Torna indietro   Hardware Upgrade Forum > Networking e sicurezza > Antivirus e Sicurezza > Aiuto sono infetto! Cosa faccio?
Ricarica la Pagina HiJackThis - Analisi Log - leggere Regole di Sezione

Wind Tre 'accende' il 5G Standalone in Italia: si apre una nuova era basata sui servizi
Wind Tre 'accende' il 5G Standalone in Italia: si apre una nuova era basata sui servizi
Con la prima rete 5G Standalone attiva in Italia, WINDTRE compie un passo decisivo verso un modello di connettività intelligente che abilita scenari avanzati per imprese e pubbliche amministrazioni, trasformando la rete da infrastruttura a piattaforma per servizi a valore aggiunto
OPPO Find X9 Pro: il camera phone con teleobiettivo da 200MP e batteria da 7500 mAh
OPPO Find X9 Pro: il camera phone con teleobiettivo da 200MP e batteria da 7500 mAh
OPPO Find X9 Pro punta a diventare uno dei riferimenti assoluti nel segmento dei camera phone di fascia alta. Con un teleobiettivo Hasselblad da 200 MP, una batteria al silicio-carbonio da 7500 mAh e un display da 6,78 pollici con cornici ultra ridotte, il nuovo flagship non teme confronti con la concorrenza, e non solo nel comparto fotografico mobile. La dotazione tecnica include il processore MediaTek Dimensity 9500, certificazione IP69 e un sistema di ricarica rapida a 80W
DJI Romo, il robot aspirapolvere tutto trasparente
DJI Romo, il robot aspirapolvere tutto trasparente
Anche DJI entra nel panorama delle aziende che propongono una soluzione per la pulizia di casa, facendo leva sulla propria esperienza legata alla mappatura degli ambienti e all'evitamento di ostacoli maturata nel mondo dei droni. Romo è un robot preciso ed efficace, dal design decisamente originale e unico ma che richiede per questo un costo d'acquisto molto elevato
Google Maps avrà una modalità a risparmio energetico con un design minimalista
HONOR sta lavorando a uno smartphone con batteria da 10.000 mAh
Thermaltake MAGFloe 360 Ultra ARGB Sync: raffreddamento AIO e display LCD da 3,95 pollici
Xiaomi 15T ora in super offerta su Amazon per tutti: 12+256GB e fotocamera Leica a 499€
Si stringe il cerchio attorno a TP-Link negli USA: vicino il ban per motivi di sicurezza nazionale
Amazon cambia i prezzi ancora una volta: scende un po' tutto e il meglio lo trovate con questi 23 articoli
Imperdibili i Google Pixel 10 a questi prezzi su Amazon: sconto immediato di altri 100€ con coupon, il risparmio totale è di ben 235€
Dyson OnTrac in super offerta su Amazon: le nuove cuffie wireless con ANC a metà prezzo, ora a 249€ invece di 499€
Amazon: la nuova ondata di licenziamenti non è legata all'AI, ma alla 'cultura aziendale' secondo il CEO
Questo portatile è un mostro: MSI 16" OLED 3840x2400px, 32GB RAM, Ryzen AI 9 365, una specie di MacBook Pro che costa la metà
Apple Watch Series 11 GPS + Cellular crolla su Amazon: il modello Jet Black da 579€ ora a 444,99€
Tutti gli articoli Tutte le news

Vai al Forum
Pagina 733 di 733 « Prima < 233 633 683 723 729 730 731 732 733
Rispondi
 
Strumenti
Old 01-08-2025, 21:32   #14641
Corry744
Junior Member
 
Iscritto dal: Sep 2008
Città: Civitavecchia
Messaggi: 17
Chi mi aiuta ad analizzare questo log e se è apposto?

Inviato dal mio SM-A528B utilizzando Tapatalk
__________________
Le Tv di Civitavecchia:
http://sites.google.com/site/letvdicivitavecchia/
Corry744 è offline   Rispondi citando il messaggio o parte di esso
Old 02-08-2025, 21:33   #14642
aled1974
Senior Member
 
L'Avatar di aled1974
 
Iscritto dal: Oct 2009
Messaggi: 24646
è passato tanto tempo dall’ultima volta che ci ho avuto a che fare (anni), e mi sembra che sia stato abbandonato da mo (anni appunto)…. ma….

prima ancora del log, hai già provato ad aprire il task manager per vedere quali applicativi consumano quota cpu e ram?

siccome alcuni miner sono bastardi, cioè che non appaiono nel task manager andando silenti e fermi nel momento in cui si apre…. e comunque a prescindere…. ti consiglio:
- scansione pc con almeno due antivirus diversi, di cui uno online
- scansione pc con almeno due antimalware diversi, tra i più comuni superantispyware e malwarebytes

tornando al log, io approfondirei/eliminerei le seguenti voci:

1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

cos’è e a cosa serve? è stato installato col pacchetto adobe-reader o altro?

1 C:\Program Files (x86)\SmartCMS\SmartCMS Server.exe
1 C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe

questi se non sbaglio si riferiscono ai lettori di cie/tessere sanitarie…. confermi di averlo installato tu e di utilizzarlo? altrimenti….

2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

idem per il punto iniziale, lo usi? ti serve? altrimenti reader dovrebbe funzionare lo stesso senza

1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe

direi a posto, fa pare della suite radeon della tua gpu

1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

questo, stando online (sono andato a vedere se era roba legata alle cartucce in abbonamento) è una potenziale porta di accesso aperta al mondo: https://support.hp.com/it-it/documen...51-12560661-16
prova a vedere se c’è una nuova versione o se è stata sostituita da un’altra suite da parte di hp

1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\Surfshark\Surfshark.exe
1 C:\Program Files\Surfshark\Surfshark.Service.exe

questi mi sembrano a posto: scheda audio e vpn


1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.9.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25061.45.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25071.10101.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.15301.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

questi sono widget, vero? Se sì sono stati rimossi dai tempi di w8 in quanto diversi presentavano vulnerabilità… ma se li hai “dalla notte dei tempi” allora direi tutto a posto…. ne uso tre anche io in modo forzato su w11

1 C:\Users\d80di\Documents\Hijackthis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

qui mi sembra tutto nella norma

O1 - Hosts: 127.0.0.1 keystone.mwbsys.com
O1 - Hosts: 127.0.0.1 holocron.mwbsys.com

ah ecco, ma allora malwarebytes ce l’hai…. Host che punta a localhost?

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_461\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_461\bin\ssv.dll (sign: 'Oracle America, Inc.')

questa è una toolbar java-based (o proprio di oracle) per il (uno dei) browser …. se non l’hai installata tu via via via

O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\138.0.7204.169\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_595ACA7AB1ED3690A20B3E494738DA81] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2022/06/24) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\d80di\AppData\Local\Programs\Opera\opera.exe (2023/10/25) (sign: 'Opera Norway AS')

i browser, direi ok


O4 - HKCU\..\Run: [Surfshark] = C:\Program Files\Surfshark\Surfshark.exe (sign: 'Surfshark B.V.')

la vpn, idem

O4 - HKCU\..\StartupApproved\Run: [TeraBox] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBox.exe AutoRun (2025/06/29) (sign: 'FLEXTECH INC.')
O4 - HKCU\..\StartupApproved\Run: [TeraBoxWeb] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBoxWebService.exe (2025/06/29) (sign: 'FLEXTECH INC.')

il cloud apple, idem

O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2020/09/28) (sign: 'Realtek Semiconductor Corp.')

la scheda audio, idem

O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (sign: 'Microsoft')

microsoft, ok

O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2020/10/15) (sign: 'Oracle America, Inc.')

pacchetto java (diverso dalla toolbar di sopra), ok

O4 - HKLM\..\StartupApproved\Run32: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe (2020/09/28) (not signed - Creative Technology Ltd. - 983D549FAFF76A8FAD7EDDA41638D4C2AFB40AC7)

hai anche un dispositivo creative/sound blaster o è un orfanello?

