Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

trojan Bitcoinminer Opzioni
giancarlo52
Inviato: Sunday, January 26, 2020 4:45:15 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Da qualche tempo il mio pc è molto lento.

Ho provato a fare una scansione con SpyHunter che mi ha rilevato il trojan Bitcoinminer

Ho quindi lanciato hijackthis che vi chiedo cortesemente di analizzare

Il programma SpyHunter promette di rimuovere il trojan se acquisto il programma, vorrei sapere se è l'unica soluzione o se ci sono altre possibilità di rimozione del trojan

Vi ringrazio per l'attenzione

Giancarlo

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:20:32, on 26/01/2020 domenica
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)

FIREFOX: 45.0 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LibreOffice 5\program\scalc.exe
C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
C:\Users\gipan\Desktop\PROGRAMMI installati\SICUREZZA\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [MalTray] C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun
O4 - HKCU\..\Run: [Google Update] C:\Users\gipan\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_4a8dd - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\elevation_service.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem0.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: iFunSoft Updater (iFunSoftUpdaterSvc) - iFunSoft - C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7959 bytes



Sponsor
Inviato: Sunday, January 26, 2020 4:45:15 PM

 
dxgiusti
Inviato: Sunday, January 26, 2020 6:07:30 PM
Rank: AiutAmico

Iscritto dal : 11/28/2009
Posts: 93
scarica:
https://filehippo.com/it/download_malwarebytes_3/
è un programma a pagamento, però ti da due settimane per provarlo.
quando ha fatto, rimuovilo.
giancarlo52
Inviato: Sunday, January 26, 2020 8:11:58 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
purtroppo non ha risolto nulla
tra l'altro google chrome non funziona più, ho provato a disinstallarlo e installarlo ma non è cambiato nulla, quando lo apro appare la videata di google chrome con scritto:

"UFFA? si è verificato un problema durante la visualizzazione della pagina web
RICARICA"
invece Microsoft edge funziona
wolfestein
Inviato: Sunday, January 26, 2020 9:54:58 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,955
cbbusto
Inviato: Tuesday, January 28, 2020 11:10:05 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
giancarlo52 ha scritto:
Da qualche tempo il mio pc è molto lento.

Ho provato a fare una scansione con SpyHunter che mi ha rilevato il trojan Bitcoinminer

Ho quindi lanciato hijackthis che vi chiedo cortesemente di analizzare

Il programma SpyHunter promette di rimuovere il trojan se acquisto il programma, vorrei sapere se è l'unica soluzione o se ci sono altre possibilità di rimozione del trojan

Vi ringrazio per l'attenzione

Giancarlo

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 16:20:32, on 26/01/2020 domenica
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.18362.0001)

FIREFOX: 45.0 (x86 it)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\LibreOffice 5\program\scalc.exe
C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
C:\Users\gipan\Desktop\PROGRAMMI installati\SICUREZZA\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O4 - HKLM\..\Run: [MalTray] C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun
O4 - HKCU\..\Run: [Google Update] C:\Users\gipan\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe
O4 - HKCU\..\RunOnce: [Application Restart #0] C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --restore-last-session --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox --flag-switches-begin --flag-switches-end --enable-audio-service-sandbox
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_4a8dd - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google LLC - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\elevation_service.exe
O23 - Service: Servizio Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Servizio Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @oem0.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: iFunSoft Updater (iFunSoftUpdaterSvc) - iFunSoft - C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: Servizio iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7959 bytes



Il log che hai messo non va bene, hai usato la vecchia versione di HJT, scarica la nuova vs la trovi su aiutamici qui: http://software.aiutamici.com/software?ID=11175
poi posta il nuovo log, elimina il vecchio che hai messo. SpyHunter lascialo perdere è solo una fregatura, ti presenta dei virus per costringere ad acquistare il software. Disinstallalo. Lascia perdere altre operazioni, dopo aver visto il nuovo log ti dico cosa fare.
Devi aggiornare firefox hai una vs vecchia ora siamo alla vs 72.0.2. Ciao
cbbusto
Inviato: Tuesday, January 28, 2020 11:55:59 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Una domanda, volevi acquistare i bitcoin? stai attento sei su un terreno minato.
giancarlo52
Inviato: Thursday, January 30, 2020 8:24:51 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
cbbusto ha scritto:
Una domanda, volevi acquistare i bitcoin? stai attento sei su un terreno minato.


