

[ERCOLINO]

[3.4.0.16 Beta] - Jan 13, 2025

- Updated databases of O4, O20, O26.
- Added detection of MS Office Addin. Microsoft and disabled records doesn't displayed.
- Impoved search order of executable files through CLSID.