O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Carroll.lnk -> C:\Program Files (x86)\Carroll\Carroll.exe /OnlySet (2020/09/28) (not signed - the sz development - 2D0CF42439264BAB8653CA22AFC1873B9E030695)

questo cos’è?

O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O4 - Startup: C:\Users\d80di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiVirus] = 1

ok

O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)

orfanelli vecchia installazione di office? stai usando ancora la versione 2016? Se sì va corretto (reinstallazione?), altrimenti puoi segare

O17 - DHCP DNS 1: 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - DHCP DNS 2: 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 192.168.1.254
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)

penso ok, non so se Cisco viene fuori per via della vpn, se sono dns aggiuntivi che hai inserito tu o se hai qualcosa a marchio cisco

O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt0: (no name) - {C568C78A-652C-425B-8E6B-FFA73043302D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt1: (no name) - {2A6FE247-5DA3-4732-9626-77820518FD77} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt2: (no name) - {FF895810-293B-464A-93F2-82D11E07EEC8} - (no file)

direi voci orfanelle


-------------- il resto alla prossima puntata
__________________
Pc - [LianLi Pc70]-[Corsair Ax860]-[Asrock z-170 extreme 6]-[Intel i7 6700k]-[16gb ddr4 Kingston HyperX Fury]-[Ssd 870evo 4Tb + 860evo 1Tb + 14Tb Toshiba MG + 16Tb Seagate Exos + 18Tb Seagate Exos]-[Lg 34gn850b]-[Razer D-Back Plasma Red]-[Windows 11 Pro 64bit 23H2 ]
aled1974 è offline   Rispondi citando il messaggio o parte di esso
Old 03-08-2025, 09:31   #14643
Corry744
Junior Member
 
Iscritto dal: Sep 2008
Città: Civitavecchia
Messaggi: 17
Ok grazie per l'analisi che hai effettuato, in linea di massima direi che non ci sono software esterni, il pc è un po' datato del 2016, tutti quei software compreso anche Adobe li utilizzo, non mi sembra di vedere software malevoli che girano in background o voci malevoli da fixare.

Inviato dal mio SM-A528B utilizzando Tapatalk
__________________
Le Tv di Civitavecchia:
http://sites.google.com/site/letvdicivitavecchia/
Ultima modifica di Corry744 : 03-08-2025 alle 10:48.
Corry744 è offline   Rispondi citando il messaggio o parte di esso
Old 06-08-2025, 22:47   #14644
aled1974
Senior Member
 
L'Avatar di aled1974
 
Iscritto dal: Oct 2009
Messaggi: 24646
O4 - HKLM\..\StartupApproved\Run32: [Texto] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Texto.js" (2023/10/05) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [Username] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Username.js" (2023/10/05) (sign: 'Microsoft')

questi due js cosa sono?


O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup (empty)

avira c’è ancora nel pc? se no via

O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System (empty)

idem anche se non capisco a cosa si riferisca

O22 - Tasks: (disabled) BraveSoftwareUpdateTaskMachineCore - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSD Fresh\Program checksettings -autorun (file missing)
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.0{DFADB71F-9530-4C05-A375-026BEDAD0BF5} - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Background Update S-1-5-21-1593497920-3724576141-1433594885-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (sign: 'Now.gg, INC')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: IObit ANNI2025Sale (One-time) - C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\anniml.exe /rpop (file missing)
O22 - Tasks: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks_Migrated: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks_Migrated: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSDFresh\AbLauncher.exe checksettings -autorun (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\BackgroundUploadTask - {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\NetworkStateChangeTask - {A4173A49-F373-4475-9A0F-2D615204DC20} - (no file)
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks_Migrated: ASC_SkipUac_d80di - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks_Migrated: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Tasks_Migrated: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks_Migrated: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Tasks_Migrated: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks_Migrated: Sump Task (One-Time) - C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe /sup2 (file missing)
O22 - Tasks_Migrated: VivaldiUpdateCheck-5924e1198cc83f03 - C:\Users\d80di\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler (file missing)


penso che si possano segare tutti questi*

O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (sign: 'HP Inc.')
O23 - Service R2: SmartCMS_Server - C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe (not signed - no company - 7BA8F847991B4658A80C7663767CC058FF6D4E60)
O23 - Service R2: Surfshark Service - C:\Program Files\Surfshark\Surfshark.Service.exe -displayname "Surfshark Service" -servicename "Surfshark Service" (sign: 'Surfshark B.V.')
O23 - Service S2: MxService - C:\Program Files (x86)\Maxthon5\Bin\MxService.exe (sign: 'Maxthon Technology Co, Ltd.')
O23 - Service S2: Servizio Brave Update (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService140.0.7273.0) - (GoogleUpdaterService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService140.0.7273.0) - (GoogleUpdaterInternalService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\138.0.7204.169\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: LibreOffice Maintenance Service - (LibreOfficeMaintenance) - C:\Program Files\LibreOffice\program\update_service.exe (sign: 'The Document Foundation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" (sign: 'Riverbed Technology, Inc.')
O23 - Service S3: Servizio Brave Update (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: TeraBoxUtility - C:\Users\d80di\AppData\Roaming\TeraBox\YunUtilityService.exe (sign: 'FLEXTECH INC.')
O23 - Driver R2: BlueStacks Hypervisor_nxt - (BlueStacksDrv_nxt) - C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys (sign: 'Microsoft' - Bluestack System Inc.)
O23 - Driver R2: inpoutx64 - C:\WINDOWS\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R3: scaudio Service - (scaudio) - C:\WINDOWS\System32\drivers\scaudio.sys (sign: 'Brandmeister LLC')
O23 - Driver R3: SplitCam Virtual Video Driver - (splitcam_hd_driver) - C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys (sign: 'Brandmeister LLC')
O23 - Driver S3: @oem15.inf,%DeviceDescription%;TAP-Surfshark Windows Adapter V9 - (tapsurfshark) - C:\WINDOWS\System32\drivers\tapsurfshark.sys (+safe mode) (sign: 'WDKTestCert Lenovo,131775874531219913', but untrusted root: 'WDKTestCert Lenovo,131775874531219913' with fingerprint: 594FC0AA1FA7E3B7CF66D9508EC3D8DB4B6550B6)
O23 - Driver S3: AQFileRestore - C:\WINDOWS\system32\DRIVERS\AQFileRestore.sys (sign: 'Avanquest North America Inc.')
O23 - Driver S3: HwHandSet_CompositeFilter - (ew_usbccgpfilter) - C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys (+safe mode) (not signed - Huawei Technologies Co., Ltd. - A1CBFC9F58FAFDA959C3BE5CABD3BCA4901F6BA9)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: NetGroup Packet Filter Driver - (NPF) - C:\WINDOWS\system32\drivers\npf.sys (sign: 'Riverbed Technology, Inc.')
O23 - Driver S3: Revoflt - C:\WINDOWS\system32\DRIVERS\revoflt.sys (sign: 'Microsoft' - VS Revo Group)
O23 - Driver S3: SurfsharkBypasser - C:\Program Files\Surfshark\Resources\x64\SurfsharkBypasser.sys (sign: 'Microsoft' - Surfshark)

idem
però se sono programmi da te conosciuti e ti ricordi di averli installati volontariamente valuta attentamente*



