HiJackThis - Analisi Log - leggere Regole di Sezione

[Corry744]

Chi mi aiuta ad analizzare questo log e se è apposto?

Inviato dal mio SM-A528B utilizzando Tapatalk

[aled1974]

è passato tanto tempo dall’ultima volta che ci ho avuto a che fare (anni), e mi sembra che sia stato abbandonato da mo (anni appunto)…. ma….

prima ancora del log, hai già provato ad aprire il task manager per vedere quali applicativi consumano quota cpu e ram?

siccome alcuni miner sono bastardi, cioè che non appaiono nel task manager andando silenti e fermi nel momento in cui si apre…. e comunque a prescindere…. ti consiglio:
- scansione pc con almeno due antivirus diversi, di cui uno online
- scansione pc con almeno due antimalware diversi, tra i più comuni superantispyware e malwarebytes

tornando al log, io approfondirei/eliminerei le seguenti voci:

1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

cos’è e a cosa serve? è stato installato col pacchetto adobe-reader o altro?

1 C:\Program Files (x86)\SmartCMS\SmartCMS Server.exe
1 C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe

questi se non sbaglio si riferiscono ai lettori di cie/tessere sanitarie…. confermi di averlo installato tu e di utilizzarlo? altrimenti….

2 C:\Program Files\Adobe\Acrobat DC\Acrobat\AdobeCollabSync.exe

idem per il punto iniziale, lo usi? ti serve? altrimenti reader dovrebbe funzionare lo stesso senza

1 C:\Program Files\AMD\CNext\CNext\amdow.exe
1 C:\Program Files\AMD\CNext\CNext\AMDRSServ.exe
1 C:\Program Files\AMD\CNext\CNext\RadeonSoftware.exe

direi a posto, fa pare della suite radeon della tua gpu

1 C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe

questo, stando online (sono andato a vedere se era roba legata alle cartucce in abbonamento) è una potenziale porta di accesso aperta al mondo: https://support.hp.com/it-it/documen...51-12560661-16
prova a vedere se c’è una nuova versione o se è stata sostituita da un’altra suite da parte di hp

1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\Surfshark\Surfshark.exe
1 C:\Program Files\Surfshark\Surfshark.Service.exe

questi mi sembrano a posto: scheda audio e vpn


1 C:\Program Files\WindowsApps\Microsoft.WidgetsPlatformRuntime_1.6.9.0_x64__8wekyb3d8bbwe\WidgetService\WidgetService.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.25061.45.0_x64__8wekyb3d8bbwe\PhoneExperienceHost.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.25071.10101.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\WindowsApps\MicrosoftWindows.Client.WebExperience_525.15301.20.0_x64__cw5n1h2txyewy\Dashboard\Widgets.exe

questi sono widget, vero? Se sì sono stati rimossi dai tempi di w8 in quanto diversi presentavano vulnerabilità… ma se li hai “dalla notte dei tempi” allora direi tutto a posto…. ne uso tre anche io in modo forzato su w11

1 C:\Users\d80di\Documents\Hijackthis\HiJackThis.exe
1 C:\Windows\explorer.exe
1 C:\Windows\System32\amdfendrsr.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
2 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atieclxx.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0382934.inf_amd64_2ed1b7932d1f78d4\B381983\atiesrxx.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\SearchHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

qui mi sembra tutto nella norma

O1 - Hosts: 127.0.0.1 keystone.mwbsys.com
O1 - Hosts: 127.0.0.1 holocron.mwbsys.com

ah ecco, ma allora malwarebytes ce l’hai…. Host che punta a localhost?