per quanto riguarda i bitcoin, mai avuto la minima intenzione di comprarli
detto questo ho aspettato 2 giorni per avere la procedura gratuita di RIMOZIONE di SPYHUNTER
La rimozione è avvenuta e tutto sembra andare bene
Ti ringrazio per i consigli e la disponibilità, ho utilizzato il link che mi hai dato per scaricare la nuova versione di HijacKthis
ed ecco il risultato della scansione
Ti ringrazio se la controlli per vedere se effettivamente ora il mio PC è a posto

"
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Home), 10.0.18362.592 (ReleaseId: 1903), Service Pack: 0
Time: 30.01.2020 - 20:27 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: gipan (group: Administrator) on DESKTOP-R9H00RN, FirstRun: yes

Chrome: 79.0.3945.130
Edge: 11.0.18362.476
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
30 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.422\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\LibreOffice 5\program\scalc.exe
1 C:\Program Files (x86)\LibreOffice 5\program\soffice.bin
1 C:\Program Files (x86)\LibreOffice 5\program\soffice.exe
1 C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
1 C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
1 C:\Program Files\EnigmaSoft\SpyHunter\SpyHunter5.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.55.131.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19122.89.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19101.10711.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1911.3-0\NisSrv.exe
1 C:\Users\gipan\Desktop\PortableApps\HiJackThis\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CastSrv.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WWAHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\igfxTray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
80 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\explorer.exe
1 C:\Windows\splwow64.exe

O1 - Hosts.ICS: 192.168.137.1 DESKTOP-R9H00RN.mshome.net # 2024 5 5 24 9 51 46 782
O1 - Hosts.ICS: 192.168.137.10 LGwebOSTV.mshome.net # 2019 6 0 2 9 51 46 782
O1 - Hosts.ICS: 6
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O4 - HKCU\..\Run: [Google Update] = C:\Users\gipan\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ GoogleDriveBlacklisted: Google Drive Shell extension - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} - C:\Program Files\Google\Drive\googledrivesync64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ GoogleDriveSynced: Google Drive Shell extension - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} - C:\Program Files\Google\Drive\googledrivesync64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ GoogleDriveSyncing: Google Drive Shell extension - {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} - C:\Program Files\Google\Drive\googledrivesync64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\system32\ibtsiva.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: SpyHunter 5 Kernel - (EsgShKernel) - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service R2: SpyHunter 5 Kernel Monitor - (ShMonitor) - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service R2: iFunSoft Updater - (iFunSoftUpdaterSvc) - C:\Program Files (x86)\iFunSoft\iFunSoft Updater\iFunSoftUpdater.exe
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\elevation_service.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Servizio iPod - (iPod Service) - C:\Program Files\iPod\bin\iPodService.exe


--
End of file - Time spent: 69.5 sec. - 15038 bytes, CRC32: FFFFFFFF. Sign: 뉩⚳"
giancarlo52
Inviato: Saturday, February 01, 2020 6:02:30 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
evidentemente siete impegnati con problemi più gravi visto che vi ho detto che mi pare che ora tutto vada bene
speravo in una risposta ma capisco che è un impegno che svolgete nel tempo libero per cui vi ringrazio ugualmente per l'aiuto che mi avete dato nei giorni scorsi
alla prossima e grazie ancora
cbbusto
Inviato: Sunday, February 02, 2020 1:40:49 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Io da venerdì sono stato impegnato. Dal log non si vedono infezioni gravi, comunque io eliminerei alcuni dile, te li elenco:
O1 - Hosts.ICS: 192.168.137.1 DESKTOP-R9H00RN.mshome.net # 2024 5 5 24 9 51 46 782
O1 - Hosts.ICS: 192.168.137.10 LGwebOSTV.mshome.net # 2019 6 0 2 9 51 46 782
O1 - Hosts.ICS: 6 - N.B. i file 01 non dovrebbero esserci
O4 - HKCU\..\Run: [Google Update] = C:\Users\gipan\AppData\Local\Google\Update\1.3.35.422\GoogleUpdateCore.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [iTunesHelper] = C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
I file 04 sono tutti programmi in Avvio automatico inutili.
Alla fine pulizia del Registro con Ccleaner e sei a posto. Ciao
giancarlo52
Inviato: Sunday, February 02, 2020 4:14:50 PM
Rank: AiutAmico

Iscritto dal : 1/4/2010
Posts: 118
Tutto fatto
grazie ancora dell'aiuto
Buona Domenica
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.