* anzi, forse sarebbe meglio fare un backup del registro prima di segare le voci, tanto per avere una copia di riserva, non si sa mai

non credo comunque che eliminate queste voci il pc diventerà molto più performante di ora…. meglio IMHO doppia scansione antivirus e antimalware


e comunque aspetta un secondo parere

ciao ciao
__________________
Pc - [LianLi Pc70]-[Corsair Ax860]-[Asrock z-170 extreme 6]-[Intel i7 6700k]-[16gb ddr4 Kingston HyperX Fury]-[Ssd 870evo 4Tb + 860evo 1Tb + 14Tb Toshiba MG + 16Tb Seagate Exos + 18Tb Seagate Exos]-[Lg 34gn850b]-[Razer D-Back Plasma Red]-[Windows 11 Pro 64bit 23H2 ]
aled1974 è offline   Rispondi citando il messaggio o parte di esso
Old 09-08-2025, 13:41   #14645
Corry744
Junior Member
 
Iscritto dal: Sep 2008
Città: Civitavecchia
Messaggi: 17
Ti ringrazio, ho visto i tuoi messaggi ma non mi fa rispondere, grazie infinite per tutto, appena ho tempo vedo il da farsi, il computer comunque è del 2016, tra un po' sarà ora che lo sostituisco, hdd si è guastato già da qualche mese, per fortuna il sistema operativo è caricato tramite ssd, buona giornata, grazie di tutto

Inviato dal mio SM-A528B utilizzando Tapatalk
__________________
Le Tv di Civitavecchia:
http://sites.google.com/site/letvdicivitavecchia/
Corry744 è offline   Rispondi citando il messaggio o parte di esso
Old 18-10-2025, 12:10   #14646
opiganz
Junior Member
 
Iscritto dal: Apr 2019
Messaggi: 4
analisi file hjthis
Ciao,
potreste aiutarmi ad analizzare e correggere il file hjthis del mio pc?

Ultimamente ho avuto problemi all'accensione del pc, non riuscivo più ad accenderlo, saltava anche avvio in modalità provvisoria e usciva schermata nera. Ho trovato un problema causato dall'antivirus McAfee: il pc all'avvio cercava un file dell'antivirus che non esisteva. Ora si avvia e funziona correttamente, ma vorrei ripulirlo.

Grazie


Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.6332 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 18.10.2025 - 11:43 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on DESKTOP-SEMCQ8A, FirstRun: yes

Chrome: 141.0.7390.77
Firefox: 144.0.0.279
Internet Explorer: 11.0.19041.5794
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
1 C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
1 C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
2 C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplmv.exe
1 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.71\msedgewebview2.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
1 C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
1 C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
1 C:\Program Files\Acer\Quick Access Service\QAAgent.exe
1 C:\Program Files\Acer\Quick Access Service\QASvc.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
29 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\McAfee\WebAdvisor\browserhost.exe
1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
1 C:\Program Files\Norton\Suite\afwServ.exe
1 C:\Program Files\Norton\Suite\aswEngSrv.exe
1 C:\Program Files\Norton\Suite\AvDump.exe
1 C:\Program Files\Norton\Suite\nllToolsSvc.exe
1 C:\Program Files\Norton\Suite\NortonSvc.exe
1 C:\Program Files\Norton\Suite\wsc_proxy.exe
2 C:\Program Files\PDF24\pdf24.exe
1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2539.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
1 C:\Program Files\WindowsApps\AppleInc.iCloud_15.5.23.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
1 C:\Program Files\WindowsApps\AppleInc.iTunes_12138.3.59016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2502.2.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
4 C:\Users\Luca\AppData\Local\GoSign-Desktop\app-2.4.0\GoSignDesktop.exe
1 C:\Users\Luca\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\FileCoAuth.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\OneDrive.Sync.Service.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe
8 C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe
1 C:\Users\Luca\Downloads\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MusNotifyIcon.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
2 C:\Windows\System32\RtkAudUService64.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://acer17win10.msn.com/?pc=ACTE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://acer17win10.msn.com/?pc=ACTE
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: [url] = https://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=IT&ver=22.21.1.151&locale=IT_en&guid=CCCD9D4F-FBF4-4EA2-AFA2-CFE2E8E675DF&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869 - Norton Safe Search
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] = C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
O4 - HKCU\..\Run: [AKI1483n] = C:\Users\Luca\AppData\Roaming\roob36xO\sbautoupdate_[2MB]_[unsign].exe (file missing)
O4 - HKCU\..\Run: [btweb] = C:\Users\Luca\AppData\Roaming\BitTorrent Web\btweb.exe /MINIMIZED (file missing)
O4 - HKCU\..\Run: [it.infocert.desktop.gosign] = C:\Users\Luca\AppData\Local\GoSign-Desktop\Update.exe --processStart "GoSignDesktop.exe" --process-start-args "--start-tray"
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_C142ABE082D47AE0CF955DABF6724A55] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\Run: [vidnotifier.exe] = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (file missing)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2019/04/06)
O4 - HKCU\..\StartupApproved\Run: [TS-Planet Link] = C:\Tecnos\PLANET\pLink.exe (2023/01/03)
O4 - HKLM\..\Run: [PDF24] = C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O4 - HKLM\..\Run: [WSVCUUpdateHelper.exe] = C:\Program Files\Wondershare\Wondershare UniConverter (CPC)\WSVCUUpdateHelper.exe
O4 - HKLM\..\StartupApproved\Run: [NortonUI.exe] = C:\Program Files\Norton\Suite\AvLaunch.exe /gui (2025/10/04)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\windows\system32\SecurityHealthSystray.exe (2023/01/03)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
O4-32 - HKLM\..\Run: [Canon Toner Status] = C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
O4-32 - HKLM\..\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O5 - Applet: C:\windows\System32\plotman.cpl (Sign: 'Autodesk, Inc.')
O5 - Applet: C:\windows\System32\styleman.cpl (Sign: 'Autodesk, Inc.')
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O15 - Trusted Zone: https://granellosondrio-files.sharepoint.com
O15 - Trusted Zone: https://granellosondrio-myfiles.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O20-32 - HKLM\..\Winlogon\Notify\SDWinLogon: [DllName] = SDWinLogon.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:/Program Files/Norton/Suite/ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Norton\Suite\ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\windows\system32\AcSignIcon.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Norton\Suite\x86\ashShell.dll
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\windows\explorer.exe
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing)