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_461\bin\jp2ssv.dll (sign: 'Oracle America, Inc.')
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_461\bin\ssv.dll (sign: 'Oracle America, Inc.')

questa è una toolbar java-based (o proprio di oracle) per il (uno dei) browser …. se non l’hai installata tu via via via

O4 - ActiveSetup: HKLM\..\{8A69D345-D564-463c-AFF1-A69D9E530F96}: [StubPath] = C:\Program Files\Google\Chrome\Application\138.0.7204.169\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level --channel=stable (sign: 'Google LLC')
O4 - ActiveSetup: HKLM\..\{AFE6A462-C574-4B8A-AF43-4CC60DF4563B}: [StubPath] = C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\Installer\chrmstp.exe --configure-user-settings --verbose-logging --system-level (sign: 'Brave Software, Inc.')
O4 - HKCU\..\StartupApproved\Run: [MicrosoftEdgeAutoLaunch_595ACA7AB1ED3690A20B3E494738DA81] = C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe --no-startup-window --win-session-start (2022/06/24) (sign: 'Microsoft')
O4 - HKCU\..\StartupApproved\Run: [Opera Stable] = C:\Users\d80di\AppData\Local\Programs\Opera\opera.exe (2023/10/25) (sign: 'Opera Norway AS')

i browser, direi ok


O4 - HKCU\..\Run: [Surfshark] = C:\Program Files\Surfshark\Surfshark.exe (sign: 'Surfshark B.V.')

la vpn, idem

O4 - HKCU\..\StartupApproved\Run: [TeraBox] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBox.exe AutoRun (2025/06/29) (sign: 'FLEXTECH INC.')
O4 - HKCU\..\StartupApproved\Run: [TeraBoxWeb] = C:\Users\d80di\AppData\Roaming\TeraBox\TeraBoxWebService.exe (2025/06/29) (sign: 'FLEXTECH INC.')

il cloud apple, idem

O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2020/09/28) (sign: 'Realtek Semiconductor Corp.')

la scheda audio, idem

O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (sign: 'Microsoft')

microsoft, ok

O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2020/10/15) (sign: 'Oracle America, Inc.')

pacchetto java (diverso dalla toolbar di sopra), ok

O4 - HKLM\..\StartupApproved\Run32: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe (2020/09/28) (not signed - Creative Technology Ltd. - 983D549FAFF76A8FAD7EDDA41638D4C2AFB40AC7)

hai anche un dispositivo creative/sound blaster o è un orfanello?

O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Carroll.lnk -> C:\Program Files (x86)\Carroll\Carroll.exe /OnlySet (2020/09/28) (not signed - the sz development - 2D0CF42439264BAB8653CA22AFC1873B9E030695)

questo cos’è?

O4 - Startup Global: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O4 - Startup: C:\Users\d80di\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled (folder)
O5 - Applet: C:\WINDOWS\System32\RTSnMg64.cpl (sign: 'Realtek Semiconductor Corp.')
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender: [DisableAntiVirus] = 1
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Features: [TamperProtection] = 4
O7 - Policy: HKLM\Software\Microsoft\Windows Defender\Real-Time Protection: [DisableRealtimeMonitoring] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiSpyware] = 1
O7 - Policy: HKLM\Software\Policies\Microsoft\Windows Defender: [DisableAntiVirus] = 1

ok

O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&xport to Microsoft Excel: (default) = C:\Program Files\Microsoft Office\root\Office16\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Se&nd to OneNote: (default) = C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll (file missing)

orfanelli vecchia installazione di office? stai usando ancora la versione 2016? Se sì va corretto (reinstallazione?), altrimenti puoi segare

O17 - DHCP DNS 1: 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - DHCP DNS 2: 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{2793abdd-b4c7-4dfb-97cd-2eade4e47037}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.220.220 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{31a2b1e9-9a42-497b-9ce3-b4c3781798cc}: [NameServer] = 208.67.222.222 (Well-known DNS: Cisco Umbrella)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5a0bcdd6-086d-44d5-8aa8-2ba7d9cc80e9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 192.168.1.254
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{31A2B1E9-9A42-497B-9CE3-B4C3781798CC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5885E632-0A94-43C0-BECD-2F7360F8BEA6}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{5A0BCDD6-086D-44D5-8AA8-2BA7D9CC80E9}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{7FDD1E35-03CA-4386-A572-724116513A74}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{82C6D788-C5D3-40D4-9941-9A8EC44C2AFC}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{8D69708D-DDEC-A599-BB02-0475A5D2150E}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C71902A8-E482-42A4-A6C3-9D062F28B8D3}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{C72823A6-6E76-4D72-B82C-F11D084D8546}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)

penso ok, non so se Cisco viene fuori per via della vpn, se sono dns aggiuntivi che hai inserito tu o se hai qualcosa a marchio cisco

