Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » [RISOLTO] log HijackThis sospetto?

[RISOLTO] log HijackThis sospetto? Opzioni
Topic Precedente · Topic Sucessivo
ziobleed
Inviato: Friday, March 27, 2020 11:03:43 AM
Rank: Newbie

Iscritto dal : 3/27/2020
Posts: 5
Ciao

Ho fatto una analisi con HT ed ho ottenuto questo log

(ho eseguito immunizzazione con spy bot)

secondo voi c'è qualcosa che non va?

Ciao

ZB
[EDIT] ho sostituito il primo log postato con uno ridotto

Ecco un log ridotto

nel precedente avevo, nelle opzioni, impostato lo scanning anche dei file, questo log invece usa le impostazioni di default, solo processi...



Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Enterprise), 10.0.17763.805 (ReleaseId: 1809), Service Pack: 0
Time: 27.03.2020 - 12:17 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: ppiccoli (group: Administrator) on ASSI10496, FirstRun: no

Chrome: 79.0.3945.130
Firefox: 74.0.0.7373
Edge: 11.0.17763.802
Internet Explorer: 11.0.17763.771
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2 C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
1 C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
1 C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
1 C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
1 C:\Program Files (x86)\LANDesk\LDClient\collector.exe
1 C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
1 C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
3 C:\Program Files (x86)\LANDesk\LDClient\rckvm.exe
1 C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
1 C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
1 C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
1 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\sepWscSvc64.exe
2 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\ccSvcHst.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\INVENTORYCLIENT\client64.exe
1 C:\Program Files\Notepad++\notepad++.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
1 C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.124.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
1 C:\Program Files\glogg\glogg.exe
5 C:\Users\PPiccoli\AppData\Local\Microsoft\Teams\current\Teams.exe
1 C:\Users\PPiccoli\Downloads\RootkitBusterV5.0-1212x64.exe
1 C:\Users\PPiccoli\Downloads\antivirus\installati\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\SysWOW64\cba\pds.exe
1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxEM.exe
1 C:\Windows\System32\Intel\DPTF\dptf_helper.exe
1 C:\Windows\System32\Intel\DPTF\esif_uf.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\browser_broker.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
91 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
3 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.793_none_7defe5934d1eb33a\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=assimoco.it&wreply=https%3A%2F%2Fassimoco.sharepoint.com/
R0 - HKU\S-1-5-21-803227530-2396583660-1199284919-1001\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/?gws_rd=ssl
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33C7B45F-408A-4818-B6EA-B8856AAB196C}: [URL] = http://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7 - Google Italia
R4 - SearchScopes: HKU\S-1-5-21-803227530-2396583660-1199284919-1001\Software\Microsoft\Internet Explorer\SearchScopes\{141C7329-68A4-44C8-910B-2D24BF4D336D}: [URL] = http://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7 - Google Italia
O1 - Hosts.ICS: 172.24.177.65 DESKTOP-5O3S09B.mshome.net # 2024 5 0 19 7 24 11 886
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll
O4 - HKCU\..\Run: [Lync] = C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe /fromrunkey
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] = C:\Users\PPiccoli\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Session Manager: [BootExecute] = C:\WINDOWS\system32\sdnclean64.exe
O4 - HKU\S-1-5-21-803227530-2396583660-1199284919-1001\..\Run: [com.squirrel.Teams.Teams] = C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (User 'Admin')
O4 - HKU\S-1-5-21-803227530-2396583660-1199284919-1001\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (User 'Admin') (2019/05/21)
O4-32 - HKLM\..\Run: [PulseSecure] = C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe -tray
O4-32 - HKLM\..\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4-32 - HKLM\..\Run: [TeamsMachineInstaller] = C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (file missing)
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel - present
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions - present
O16 - DPF: HKLM\..\{583C990C-2D38-410c-9A4A-0932D66A754F}\DownloadInformation: PulseSetupClientControl64 Class [CODEBASE] = https://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
O16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.211.2 [CODEBASE] = http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.6.0_45 [CODEBASE] = http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.211.2 [CODEBASE] = http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
O16-32 - DPF: HKLM\..\{8E375A63-C616-46F1-AC77-59DF78F3A826}\DownloadInformation: PulseSetupClientControl Class [CODEBASE] = https://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab
O16-32 - DPF: HKLM\..\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}\DownloadInformation: JuniperSetupControlXP Class [CODEBASE] = https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O17 - DHCP DNS 1: 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{a525e928-f2fb-4131-8e0f-1489cf402956}: [Domain] = assimoco.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{a525e928-f2fb-4131-8e0f-1489cf402956}: [NameServer] = 10.165.255.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{a525e928-f2fb-4131-8e0f-1489cf402956}: [NameServer] = 10.165.255.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [Domain] = assimoco.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [SearchList] = assimoco.net,1