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft) (user missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00B29003-DFE6-4A33-8E0F-17BB19875717} - \McAfee\WPS\McAfee Anti-Tracker Scanner (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1352140E-5A46-4CC3-B999-43B6C9FA356E} - \McAfee\WPS\McAfee Scheduled Tracker Remover (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{148203CE-E324-4B03-B579-B2878592E11B} - \McAfee\WPS\McAfee Health Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20161EFE-99C0-402D-A7C7-B355D77A252A} - \McAfee\WPS\McAfee Message Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70914467-AA95-4C20-A2A7-49A7F3CE1D34} - \McAfee\WPS\McAfee Scheduled AV Scan (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7556E2AF-C545-479A-9884-B455EEEB3DCD} - \McAfee\WPS\McAfee Fake Alert Blocker (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F6DE6D9-A118-4B80-8E90-DB17AD757B7A} - \McAfee\WPS\McAfee PC Optimizer Task (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A2EEDEB-B793-4C7B-9B17-2FA904CA2040} - \McAfee\WPS\McAfee Subscription Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6BF79B-D1E3-4245-BB09-2DA0F45DC371} - \McAfee\WPS\McAfee Hotfix (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE831A3-6413-49BA-8AC3-202FFA83EA05} - \McAfee\WPS\McAfee Anti-tracker notification (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFE8934C-A477-47E0-B6FE-DF41B5C513BF} - \McAfee\WPS\McAfee Virus Definition Update (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B0B6C9-2310-40DD-9401-63D472FB78BC} - \McAfee\WPS\McAfee restart of PC (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D2E1F7-B55E-4141-B407-88A996EFD3E6} - \McAfee\WPS\McAfee Cloud Configuration Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF995DB0-C9ED-4F45-B15F-016A17076C61} - \McAfee\wps\McAfee Updater (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-751694787-3671077484-345686985-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Clip\ClipESU - C:\windows\system32\clipesu.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-751694787-3671077484-345686985-1001\DataSenseLiveTileTask - C:\windows\System32\DataUsageLiveTileTask.exe
O22 - Task: (disabled) UbtFrameworkService - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (Microsoft)
O22 - Task: \Canon\OIPPESP\Canon OIP Product Extended Survey Program - C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
O22 - Task: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem142.0.7416.0{E5B6AE21-41E4-4A3C-A96D-BC77F62C9E7D} - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --wake --system
O22 - Task: \Microsoft\Office\Office Actions Server - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe availabilitycheck (Microsoft)
O22 - Task: \Microsoft\Office\Office Background Push Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\opushutil.exe /pushregistration (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\windows\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipESUConsumer - C:\windows\system32\ClipESUConsumer.exe -evaluateEligibility (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder - C:\windows\system32\ClipESUConsumer.exe -postProcessPreOrder (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund - C:\windows\system32\ClipESUConsumer.exe -processRefund (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\EnableClipESU - C:\windows\system32\clipesu.exe -e (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82AA0895-198A-4C1B-B2D1-C16894218AFB} - C:\windows\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\windows\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-751694787-3671077484-345686985-1001 E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O22 - Task: \Norton\Norton 360 Patcher - C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe /update:norton-suite /silent /only_patch
O22 - Task: \Norton\Overseer - C:\Program Files\Common Files\Norton\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Norton\Suite Emergency Update - C:\Program Files\Norton\Suite\AvEmUpdate.exe
O22 - Task: \Oem\AcerJumpstartTask - C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe /task
O22 - Task: ACC - C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto
O22 - Task: ACCAgent - C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
O22 - Task: ACCBackgroundApplication - C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
O22 - Task: AcerCMUpdateTask2.9.25180 - C:\Program Files (x86)\Acer\Amundsen\2.9.25180\awc.exe /task
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: App Explorer - C:\Users\Luca\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe /LOGON
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-751694787-3671077484-345686985-1001 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: OneDrive Startup Task-S-1-5-21-751694787-3671077484-345686985-1001 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\OneDriveLauncher.exe /startInstances
O22 - Task: Quick Access - C:\Program Files\Acer\Quick Access Service\QALauncher.exe
O22 - Task: Software Update Application - C:\ProgramData\OEM\UpgradeTool\ListCheck.exe
O22 - Task: UEIPInvitation - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe
O23 - Service R2: ACC Service - (ACCSvc) - C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: AMD External Events Utility - C:\windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atiesrxx.exe
O23 - Service R2: Genesys Logic Service - (GeneStorSvc) - C:\windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: Norton Antivirus - C:\Program Files\Norton\Suite\NortonSvc.exe /runassvc
O23 - Service R2: Norton Firewall Service - (Norton Firewall) - C:\Program Files\Norton\Suite\afwServ.exe
O23 - Service R2: Norton Tools - C:\Program Files\Norton\Suite\nllToolsSvc.exe /runassvc
O23 - Service R2: nortonAvDumper64 - C:\Program Files\Norton\Suite\AvDump.exe /runassvc
O23 - Service R2: NortonWscReporter - C:\Program Files\Norton\Suite\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: PDF24 - C:\Program Files\PDF24\pdf24.exe -service
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\windows\System32\RtkAudUService64.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe -run
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
O23 - Service R2: Spybot-S&D 2 Scanner Service - (SDScannerService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service R2: Spybot-S&D 2 Security Center Service - (SDWSCService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service R2: Spybot-S&D 2 Updating Service - (SDUpdateService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service R2: WildTangentHelper - C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
O23 - Service R3: Quick Access Service - (QASvc) - C:\Program Files\Acer\Quick Access Service\QASvc.exe
O23 - Service S2: McAfee Framework Host - (mc-fw-host) - C:\\?\C:\Program Files\McAfee\WPS\1.33.152.1\mc-fw-host.exe -service (file missing)
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService142.0.7416.0) - (GoogleUpdaterService142.0.7416.0) - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --system --windows-service --service=update
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService142.0.7416.0) - (GoogleUpdaterInternalService142.0.7416.0) - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --system --windows-service --service=update-internal
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\141.0.7390.77\elevation_service.exe
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
O23 - Service S3: McAfee Software Update - (mc-wps-update) - C:\Program Files\McAfee\wps\1.33.152.1\mc-update.exe /runservice (file missing)
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: nllbIDSAgent - C:\Program Files\Norton\Suite\aswidsagent.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Experience Improvement Program - (UEIPSvc) - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe
O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files\Wondershare\Wondershare UniConverter (CPC)\Transfer\DriverInstall.exe