O18 - HKLM\Software\Classes\Protocols\Filter\application/octet-stream: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-complus: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-msdownload: [CLSID] = {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt0: (no name) - {C568C78A-652C-425B-8E6B-FFA73043302D} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt1: (no name) - {2A6FE247-5DA3-4732-9626-77820518FD77} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ .WorkspaceExt2: (no name) - {FF895810-293B-464A-93F2-82D11E07EEC8} - (no file)

direi voci orfanelle


-------------- il resto alla prossima puntata

[Corry744]

Ok grazie per l'analisi che hai effettuato, in linea di massima direi che non ci sono software esterni, il pc è un po' datato del 2016, tutti quei software compreso anche Adobe li utilizzo, non mi sembra di vedere software malevoli che girano in background o voci malevoli da fixare.

Inviato dal mio SM-A528B utilizzando Tapatalk

[aled1974]

O4 - HKLM\..\StartupApproved\Run32: [Texto] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Texto.js" (2023/10/05) (sign: 'Microsoft')
O4 - HKLM\..\StartupApproved\Run32: [Username] = C:\WINDOWS\system32\wscript.exe //B "C:\Users\d80di\AppData\Roaming\Username.js" (2023/10/05) (sign: 'Microsoft')

questi due js cosa sono?


O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Avira\System Speedup (empty)

avira c’è ancora nel pc? se no via

O22 - Task: (damaged) HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\System (empty)

idem anche se non capisco a cosa si riferisca

O22 - Tasks: (disabled) BraveSoftwareUpdateTaskMachineCore - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /c (sign: 'Brave Software, Inc.')
O22 - Tasks: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSD Fresh\Program checksettings -autorun (file missing)
O22 - Tasks: \GoogleSystem\GoogleUpdater\GoogleUpdaterTaskSystem140.0.7273.0{DFADB71F-9530-4C05-A375-026BEDAD0BF5} - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --wake --system (sign: 'Google LLC')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \HP\HP Print Scan Doctor\Printer Health Monitor Logon - C:\Program Files\HPPrintScanDoctor\HPPrinterHealthMonitor.exe (sign: 'HP Inc.')
O22 - Tasks: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Background Update S-1-5-21-1593497920-3724576141-1433594885-1001 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate (sign: 'Mozilla Corporation')
O22 - Tasks: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (sign: 'Adobe Inc.')
O22 - Tasks: BlueStacksHelper_nxt - C:\Program Files\BlueStacks_nxt\BlueStacksHelper.exe -sr (sign: 'Now.gg, INC')
O22 - Tasks: BraveSoftwareUpdateTaskMachineUA - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /ua /installsource scheduler (sign: 'Brave Software, Inc.')
O22 - Tasks: IObit ANNI2025Sale (One-time) - C:\Program Files (x86)\IObit\Advanced SystemCare\Pub\anniml.exe /rpop (file missing)
O22 - Tasks: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --productiscomponent --bypasslauncher --installdir="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" --producttype=assistant $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\autoupdate\opera_autoupdate.exe --scheduledtask --bypasslauncher $(Arg0) (sign: 'Opera Norway AS')
O22 - Tasks_Migrated: (disabled) Optimize Push Notification Data File-S-1-5-21-1593497920-3724576141-1433594885-1001 - {201600D8-6EFF-48CE-B842-E14D37A0682D} - C:\WINDOWS\System32\wpninprc.dll (file missing)
O22 - Tasks_Migrated: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (sign: 'Microsoft')
O22 - Tasks_Migrated: \Abelssoft\Abelssoft SSD Fresh Settings Check_43 - C:\Program Files (x86)\SSDFresh\AbLauncher.exe checksettings -autorun (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\Mobile Broadband Accounts\MNO Metadata Parser - C:\WINDOWS\System32\MbaeParserTask.exe (file missing)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\BackgroundUploadTask - {59B9640B-3F70-4D1C-B159-F26EEB8A4C87} - (no file)
O22 - Tasks_Migrated: \Microsoft\Windows\SettingSync\NetworkStateChangeTask - {A4173A49-F373-4475-9A0F-2D615204DC20} - (no file)
O22 - Tasks_Migrated: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB" (sign: 'Mozilla Corporation')
O22 - Tasks_Migrated: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC (sign: 'Lespeed Technology Co., Ltd')
O22 - Tasks_Migrated: ASC_SkipUac_d80di - C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe /SkipUac (file missing)
O22 - Tasks_Migrated: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c (sign: 'Google LLC')
O22 - Tasks_Migrated: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler (sign: 'Google LLC')
O22 - Tasks_Migrated: Kaspersky_Upgrade_Launcher_{278ADC42-419D-4547-A6CA-5B74BE0AD901} - C:\Program Files\Common Files\AV\Kaspersky Lab\upgrade_launcher.exe /waitUpgrade (file missing)
O22 - Tasks_Migrated: Maxthon5 Update - C:\Program Files (x86)\Maxthon5\Bin\Maxthon.exe -RunScheduledUpdate (sign: 'Maxthon Technology Co, Ltd.')
O22 - Tasks_Migrated: Opera scheduled assistant Autoupdate 1601326342 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate --component-name=assistant --component-path="C:\Users\d80di\AppData\Local\Programs\Opera\assistant" $(Arg0) (file missing)
O22 - Tasks_Migrated: Opera scheduled Autoupdate 1601326338 - C:\Users\d80di\AppData\Local\Programs\Opera\launcher.exe --scheduledautoupdate $(Arg0) (file missing)
O22 - Tasks_Migrated: Sump Task (One-Time) - C:\Program Files (x86)\IObit\Advanced SystemCare\sump.exe /sup2 (file missing)
O22 - Tasks_Migrated: VivaldiUpdateCheck-5924e1198cc83f03 - C:\Users\d80di\AppData\Local\Vivaldi\Application\update_notifier.exe --from-scheduler (file missing)


