salve di seguito il mio log da controllare... grazie a chi mi aiuterà

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Enterprise), 10.0.18362.356 (ReleaseId: 1903), Service Pack: 0
Time: 29.10.2019 - 09:52 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: luca (group: Administrator) on DESKTOP-KS3DGG5, FirstRun: yes

Chrome: 77.0.3865.120
Edge: 11.0.18362.329
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
1 C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
1 C:\Program Files (x86)\Adobe\Adobe Sync\CoreSync\CoreSync.exe
1 C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
1 C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
1 C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
1 C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
1 C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
11 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.302\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\TotalAV\SecurityService.exe
1 C:\Program Files (x86)\TotalAV\TotalAV.exe
1 C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
1 C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe
1 C:\Program Files\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe
1 C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
1 C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
2 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1 C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
1 C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
1 C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
1 C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
2 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
1 C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19061.18920.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.901.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19072.12011.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\mcafee\msc\McAPExe.exe
1 C:\Program Files\mcafee\vul\McVulCtr.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1909.6-0\MpCmdRun.exe
1 C:\Users\luca\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\luca\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
2 C:\Windows\System32\CompatTelRunner.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
10 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
4 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
2 C:\Windows\System32\mfevtps.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
77 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\usocoreworker.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.18362.350_none_5f2790f858f0e2a7\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R1 - HKU\S-1-5-21-2147576715-2612374362-202268082-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKU\S-1-5-21-2147576715-2612374362-202268082-1001\..\Run: [OneDrive] = C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) (User 'user')
O4 - HKU\S-1-5-21-2147576715-2612374362-202268082-1001\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'user')
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\AcronisSyncError: (no name) - {934BC6C0-FEC2-4df5-A100-961DE2C8A0ED} - C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\AcronisSyncInProgress: (no name) - {00F848DC-B1D4-4892-9C25-CAADC86A215D} - C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\AcronisSyncOk: (no name) - {71573297-552E-46fc-BE3D-3DFAF88D47B7} - C:\Program Files (x86)\Acronis\TrueImageHome\tishell64.dll
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Acronis Mobile Backup Server - (mobile_backup_server) - C:\Program Files (x86)\Common Files\Acronis\MobileBackupServer\mobile_backup_server.exe "--config-path=C:\ProgramData\Acronis\MobileBackupServer\Conf\WRM.conf"
O23 - Service R2: Acronis Mobile Backup Status Server - (mobile_backup_status_server) - C:\Program Files (x86)\Acronis\TrueImageHome\mobile_backup_status_server.exe
O23 - Service R2: Acronis Nonstop Backup Service - (afcdpsrv) - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service R2: Acronis Scheduler2 Service - (AcrSch2Svc) - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service R2: Acronis Sync Agent Service - (syncagentsrv) - C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: Andrea RT Filters Service - (AERTFilters) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.EXE
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService1.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
O23 - Service R2: McAfee Home Network - (HomeNetSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: McAfee Personal Firewall Service - (McMPFSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: McAfee Platform Services - (mcpltsvc) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service R2: McAfee VirusScan Announcer - (McNaiAnn) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: PC Security Management Service - (SecurityService) - C:\Program Files (x86)\TotalAV\SecurityService.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Windows\system32\mfevtps.exe
O23 - Service S2: McAfee Boot Delay Start Service - (mcbootdelaystartsvc) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service S2: McAfee Proxy Service - (McProxy) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\77.0.3865.120\elevation_service.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: McAfee Activation Service - (McAWFwk) - C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
O23 - Service S3: McAfee Scanner - (McODS) - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 57,1 sec. - 25020 bytes, CRC32: FFFFFFFF. Sign: Î⅙

Tutto a posto, non hai detto se hai problemi, vedo che usi Total/AV, come mai non hai lasciato Defender? che su win 10 è il migliore, anche perchè è integrato nel S.O.

Nel log vedo anche mcaffee in ogni sua forma...
Forse era preinstallato e ormai scaduto

---

Motivo = TotalAV .

Edit: controllerei anche se quella versione Enterprise è originale.

Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......lasciare solo l'antivirus.
I malware si diffondono all’interno del sistema operativo Windows, spesso a velocità sorprendenti, proprio sfruttando i programmi presenti in esecuzione automatica.
Ricorda che Hijackthis deve essere avviato da una cartella a lui dedicata sul desktop. Solo così Hijackthis creerà copie di backup di quello che viene eliminato prima di apportare modifiche, così in caso di inconvenienti si possono reinstallare.

1 C:\Program Files (x86)\TotalAV\SecurityService.exe
1 C:\Program Files (x86)\TotalAV\TotalAV.exe
1 C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
1 C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
2 C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
1 C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
1 C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
1 C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKU\S-1-5-21-2147576715-2612374362-202268082-1001\..\Run: [OneDrive] = C:\Users\user\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft) (User 'user')
O4 - HKU\S-1-5-21-2147576715-2612374362-202268082-1001\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade (User 'user')
O18 - HKLM\Software\Classes\Protocols\Filter\application/x-mfe-ipt: [CLSID] = {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll
O23 - Service R2: McAfee AP Service - (McAPExe) - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service R2: McAfee CSP Service - (mccspsvc) - C:\Program Files\Common Files\McAfee\CSP\1.6.1008.0\McCSPServiceHost.exe
O23 - Service R2: McAfee Home Network - (HomeNetSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: McAfee Personal Firewall Service - (McMPFSvc) - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: McAfee Platform Services - (mcpltsvc) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: McAfee Service Controller - (mfemms) - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe
O23 - Service R2: McAfee VirusScan Announcer - (McNaiAnn) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service R2: PC Security Management Service - (SecurityService) - C:\Program Files (x86)\TotalAV\SecurityService.exe
O23 - Service R3: McAfee Firewall Core Service - (mfefire) - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service R3: McAfee Validation Trust Protection Service - (mfevtp) - C:\Windows\system32\mfevtps.exe
O23 - Service S2: McAfee Boot Delay Start Service - (mcbootdelaystartsvc) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service S2: McAfee Proxy Service - (McProxy) - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe /McCoreSvc
O23 - Service S3: McAfee Activation Service - (McAWFwk) - C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe
O23 - Service S3: McAfee Scanner - (McODS) - C:\Program Files\mcafee\VirusScan\mcods.exe
Alla fine riavvia il pc.
Poi fai una pulizia con Ccleaner.
Puliamo il Registro.
Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Windows Defender è l'Antivirus gia inserito nel sistema, una volta fatte le pulizie si dovrebbe attivare da solo, se non lo vedi attivo, clicca sul pulsante Start collocato nell'angolo in basso a sinistra dello schermo (la bandierina) e seleziona la voce Impostazioni dal menu che compare.
Nella finestra che si apre, fai click sull'icona Aggiornamento e sicurezza, seleziona la voce Windows Defender dalla barra laterale di sinistra e verifica che la levetta relativa all'opzione Protezione in tempo reale sia attiva: se non lo è, attivala tu.
Finito tutto rifai una scansione con HiJackThis e posta il nuovo log aggiornato, controllo cos'è rimasto.
Ciao