--
End of file - Time spent: 23,3 sec. - 50030 bytes, CRC32: FFFFFFFF. Sign: 錎鹶
opiganz è offline   Rispondi citando il messaggio o parte di esso
Old 18-10-2025, 12:10   #14647
opiganz
Junior Member
 
Iscritto dal: Apr 2019
Messaggi: 4
analisi file hjthis
Ciao,
potreste aiutarmi ad analizzare e correggere il file hjthis del mio pc?

Ultimamente ho avuto problemi all'accensione del pc, non riuscivo più ad accenderlo, saltava anche avvio in modalità provvisoria e usciva schermata nera. Ho trovato un problema causato dall'antivirus McAfee: il pc all'avvio cercava un file dell'antivirus che non esisteva. Ora si avvia e funziona correttamente, ma vorrei ripulirlo.

Grazie


Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.6332 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 18.10.2025 - 11:43 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on DESKTOP-SEMCQ8A, FirstRun: yes

Chrome: 141.0.7390.77
Firefox: 144.0.0.279
Internet Explorer: 11.0.19041.5794
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
1 C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
1 C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
2 C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplmv.exe
1 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.71\msedgewebview2.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
1 C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
1 C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
1 C:\Program Files\Acer\Quick Access Service\QAAgent.exe
1 C:\Program Files\Acer\Quick Access Service\QASvc.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
29 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\McAfee\WebAdvisor\browserhost.exe
1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
1 C:\Program Files\Norton\Suite\afwServ.exe
1 C:\Program Files\Norton\Suite\aswEngSrv.exe
1 C:\Program Files\Norton\Suite\AvDump.exe
1 C:\Program Files\Norton\Suite\nllToolsSvc.exe
1 C:\Program Files\Norton\Suite\NortonSvc.exe
1 C:\Program Files\Norton\Suite\wsc_proxy.exe
2 C:\Program Files\PDF24\pdf24.exe
1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2539.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
1 C:\Program Files\WindowsApps\AppleInc.iCloud_15.5.23.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
1 C:\Program Files\WindowsApps\AppleInc.iTunes_12138.3.59016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2502.2.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
4 C:\Users\Luca\AppData\Local\GoSign-Desktop\app-2.4.0\GoSignDesktop.exe
1 C:\Users\Luca\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\FileCoAuth.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\OneDrive.Sync.Service.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe
8 C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe
1 C:\Users\Luca\Downloads\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MusNotifyIcon.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
2 C:\Windows\System32\RtkAudUService64.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://acer17win10.msn.com/?pc=ACTE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://acer17win10.msn.com/?pc=ACTE
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: [url] = https://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=IT&ver=22.21.1.151&locale=IT_en&guid=CCCD9D4F-FBF4-4EA2-AFA2-CFE2E8E675DF&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869 - Norton Safe Search
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] = C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
O4 - HKCU\..\Run: [AKI1483n] = C:\Users\Luca\AppData\Roaming\roob36xO\sbautoupdate_[2MB]_[unsign].exe (file missing)
O4 - HKCU\..\Run: [btweb] = C:\Users\Luca\AppData\Roaming\BitTorrent Web\btweb.exe /MINIMIZED (file missing)
O4 - HKCU\..\Run: [it.infocert.desktop.gosign] = C:\Users\Luca\AppData\Local\GoSign-Desktop\Update.exe --processStart "GoSignDesktop.exe" --process-start-args "--start-tray"
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_C142ABE082D47AE0CF955DABF6724A55] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\Run: [vidnotifier.exe] = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (file missing)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2019/04/06)
O4 - HKCU\..\StartupApproved\Run: [TS-Planet Link] = C:\Tecnos\PLANET\pLink.exe (2023/01/03)
O4 - HKLM\..\Run: [PDF24] = C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O4 - HKLM\..\Run: [WSVCUUpdateHelper.exe] = C:\Program Files\Wondershare\Wondershare UniConverter (CPC)\WSVCUUpdateHelper.exe
O4 - HKLM\..\StartupApproved\Run: [NortonUI.exe] = C:\Program Files\Norton\Suite\AvLaunch.exe /gui (2025/10/04)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\windows\system32\SecurityHealthSystray.exe (2023/01/03)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
O4-32 - HKLM\..\Run: [Canon Toner Status] = C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
O4-32 - HKLM\..\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O5 - Applet: C:\windows\System32\plotman.cpl (Sign: 'Autodesk, Inc.')
O5 - Applet: C:\windows\System32\styleman.cpl (Sign: 'Autodesk, Inc.')
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O15 - Trusted Zone: https://granellosondrio-files.sharepoint.com
O15 - Trusted Zone: https://granellosondrio-myfiles.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O20-32 - HKLM\..\Winlogon\Notify\SDWinLogon: [DllName] = SDWinLogon.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:/Program Files/Norton/Suite/ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Norton\Suite\ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\windows\system32\AcSignIcon.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Norton\Suite\x86\ashShell.dll
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\windows\explorer.exe
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing)
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft) (user missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00B29003-DFE6-4A33-8E0F-17BB19875717} - \McAfee\WPS\McAfee Anti-Tracker Scanner (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1352140E-5A46-4CC3-B999-43B6C9FA356E} - \McAfee\WPS\McAfee Scheduled Tracker Remover (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{148203CE-E324-4B03-B579-B2878592E11B} - \McAfee\WPS\McAfee Health Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20161EFE-99C0-402D-A7C7-B355D77A252A} - \McAfee\WPS\McAfee Message Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70914467-AA95-4C20-A2A7-49A7F3CE1D34} - \McAfee\WPS\McAfee Scheduled AV Scan (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7556E2AF-C545-479A-9884-B455EEEB3DCD} - \McAfee\WPS\McAfee Fake Alert Blocker (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F6DE6D9-A118-4B80-8E90-DB17AD757B7A} - \McAfee\WPS\McAfee PC Optimizer Task (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A2EEDEB-B793-4C7B-9B17-2FA904CA2040} - \McAfee\WPS\McAfee Subscription Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6BF79B-D1E3-4245-BB09-2DA0F45DC371} - \McAfee\WPS\McAfee Hotfix (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE831A3-6413-49BA-8AC3-202FFA83EA05} - \McAfee\WPS\McAfee Anti-tracker notification (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFE8934C-A477-47E0-B6FE-DF41B5C513BF} - \McAfee\WPS\McAfee Virus Definition Update (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B0B6C9-2310-40DD-9401-63D472FB78BC} - \McAfee\WPS\McAfee restart of PC (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D2E1F7-B55E-4141-B407-88A996EFD3E6} - \McAfee\WPS\McAfee Cloud Configuration Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF995DB0-C9ED-4F45-B15F-016A17076C61} - \McAfee\wps\McAfee Updater (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-751694787-3671077484-345686985-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Clip\ClipESU - C:\windows\system32\clipesu.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-751694787-3671077484-345686985-1001\DataSenseLiveTileTask - C:\windows\System32\DataUsageLiveTileTask.exe
O22 - Task: (disabled) UbtFrameworkService - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (Microsoft)
O22 - Task: \Canon\OIPPESP\Canon OIP Product Extended Survey Program - C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
O22 - Task: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem142.0.7416.0{E5B6AE21-41E4-4A3C-A96D-BC77F62C9E7D} - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --wake --system
O22 - Task: \Microsoft\Office\Office Actions Server - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe availabilitycheck (Microsoft)
O22 - Task: \Microsoft\Office\Office Background Push Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\opushutil.exe /pushregistration (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\windows\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipESUConsumer - C:\windows\system32\ClipESUConsumer.exe -evaluateEligibility (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder - C:\windows\system32\ClipESUConsumer.exe -postProcessPreOrder (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund - C:\windows\system32\ClipESUConsumer.exe -processRefund (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\EnableClipESU - C:\windows\system32\clipesu.exe -e (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82AA0895-198A-4C1B-B2D1-C16894218AFB} - C:\windows\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\windows\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-751694787-3671077484-345686985-1001 E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O22 - Task: \Norton\Norton 360 Patcher - C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe /update:norton-suite /silent /only_patch
O22 - Task: \Norton\Overseer - C:\Program Files\Common Files\Norton\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Norton\Suite Emergency Update - C:\Program Files\Norton\Suite\AvEmUpdate.exe
O22 - Task: \Oem\AcerJumpstartTask - C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe /task
O22 - Task: ACC - C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto
O22 - Task: ACCAgent - C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
O22 - Task: ACCBackgroundApplication - C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
O22 - Task: AcerCMUpdateTask2.9.25180 - C:\Program Files (x86)\Acer\Amundsen\2.9.25180\awc.exe /task
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: App Explorer - C:\Users\Luca\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe /LOGON
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-751694787-3671077484-345686985-1001 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: OneDrive Startup Task-S-1-5-21-751694787-3671077484-345686985-1001 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\OneDriveLauncher.exe /startInstances
O22 - Task: Quick Access - C:\Program Files\Acer\Quick Access Service\QALauncher.exe
O22 - Task: Software Update Application - C:\ProgramData\OEM\UpgradeTool\ListCheck.exe
O22 - Task: UEIPInvitation - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe
O23 - Service R2: ACC Service - (ACCSvc) - C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: AMD External Events Utility - C:\windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atiesrxx.exe
O23 - Service R2: Genesys Logic Service - (GeneStorSvc) - C:\windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: Norton Antivirus - C:\Program Files\Norton\Suite\NortonSvc.exe /runassvc
O23 - Service R2: Norton Firewall Service - (Norton Firewall) - C:\Program Files\Norton\Suite\afwServ.exe
O23 - Service R2: Norton Tools - C:\Program Files\Norton\Suite\nllToolsSvc.exe /runassvc
O23 - Service R2: nortonAvDumper64 - C:\Program Files\Norton\Suite\AvDump.exe /runassvc
O23 - Service R2: NortonWscReporter - C:\Program Files\Norton\Suite\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: PDF24 - C:\Program Files\PDF24\pdf24.exe -service
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\windows\System32\RtkAudUService64.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe -run
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
O23 - Service R2: Spybot-S&D 2 Scanner Service - (SDScannerService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service R2: Spybot-S&D 2 Security Center Service - (SDWSCService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service R2: Spybot-S&D 2 Updating Service - (SDUpdateService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service R2: WildTangentHelper - C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
O23 - Service R3: Quick Access Service - (QASvc) - C:\Program Files\Acer\Quick Access Service\QASvc.exe
O23 - Service S2: McAfee Framework Host - (mc-fw-host) - C:\\?\C:\Program Files\McAfee\WPS\1.33.152.1\mc-fw-host.exe -service (file missing)
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService142.0.7416.0) - (GoogleUpdaterService142.0.7416.0) - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --system --windows-service --service=update
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService142.0.7416.0) - (GoogleUpdaterInternalService142.0.7416.0) - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --system --windows-service --service=update-internal
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\141.0.7390.77\elevation_service.exe
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
O23 - Service S3: McAfee Software Update - (mc-wps-update) - C:\Program Files\McAfee\wps\1.33.152.1\mc-update.exe /runservice (file missing)
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: nllbIDSAgent - C:\Program Files\Norton\Suite\aswidsagent.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Experience Improvement Program - (UEIPSvc) - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe
O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files\Wondershare\Wondershare UniConverter (CPC)\Transfer\DriverInstall.exe