penso che si possano segare tutti questi*

O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (sign: 'Adobe Inc.')
O23 - Service R2: HP Print Scan Doctor Service - (HPPrintScanDoctorService) - C:\Program Files\HPPrintScanDoctor\HPPrintScanDoctorService.exe (sign: 'HP Inc.')
O23 - Service R2: SmartCMS_Server - C:\Program Files (x86)\SmartCMS\SmartCMS Watch.exe (not signed - no company - 7BA8F847991B4658A80C7663767CC058FF6D4E60)
O23 - Service R2: Surfshark Service - C:\Program Files\Surfshark\Surfshark.Service.exe -displayname "Surfshark Service" -servicename "Surfshark Service" (sign: 'Surfshark B.V.')
O23 - Service S2: MxService - C:\Program Files (x86)\Maxthon5\Bin\MxService.exe (sign: 'Maxthon Technology Co, Ltd.')
O23 - Service S2: Servizio Brave Update (brave) - (brave) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /svc (sign: 'Brave Software, Inc.')
O23 - Service S2: Servizio di Google Updater (GoogleUpdaterService140.0.7273.0) - (GoogleUpdaterService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update (sign: 'Google LLC')
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc (sign: 'Google LLC')
O23 - Service S2: Servizio interno di Google Updater (GoogleUpdaterInternalService140.0.7273.0) - (GoogleUpdaterInternalService140.0.7273.0) - C:\Program Files (x86)\Google\GoogleUpdater\140.0.7273.0\updater.exe --system --windows-service --service=update-internal (sign: 'Google LLC')
O23 - Service S3: Brave Elevation Service (BraveElevationService) - (BraveElevationService) - C:\Program Files\BraveSoftware\Brave-Browser\Application\138.1.80.124\elevation_service.exe (sign: 'Brave Software, Inc.')
O23 - Service S3: Google Chrome Elevation Service (GoogleChromeElevationService) - (GoogleChromeElevationService) - C:\Program Files\Google\Chrome\Application\138.0.7204.169\elevation_service.exe (sign: 'Google LLC')
O23 - Service S3: LibreOffice Maintenance Service - (LibreOfficeMaintenance) - C:\Program Files\LibreOffice\program\update_service.exe (sign: 'The Document Foundation')
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (sign: 'Mozilla Corporation')
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini" (sign: 'Riverbed Technology, Inc.')
O23 - Service S3: Servizio Brave Update (bravem) - (bravem) - C:\Program Files (x86)\BraveSoftware\Update\BraveUpdate.exe /medsvc (sign: 'Brave Software, Inc.')
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc (sign: 'Google LLC')
O23 - Service S3: TeraBoxUtility - C:\Users\d80di\AppData\Roaming\TeraBox\YunUtilityService.exe (sign: 'FLEXTECH INC.')