O20-32 - HKLM\..\Winlogon\Notify\SDWinLogon: [DllName] = SDWinLogon.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise1Normal: TortoiseSVN - {C5994560-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise2Modified: TortoiseSVN - {C5994561-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise3Conflict: TortoiseSVN - {C5994562-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise4Locked: TortoiseSVN - {C5994563-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise5ReadOnly: TortoiseSVN - {C5994564-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise6Deleted: TortoiseSVN - {C5994565-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise7Added: TortoiseSVN - {C5994566-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise8Ignored: TortoiseSVN - {C5994567-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise9Unversioned: TortoiseSVN - {C5994568-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise1Normal: TortoiseSVN - {C5994560-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise2Modified: TortoiseSVN - {C5994561-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise3Conflict: TortoiseSVN - {C5994562-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise4Locked: TortoiseSVN - {C5994563-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise5ReadOnly: TortoiseSVN - {C5994564-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise6Deleted: TortoiseSVN - {C5994565-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise7Added: TortoiseSVN - {C5994566-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise8Ignored: TortoiseSVN - {C5994567-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise9Unversioned: TortoiseSVN - {C5994568-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Controllo remoto LANDESK - (ISSUSER) - C:\Program Files (x86)\LANDesk\LDClient\issuser.exe /SERVICE
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\System32\ibtsiva.exe
O23 - Service R2: Intel Local Scheduler Service - C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
O23 - Service R2: Intel PDS - C:\WINDOWS\system32\CBA\pds.exe (file missing)
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Dynamic Platform and Thermal Framework service - (esifsvc) - C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: LANDESK Targeted Multicast - (LANDesk Targeted Multicast) - C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
O23 - Service R2: LANDesk(R) Management Agent - (CBA8) - C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
O23 - Service R2: LANDesk(R) Software Monitoring Service - (Softmon) - C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
O23 - Service R2: Pulse Secure Service - (PulseSecureService) - C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: Servizio A portata di clic di Microsoft Office - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: Snow Inventory Client - (SnowInventoryClient) - C:\Program Files\INVENTORYCLIENT\client64.exe
O23 - Service R2: Spybot-S&D 2 Scanner Service - (SDScannerService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service R2: Spybot-S&D 2 Security Center Service - (SDWSCService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service R2: Spybot-S&D 2 Updating Service - (SDUpdateService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service R2: Symantec Endpoint Protection - (SepMasterService) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\ccSvcHst.exe /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\sms.dll" /prefetch:1
O23 - Service R2: Symantec Endpoint Protection WSC Service - (sepWscSvc) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\sepWscSvc64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service S2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S2: SpyHunter 5 Kernel - (EsgShKernel) - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service S2: SpyHunter 5 Kernel Monitor - (ShMonitor) - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service S3: LANDesk(R) Extended device discovery service - (LDXDD) - C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: PSEXESVC - C:\WINDOWS\PSEXESVC.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Symantec Network Access Control - (SNAC) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\snac64.exe


--
End of file - Time spent: 32,5 sec. - 39470 bytes, CRC32: FFFFFFFF. Sign: 嵔
Torna in alto
 
Sponsor
Inviato: Friday, March 27, 2020 11:03:43 AM

 
Torna in alto
 
cbbusto
Inviato: Friday, March 27, 2020 11:31:37 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hai un pc parecchio incasinato, in questi casi spy bot non serve a niente, prima operazione che devi fare subito.
Apri HJT- inserisci il segno di spunta nel quadratino davanti a a tutte le righe 01, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Riavvia il pc poi rifai una scansione e posta il nuovo log, poi ti dico cosa, l'importante è eliminare quei file, il log è chilometrico e si fatica a vederlo.
Il pc sarà parecchio lento, e dimmi se ci sono altri problemi.
Cia
Torna in alto
 
ziobleed
Inviato: Friday, March 27, 2020 12:04:39 PM
Rank: Newbie

Iscritto dal : 3/27/2020
Posts: 5
Grazie

Provvedo

ZB
Torna in alto
 
ziobleed
Inviato: Friday, March 27, 2020 12:19:22 PM
Rank: Newbie

Iscritto dal : 3/27/2020
Posts: 5
Ecco un log ridotto

nel precedente avevo, nelle opzioni, impostato lo scanning anche dei file, questo log invece usa le impostazioni di default, solo processi...



Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Enterprise), 10.0.17763.805 (ReleaseId: 1809), Service Pack: 0
Time: 27.03.2020 - 12:17 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: ppiccoli (group: Administrator) on ASSI10496, FirstRun: no

Chrome: 79.0.3945.130
Firefox: 74.0.0.7373
Edge: 11.0.17763.802
Internet Explorer: 11.0.17763.771
Default: "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Internet Explorer)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
2 C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
1 C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
1 C:\Program Files (x86)\LANDesk\LDClient\SelfElectController.exe
1 C:\Program Files (x86)\LANDesk\LDClient\SoftMon.exe
1 C:\Program Files (x86)\LANDesk\LDClient\collector.exe
1 C:\Program Files (x86)\LANDesk\LDClient\issuser.exe
1 C:\Program Files (x86)\LANDesk\LDClient\rcgui.exe
3 C:\Program Files (x86)\LANDesk\LDClient\rckvm.exe
1 C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
1 C:\Program Files (x86)\LANDesk\Shared Files\residentAgent.exe
1 C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
1 C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
1 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\sepWscSvc64.exe
2 C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\ccSvcHst.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\INVENTORYCLIENT\client64.exe
1 C:\Program Files\Notepad++\notepad++.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
1 C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
2 C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
1 C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_3.7.124.0_x64__8wekyb3d8bbwe\Microsoft.Notes.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1910.0.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.20022.81.0_x64__8wekyb3d8bbwe\YourPhoneServer\YourPhoneServer.exe
1 C:\Program Files\glogg\glogg.exe
5 C:\Users\PPiccoli\AppData\Local\Microsoft\Teams\current\Teams.exe
1 C:\Users\PPiccoli\Downloads\RootkitBusterV5.0-1212x64.exe
1 C:\Users\PPiccoli\Downloads\antivirus\installati\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
1 C:\Windows\SysWOW64\cba\pds.exe
1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\CompPkgSrv.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
1 C:\Windows\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxEM.exe
1 C:\Windows\System32\Intel\DPTF\dptf_helper.exe
1 C:\Windows\System32\Intel\DPTF\esif_uf.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\browser_broker.exe
3 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\ibtsiva.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
91 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
3 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.17763.793_none_7defe5934d1eb33a\TiWorker.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://login.microsoftonline.com/login.srf?wa=wsignin1.0&whr=assimoco.it&wreply=https%3A%2F%2Fassimoco.sharepoint.com/
R0 - HKU\S-1-5-21-803227530-2396583660-1199284919-1001\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/?gws_rd=ssl
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33C7B45F-408A-4818-B6EA-B8856AAB196C}: [URL] = http://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7 - Google Italia
R4 - SearchScopes: HKU\S-1-5-21-803227530-2396583660-1199284919-1001\Software\Microsoft\Internet Explorer\SearchScopes\{141C7329-68A4-44C8-910B-2D24BF4D336D}: [URL] = http://www.google.it/#hl=it&source=hp&q={searchTerms}&aq=f&aqi=g10&aql=&oq=&gs_rfai=&fp=9fca69c98b5d77d7 - Google Italia
O1 - Hosts.ICS: 172.24.177.65 DESKTOP-5O3S09B.mshome.net # 2024 5 0 19 7 24 11 886
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_211\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_211\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_211\bin\ssv.dll
O4 - HKCU\..\Run: [Lync] = C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe /fromrunkey
O4 - HKCU\..\Run: [com.squirrel.Teams.Teams] = C:\Users\PPiccoli\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated"
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Session Manager: [BootExecute] = C:\WINDOWS\system32\sdnclean64.exe
O4 - HKU\S-1-5-21-803227530-2396583660-1199284919-1001\..\Run: [com.squirrel.Teams.Teams] = C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (User 'Admin')
O4 - HKU\S-1-5-21-803227530-2396583660-1199284919-1001\..\StartupApproved\Run: [com.squirrel.Teams.Teams] = C:\Users\Admin\AppData\Local\Microsoft\Teams\Update.exe --processStart "Teams.exe" --process-start-args "--system-initiated" (User 'Admin') (2019/05/21)
O4-32 - HKLM\..\Run: [PulseSecure] = C:\Program Files (x86)\Common Files\Pulse Secure\JamUI\Pulse.exe -tray
O4-32 - HKLM\..\Run: [SDTray] = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
O4-32 - HKLM\..\Run: [TeamsMachineInstaller] = C:\Program Files\Teams Installer\Teams.exe --checkInstall --source=PROPLUS (file missing)
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel - present
O6 - IE Policy: HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars\Restrictions - present
O16 - DPF: HKLM\..\{583C990C-2D38-410c-9A4A-0932D66A754F}\DownloadInformation: PulseSetupClientControl64 Class [CODEBASE] = https://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
O16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.211.2 [CODEBASE] = http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0016-0000-0045-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.6.0_45 [CODEBASE] = http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.211.2 [CODEBASE] = http://java.sun.com/update/1.6.0/jinstall-1_6_0_45-windows-i586.cab
O16-32 - DPF: HKLM\..\{8E375A63-C616-46F1-AC77-59DF78F3A826}\DownloadInformation: PulseSetupClientControl Class [CODEBASE] = https://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab
O16-32 - DPF: HKLM\..\{E5F5D008-DD2C-4D32-977D-1A0ADF03058B}\DownloadInformation: JuniperSetupControlXP Class [CODEBASE] = https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