--
End of file - Time spent: 23,3 sec. - 50030 bytes, CRC32: FFFFFFFF. Sign: 錎鹶
opiganz è offline   Rispondi citando il messaggio o parte di esso
Old 18-10-2025, 12:11   #14648
opiganz
Junior Member
 
Iscritto dal: Apr 2019
Messaggi: 4
analisi file hjthis
Ciao,
potreste aiutarmi ad analizzare e correggere il file hjthis del mio pc?

Ultimamente ho avuto problemi all'accensione del pc, non riuscivo più ad accenderlo, saltava anche avvio in modalità provvisoria e usciva schermata nera. Ho trovato un problema causato dall'antivirus McAfee: il pc all'avvio cercava un file dell'antivirus che non esisteva. Ora si avvia e funziona correttamente, ma vorrei ripulirlo.

Grazie


Logfile of HiJackThis Fork by Alex Dragokas v.2.10.0.13

Platform: x64 Windows 10 (Home), 10.0.19045.6332 (ReleaseId: 2009, 22H2), Service Pack: 0
Time: 18.10.2025 - 11:43 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Luca (group: Administrators) on DESKTOP-SEMCQ8A, FirstRun: yes

Chrome: 141.0.7390.77
Firefox: 144.0.0.279
Internet Explorer: 11.0.19041.5794
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
1 C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
1 C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe
2 C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplmv.exe
1 C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
7 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
6 C:\Program Files (x86)\Microsoft\EdgeWebView\Application\141.0.3537.71\msedgewebview2.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
1 C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
1 C:\Program Files\Acer\Quick Access Service\QAAdminAgent.exe
1 C:\Program Files\Acer\Quick Access Service\QAAgent.exe
1 C:\Program Files\Acer\Quick Access Service\QASvc.exe
2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
29 C:\Program Files\Google\Chrome\Application\chrome.exe
1 C:\Program Files\McAfee\WebAdvisor\browserhost.exe
1 C:\Program Files\McAfee\WebAdvisor\servicehost.exe
1 C:\Program Files\McAfee\WebAdvisor\uihost.exe
1 C:\Program Files\Norton\Suite\afwServ.exe
1 C:\Program Files\Norton\Suite\aswEngSrv.exe
1 C:\Program Files\Norton\Suite\AvDump.exe
1 C:\Program Files\Norton\Suite\nllToolsSvc.exe
1 C:\Program Files\Norton\Suite\NortonSvc.exe
1 C:\Program Files\Norton\Suite\wsc_proxy.exe
2 C:\Program Files\PDF24\pdf24.exe
1 C:\Program Files\WindowsApps\5319275A.WhatsAppDesktop_2.2539.2.0_x64__cv1g1gvanyjgm\WhatsApp.exe
1 C:\Program Files\WindowsApps\AppleInc.iCloud_15.5.23.0_x64__nzyj5cx40ttqa\iCloud\iCloudCKKS.exe
1 C:\Program Files\WindowsApps\AppleInc.iTunes_12138.3.59016.0_x64__nzyj5cx40ttqa\AMDS64\AppleMobileDeviceProcess.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_11.2502.2.0_x64__8wekyb3d8bbwe\CalculatorApp.exe
1 C:\Program Files\WindowsApps\ReaderNotificationClient_1.0.4.0_x86__e1rzdqpraam7r\AcrobatNotificationClient.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\NisSrv.exe
4 C:\Users\Luca\AppData\Local\GoSign-Desktop\app-2.4.0\GoSignDesktop.exe
1 C:\Users\Luca\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\FileCoAuth.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\OneDrive.Sync.Service.exe
1 C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe
8 C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe
1 C:\Users\Luca\Downloads\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\AggregatorHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\cmd.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\MusNotifyIcon.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
2 C:\Windows\System32\RtkAudUService64.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
2 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://acer17win10.msn.com/?pc=ACTE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://acer17win10.msn.com/?pc=ACTE
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: [url] = https://nortonsafe.search.ask.com/web?q={searchTerms}&l=dis&prt=NGC&chn=retail&geo=IT&ver=22.21.1.151&locale=IT_en&guid=CCCD9D4F-FBF4-4EA2-AFA2-CFE2E8E675DF&doi=2016-09-01&o=APN11913&gct=kwd&qsrc=2869 - Norton Safe Search
O4 - HKCU\..\Run: [Adobe Acrobat Synchronizer] = C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe
O4 - HKCU\..\Run: [AKI1483n] = C:\Users\Luca\AppData\Roaming\roob36xO\sbautoupdate_[2MB]_[unsign].exe (file missing)
O4 - HKCU\..\Run: [btweb] = C:\Users\Luca\AppData\Roaming\BitTorrent Web\btweb.exe /MINIMIZED (file missing)
O4 - HKCU\..\Run: [it.infocert.desktop.gosign] = C:\Users\Luca\AppData\Local\GoSign-Desktop\Update.exe --processStart "GoSignDesktop.exe" --process-start-args "--start-tray"
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_C142ABE082D47AE0CF955DABF6724A55] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --win-session-start
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\Run: [vidnotifier.exe] = C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\vidnotifier\vidnotifier.exe (file missing)
O4 - HKCU\..\StartupApproved\Run: [Spotify] = C:\Users\Luca\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (2019/04/06)
O4 - HKCU\..\StartupApproved\Run: [TS-Planet Link] = C:\Tecnos\PLANET\pLink.exe (2023/01/03)
O4 - HKLM\..\Run: [PDF24] = C:\Program Files\PDF24\pdf24.exe
O4 - HKLM\..\Run: [RtkAudUService] = C:\WINDOWS\System32\RtkAudUService64.exe -background
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O4 - HKLM\..\Run: [WSVCUUpdateHelper.exe] = C:\Program Files\Wondershare\Wondershare UniConverter (CPC)\WSVCUUpdateHelper.exe
O4 - HKLM\..\StartupApproved\Run: [NortonUI.exe] = C:\Program Files\Norton\Suite\AvLaunch.exe /gui (2025/10/04)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\windows\system32\SecurityHealthSystray.exe (2023/01/03)
O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\kchain.lnk -> C:\Program Files (x86)\Bit4id\UKC\UKC\bin\kchain.exe
O4-32 - HKLM\..\Run: [Canon Toner Status] = C:\Program Files (x86)\Canon\OIPTonerStatus\CnTnrStsTask.exe
O4-32 - HKLM\..\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
O5 - Applet: C:\windows\System32\plotman.cpl (Sign: 'Autodesk, Inc.')
O5 - Applet: C:\windows\System32\styleman.cpl (Sign: 'Autodesk, Inc.')
O15 - Trusted Zone: *.localhost
O15 - Trusted Zone: http://webcompanion.com
O15 - Trusted Zone: https://granellosondrio-files.sharepoint.com
O15 - Trusted Zone: https://granellosondrio-myfiles.sharepoint.com
O17 - DHCP DNS 1: 192.168.1.1
O20-32 - HKLM\..\Winlogon\Notify\SDWinLogon: [DllName] = SDWinLogon.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:/Program Files/Norton/Suite/ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Norton\Suite\ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\windows\system32\AcSignIcon.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ - C:\Program Files\Norton\Suite\x86\ashShell.dll
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\windows\explorer.exe
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft) (user missing)
O22 - Task: (damaged) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft) (user missing)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{00B29003-DFE6-4A33-8E0F-17BB19875717} - \McAfee\WPS\McAfee Anti-Tracker Scanner (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1352140E-5A46-4CC3-B999-43B6C9FA356E} - \McAfee\WPS\McAfee Scheduled Tracker Remover (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{148203CE-E324-4B03-B579-B2878592E11B} - \McAfee\WPS\McAfee Health Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{20161EFE-99C0-402D-A7C7-B355D77A252A} - \McAfee\WPS\McAfee Message Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70914467-AA95-4C20-A2A7-49A7F3CE1D34} - \McAfee\WPS\McAfee Scheduled AV Scan (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7556E2AF-C545-479A-9884-B455EEEB3DCD} - \McAfee\WPS\McAfee Fake Alert Blocker (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F6DE6D9-A118-4B80-8E90-DB17AD757B7A} - \McAfee\WPS\McAfee PC Optimizer Task (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A2EEDEB-B793-4C7B-9B17-2FA904CA2040} - \McAfee\WPS\McAfee Subscription Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8C6BF79B-D1E3-4245-BB09-2DA0F45DC371} - \McAfee\WPS\McAfee Hotfix (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CCE831A3-6413-49BA-8AC3-202FFA83EA05} - \McAfee\WPS\McAfee Anti-tracker notification (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CFE8934C-A477-47E0-B6FE-DF41B5C513BF} - \McAfee\WPS\McAfee Virus Definition Update (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9B0B6C9-2310-40DD-9401-63D472FB78BC} - \McAfee\WPS\McAfee restart of PC (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8D2E1F7-B55E-4141-B407-88A996EFD3E6} - \McAfee\WPS\McAfee Cloud Configuration Check (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FF995DB0-C9ED-4F45-B15F-016A17076C61} - \McAfee\wps\McAfee Updater (no xml)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Remediation (empty)
O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy (empty)