O23 - Driver R2: BlueStacks Hypervisor_nxt - (BlueStacksDrv_nxt) - C:\Program Files\BlueStacks_nxt\BstkDrv_nxt.sys (sign: 'Microsoft' - Bluestack System Inc.)
O23 - Driver R2: inpoutx64 - C:\WINDOWS\System32\Drivers\inpoutx64.sys (sign: 'Red Fox UK Limited')
O23 - Driver R3: scaudio Service - (scaudio) - C:\WINDOWS\System32\drivers\scaudio.sys (sign: 'Brandmeister LLC')
O23 - Driver R3: SplitCam Virtual Video Driver - (splitcam_hd_driver) - C:\WINDOWS\System32\drivers\splitcam_hd_driver.sys (sign: 'Brandmeister LLC')
O23 - Driver S3: @oem15.inf,%DeviceDescription%;TAP-Surfshark Windows Adapter V9 - (tapsurfshark) - C:\WINDOWS\System32\drivers\tapsurfshark.sys (+safe mode) (sign: 'WDKTestCert Lenovo,131775874531219913', but untrusted root: 'WDKTestCert Lenovo,131775874531219913' with fingerprint: 594FC0AA1FA7E3B7CF66D9508EC3D8DB4B6550B6)
O23 - Driver S3: AQFileRestore - C:\WINDOWS\system32\DRIVERS\AQFileRestore.sys (sign: 'Avanquest North America Inc.')
O23 - Driver S3: HwHandSet_CompositeFilter - (ew_usbccgpfilter) - C:\WINDOWS\System32\drivers\ew_usbccgpfilter.sys (+safe mode) (not signed - Huawei Technologies Co., Ltd. - A1CBFC9F58FAFDA959C3BE5CABD3BCA4901F6BA9)
O23 - Driver S3: Intel(R) Serial IO GPIO Controller Driver - (iaLPSSi_GPIO) - C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys (sign: 'Intel Corporation - Client Components Group')
O23 - Driver S3: NetGroup Packet Filter Driver - (NPF) - C:\WINDOWS\system32\drivers\npf.sys (sign: 'Riverbed Technology, Inc.')
O23 - Driver S3: Revoflt - C:\WINDOWS\system32\DRIVERS\revoflt.sys (sign: 'Microsoft' - VS Revo Group)
O23 - Driver S3: SurfsharkBypasser - C:\Program Files\Surfshark\Resources\x64\SurfsharkBypasser.sys (sign: 'Microsoft' - Surfshark)

idem
però se sono programmi da te conosciuti e ti ricordi di averli installati volontariamente valuta attentamente*



* anzi, forse sarebbe meglio fare un backup del registro prima di segare le voci, tanto per avere una copia di riserva, non si sa mai

non credo comunque che eliminate queste voci il pc diventerà molto più performante di ora…. meglio IMHO doppia scansione antivirus e antimalware


e comunque aspetta un secondo parere

ciao ciao

[Corry744]

Ti ringrazio, ho visto i tuoi messaggi ma non mi fa rispondere, grazie infinite per tutto, appena ho tempo vedo il da farsi, il computer comunque è del 2016, tra un po' sarà ora che lo sostituisco, hdd si è guastato già da qualche mese, per fortuna il sistema operativo è caricato tramite ssd, buona giornata, grazie di tutto

Inviato dal mio SM-A528B utilizzando Tapatalk