O17 - DHCP DNS 1: 192.168.43.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{a525e928-f2fb-4131-8e0f-1489cf402956}: [Domain] = assimoco.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{a525e928-f2fb-4131-8e0f-1489cf402956}: [NameServer] = 10.165.255.101
O17 - HKLM\System\CCS\Services\Tcpip\..\{a525e928-f2fb-4131-8e0f-1489cf402956}: [NameServer] = 10.165.255.102
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [Domain] = assimoco.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [SearchList] = assimoco.net,1
O20-32 - HKLM\..\Winlogon\Notify\SDWinLogon: [DllName] = SDWinLogon.dll (file missing)
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise1Normal: TortoiseSVN - {C5994560-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise2Modified: TortoiseSVN - {C5994561-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise3Conflict: TortoiseSVN - {C5994562-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise4Locked: TortoiseSVN - {C5994563-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise5ReadOnly: TortoiseSVN - {C5994564-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise6Deleted: TortoiseSVN - {C5994565-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise7Added: TortoiseSVN - {C5994566-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise8Ignored: TortoiseSVN - {C5994567-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise9Unversioned: TortoiseSVN - {C5994568-53D9-4125-87C9-F193FC689CB2} - C:\Program Files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise1Normal: TortoiseSVN - {C5994560-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise2Modified: TortoiseSVN - {C5994561-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise3Conflict: TortoiseSVN - {C5994562-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise4Locked: TortoiseSVN - {C5994563-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise5ReadOnly: TortoiseSVN - {C5994564-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise6Deleted: TortoiseSVN - {C5994565-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise7Added: TortoiseSVN - {C5994566-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise8Ignored: TortoiseSVN - {C5994567-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\ Tortoise9Unversioned: TortoiseSVN - {C5994568-53D9-4125-87C9-F193FC689CB2} - C:\Program Files (x86)\Common Files\TortoiseOverlays\TortoiseOverlays.dll
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Controllo remoto LANDESK - (ISSUSER) - C:\Program Files (x86)\LANDesk\LDClient\issuser.exe /SERVICE
O23 - Service R2: Intel Bluetooth Service - (ibtsiva) - C:\WINDOWS\System32\ibtsiva.exe
O23 - Service R2: Intel Local Scheduler Service - C:\Program Files (x86)\LANDesk\LDClient\LocalSch.EXE
O23 - Service R2: Intel PDS - C:\WINDOWS\system32\CBA\pds.exe (file missing)
O23 - Service R2: Intel(R) Content Protection HDCP Service - (cplspcon) - C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHDCPSvc.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Dynamic Platform and Thermal Framework service - (esifsvc) - C:\WINDOWS\System32\Intel\DPTF\esif_uf.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\igfxCUIService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: LANDESK Targeted Multicast - (LANDesk Targeted Multicast) - C:\Program Files (x86)\LANDesk\LDClient\tmcsvc.exe
O23 - Service R2: LANDesk(R) Management Agent - (CBA8) - C:\Program Files (x86)\LANDesk\Shared Files\residentagent.exe
O23 - Service R2: LANDesk(R) Software Monitoring Service - (Softmon) - C:\Program Files (x86)\LANDesk\LDClient\softmon.exe
O23 - Service R2: Pulse Secure Service - (PulseSecureService) - C:\Program Files (x86)\Common Files\Pulse Secure\JUNS\PulseSecureService.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: Servizio A portata di clic di Microsoft Office - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: Snow Inventory Client - (SnowInventoryClient) - C:\Program Files\INVENTORYCLIENT\client64.exe
O23 - Service R2: Spybot-S&D 2 Scanner Service - (SDScannerService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service R2: Spybot-S&D 2 Security Center Service - (SDWSCService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service R2: Spybot-S&D 2 Updating Service - (SDUpdateService) - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service R2: Symantec Endpoint Protection - (SepMasterService) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\ccSvcHst.exe /s "Symantec Endpoint Protection" /m "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin\sms.dll" /prefetch:1
O23 - Service R2: Symantec Endpoint Protection WSC Service - (sepWscSvc) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\sepWscSvc64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TeamViewer - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\System32\DriverStore\FileRepository\ki131191.inf_amd64_d668106cb6f2eae0\IntelCpHeciSvc.exe
O23 - Service S2: Intel(R) TPM Provisioning Service - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service S2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S2: SpyHunter 5 Kernel - (EsgShKernel) - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service S2: SpyHunter 5 Kernel Monitor - (ShMonitor) - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\79.0.3945.130\elevation_service.exe
O23 - Service S3: Intel(R) Capability Licensing Service TCP IP Interface - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service S3: LANDesk(R) Extended device discovery service - (LDXDD) - C:\Program Files (x86)\LANDesk\LDClient\XDDClient.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: PSEXESVC - C:\WINDOWS\PSEXESVC.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Symantec Network Access Control - (SNAC) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.4815.1101.105\Bin64\snac64.exe