O22 - Task: (disabled) \Agent Activation Runtime\S-1-5-21-751694787-3671077484-345686985-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: (disabled) \Microsoft\Windows\Clip\ClipESU - C:\windows\system32\clipesu.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\DetectHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},DetectHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Autopilot\RemediateHardwareChange - {62B2DD2C-F129-42EE-BF59-55D3FD21C215},RemediateHardwareChange - C:\WINDOWS\System32\Autopilot.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\windows\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\windows\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Shell\FamilySafetyMonitorToastTask - {D2CBF5F7-5702-440B-8D8F-8203034A6B82},$(Arg0) - (no file)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\windows\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\windows\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (disabled) \S-1-5-21-751694787-3671077484-345686985-1001\DataSenseLiveTileTask - C:\windows\System32\DataUsageLiveTileTask.exe
O22 - Task: (disabled) UbtFrameworkService - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\TriggerFramework.exe
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aeinv.dll -f:UpdateSoftwareInventoryW invsvc (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:aemarebackup.dll -f:BackupMareData (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\MareBackup - C:\windows\system32\compattelrunner.exe -m:appraiser.dll -foScheduledTelemetryRun (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaWallpaperAppDetect - C:\windows\system32\rundll32.exe C:\windows\system32\PcaSvc.dll,PcaWallpaperAppDetect (Microsoft)
O22 - Task: \Canon\OIPPESP\Canon OIP Product Extended Survey Program - C:\Program Files\Canon\OIPPESP\Cnpspcnt.exe /Config:"C:\Program Files\Canon\OIPPESP\CnpspCfg.xml"
O22 - Task: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem142.0.7416.0{E5B6AE21-41E4-4A3C-A96D-BC77F62C9E7D} - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --wake --system
O22 - Task: \Microsoft\Office\Office Actions Server - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\ActionsServer\ActionsServer.exe availabilitycheck (Microsoft)
O22 - Task: \Microsoft\Office\Office Background Push Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\opushutil.exe /pushregistration (Microsoft)
O22 - Task: \Microsoft\Windows\AppListBackup\BackupNonMaintenance - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\windows\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\AppxDeploymentClient\UCPD velocity - C:\windows\system32\UCPDMgr.exe (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipESUConsumer - C:\windows\system32\ClipESUConsumer.exe -evaluateEligibility (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessPreOrder - C:\windows\system32\ClipESUConsumer.exe -postProcessPreOrder (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\ClipEsuConsumerProcessRefund - C:\windows\system32\ClipESUConsumer.exe -processRefund (Microsoft)
O22 - Task: \Microsoft\Windows\Clip\EnableClipESU - C:\windows\system32\clipesu.exe -e (Microsoft)
O22 - Task: \Microsoft\Windows\CloudRestore\Backup - {722D0F89-B69C-4700-AE8C-4A44350E4876},$(Arg0) - C:\WINDOWS\System32\CloudRestoreLauncher.dll (Microsoft)
O22 - Task: \Microsoft\Windows\ConsentUX\UnifiedConsent\UnifiedConsentSyncTask - {82AA0895-198A-4C1B-B2D1-C16894218AFB} - C:\windows\System32\unifiedconsent.dll (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\StartOobeAppsScan_LicenseAccepted - C:\windows\system32\usoclient.exe StartOobeAppsScan (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\Refresh Group Policy Cache - {07369A67-07A6-4608-ABEA-379491CB7C46} - C:\Windows\System32\UpdatePolicy.dll (Microsoft)
O22 - Task: \Microsoft\Windows\WindowsUpdate\RUXIM\PLUGScheduler - C:\Program Files\RUXIM\PLUGscheduler.exe (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update S-1-5-21-751694787-3671077484-345686985-1001 E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\E7CF176E110C211B\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O22 - Task: \Norton\Norton 360 Patcher - C:\Program Files\Common Files\Norton\Icarus\norton-suite\icarus.exe /update:norton-suite /silent /only_patch
O22 - Task: \Norton\Overseer - C:\Program Files\Common Files\Norton\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Norton\Suite Emergency Update - C:\Program Files\Norton\Suite\AvEmUpdate.exe
O22 - Task: \Oem\AcerJumpstartTask - C:\Program Files (x86)\Acer\Acer Jumpstart\hermes.exe /task
O22 - Task: ACC - C:\Program Files (x86)\Acer\Care Center\LiveUpdateChecker.exe -auto
O22 - Task: ACCAgent - C:\Program Files (x86)\Acer\Care Center\LiveUpdateAgent.exe
O22 - Task: ACCBackgroundApplication - C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
O22 - Task: AcerCMUpdateTask2.9.25180 - C:\Program Files (x86)\Acer\Amundsen\2.9.25180\awc.exe /task
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: App Explorer - C:\Users\Luca\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe /LOGON
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee VirusScan\upgrade.exe /prepare (file missing)
O22 - Task: OneDrive Reporting Task-S-1-5-21-751694787-3671077484-345686985-1001 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: OneDrive Startup Task-S-1-5-21-751694787-3671077484-345686985-1001 - C:\Users\Luca\AppData\Local\Microsoft\OneDrive\25.179.0914.0003\OneDriveLauncher.exe /startInstances
O22 - Task: Quick Access - C:\Program Files\Acer\Quick Access Service\QALauncher.exe
O22 - Task: Software Update Application - C:\ProgramData\OEM\UpgradeTool\ListCheck.exe
O22 - Task: UEIPInvitation - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UEIPOOBECheck.exe
O23 - Service R2: ACC Service - (ACCSvc) - C:\Program Files (x86)\Acer\Care Center\ACCSvc.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: AMD External Events Utility - C:\windows\System32\DriverStore\FileRepository\u0342112.inf_amd64_c937aba01184e290\B341354\atiesrxx.exe
O23 - Service R2: Genesys Logic Service - (GeneStorSvc) - C:\windows\System32\DriverStore\FileRepository\genestor.inf_amd64_312a8313e431fea0\GLCRIconSvc.exe
O23 - Service R2: McAfee WebAdvisor - C:\Program Files\McAfee\WebAdvisor\ServiceHost.exe
O23 - Service R2: Norton Antivirus - C:\Program Files\Norton\Suite\NortonSvc.exe /runassvc
O23 - Service R2: Norton Firewall Service - (Norton Firewall) - C:\Program Files\Norton\Suite\afwServ.exe
O23 - Service R2: Norton Tools - C:\Program Files\Norton\Suite\nllToolsSvc.exe /runassvc
O23 - Service R2: nortonAvDumper64 - C:\Program Files\Norton\Suite\AvDump.exe /runassvc
O23 - Service R2: NortonWscReporter - C:\Program Files\Norton\Suite\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: PDF24 - C:\Program Files\PDF24\pdf24.exe -service
O23 - Service R2: Realtek Audio Universal Service - (RtkAudioUniversalService) - C:\windows\System32\RtkAudUService64.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Program Files (x86)\Common Files\Aladdin Shared\HASP\hasplms.exe -run
O23 - Service R2: Servizio di base di Microsoft Defender - (MDCoreSvc) - C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.25080.5-0\MpDefenderCoreService.exe
O23 - Service R2: Spybot-S&D 2 Scanner Service - (SDScannerService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service R2: Spybot-S&D 2 Security Center Service - (SDWSCService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service R2: Spybot-S&D 2 Updating Service - (SDUpdateService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service R2: WildTangentHelper - C:\Program Files (x86)\WildTangent Games\Integration\WildTangentHelperService.exe
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.237\WsAppService.exe
O23 - Service R3: Quick Access Service - (QASvc) - C:\Program Files\Acer\Quick Access Service\QASvc.exe
O23 - Service S2: McAfee Framework Host - (mc-fw-host) - C:\\?\C:\Program Files\McAfee\WPS\1.33.152.1\mc-fw-host.exe -service (file missing)
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService142.0.7416.0) - (GoogleUpdaterService142.0.7416.0) - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --system --windows-service --service=update
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService142.0.7416.0) - (GoogleUpdaterInternalService142.0.7416.0) - C:\Program Files (x86)\Google\GoogleUpdater\142.0.7416.0\updater.exe --system --windows-service --service=update-internal
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\141.0.7390.77\elevation_service.exe
O23 - Service S3: MBVpnTunnelService - C:\Program Files\Malwarebytes\Anti-Malware\MBVpnTunnelService.exe
O23 - Service S3: McAfee Software Update - (mc-wps-update) - C:\Program Files\McAfee\wps\1.33.152.1\mc-update.exe /runservice (file missing)
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: nllbIDSAgent - C:\Program Files\Norton\Suite\aswidsagent.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: User Experience Improvement Program - (UEIPSvc) - C:\Program Files\Acer\User Experience Improvement Program Service\Framework\UBTService.exe
O23 - Service S3: Wondershare Driver Install Service - (WsDrvInst) - C:\Program Files\Wondershare\Wondershare UniConverter (CPC)\Transfer\DriverInstall.exe


--
End of file - Time spent: 23,3 sec. - 50030 bytes, CRC32: FFFFFFFF. Sign: 錎鹶
opiganz è offline   Rispondi citando il messaggio o parte di esso
Old 19-10-2025, 11:35   #14649
raxas
Senior Member
 
L'Avatar di raxas
 
Iscritto dal: Oct 2002
Messaggi: 5655
salve,
entro qui per caso
sono ANNI che non uso HiJackThis
avevo capito che non era più aggiornato...
entrando nella pagina del download, fido dell'uso che sarebbe presentato in questo thread,
ho visto che è fermo al 2017...

ma a che serve usarlo... ancora?
__________________
CONTRO L'HIMMOBILISMO

promozione Ponte di Mexina(postcount6)->In a Big Country dreams stay with you Loggarsi se non si vede il video, Grazie.
raxas è offline   Rispondi citando il messaggio o parte di esso
Pagina 733 di 733 « Prima < 233 633 683 723 729 730 731 732 733
 Rispondi

« Discussione precedente | Discussione successiva »

Wind Tre 'accende' il 5G Standalone in Italia: si apre una nuova era basata sui servizi Wind Tre 'accende' il 5G Standalone in Italia: s...
OPPO Find X9 Pro: il camera phone con teleobiettivo da 200MP e batteria da 7500 mAh OPPO Find X9 Pro: il camera phone con teleobiett...
DJI Romo, il robot aspirapolvere tutto trasparente DJI Romo, il robot aspirapolvere tutto trasparen...
DJI Osmo Nano: la piccola fotocamera alla prova sul campo DJI Osmo Nano: la piccola fotocamera alla prova ...
FUJIFILM X-T30 III, la nuova mirrorless compatta FUJIFILM X-T30 III, la nuova mirrorless compatta
Google Maps avrà una modalit&agra...
HONOR sta lavorando a uno smartphone con...
Thermaltake MAGFloe 360 Ultra ARGB Sync:...
Xiaomi 15T ora in super offerta su Amazo...
Si stringe il cerchio attorno a TP-Link ...
Amazon cambia i prezzi ancora una volta:...
Imperdibili i Google Pixel 10 a questi p...
Dyson OnTrac in super offerta su Amazon:...
Amazon: la nuova ondata di licenziamenti...
Questo portatile è un mostro: MSI...
Apple Watch Series 11 GPS + Cellular cro...
JBL Clip 5 in forte sconto su Amazon: lo...
Il nuovo top di gamma compatto di OnePlu...
Cresce il divario tra dispositivi elettr...
La missione con equipaggio Shenzhou-21 h...
Chromium
GPU-Z
OCCT
LibreOffice Portable
Opera One Portable
Opera One 106
CCleaner Portable
CCleaner Standard
Cpu-Z
Driver NVIDIA GeForce 546.65 WHQL
SmartFTP
Trillian
Google Chrome Portable
Google Chrome 120
VirtualBox
Tutti gli articoli Tutte le news Tutti i download

Strumenti

Regole
Non Puoi aprire nuove discussioni
Non Puoi rispondere ai messaggi
Non Puoi allegare file
Non Puoi modificare i tuoi messaggi
Il codice vB è On
Le Faccine sono On
Il codice [IMG] è On
Il codice HTML è Off
Vai al Forum


Tutti gli orari sono GMT +1. Ora sono le: 04:43.

Contattaci - Hardware Upgrade - Archivio - Note sulla Privacy - Su

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
Served by www3v