--
End of file - Time spent: 32,5 sec. - 39470 bytes, CRC32: FFFFFFFF. Sign: 嵔
Torna in alto
 
cbbusto
Inviato: Friday, March 27, 2020 4:11:37 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
ora il log è chiaro.
Ci sono delle voci da fixare ed eliminare.
O1 - Hosts.ICS: 172.24.177.65 DESKTOP-5O3S09B.mshome.net # 2024 5 0 19 7 24 11 886

poi disabilita tutte le voci in Avvio che non servono, lascia solo security Healt che è Defender.

Puoi farlo da windows, Fai clic con il pulsante destro del mouse sul pulsante Start , seleziona Gestione attività, quindi seleziona la scheda Avvio. Se la scheda Avvio non è presente, seleziona Più dettagli. Seleziona l'app da modificare, quindi seleziona Disabilita.

Poi il programma Pulse Secure lo conosci e lo hai installato tu, se si ok altrimenti elimina queste voci:
O16 - DPF: HKLM\..\{583C990C-2D38-410c-9A4A-0932D66A754F}\DownloadInformation: PulseSetupClientControl64 Class [CODEBASE] = https://pulsesecure.net/dana-cached/sc/PulseSetupClient64.cab
O16-32 - DPF: HKLM\..\{8E375A63-C616-46F1-AC77-59DF78F3A826}\DownloadInformation: PulseSetupClientControl Class [CODEBASE] = https://pulsesecure.net/dana-cached/sc/PulseSetupClient.cab

Alla fine dovresti fare una pulizia del registro, io ti consiglio E.F.R.C.

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.


Nient'altro. Se il pc funziona bene abbiamo finito. Fai sapere. Ciao
Torna in alto
 
ziobleed
Inviato: Monday, March 30, 2020 9:50:57 AM
Rank: Newbie

Iscritto dal : 3/27/2020
Posts: 5
sei stato gentilissimo,

ho riavviato e sembra funzionare tutto,

Grazie mille!

ZB
Torna in alto
 
cbbusto
Inviato: Monday, March 30, 2020 12:11:02 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
ziobleed ha scritto:
sei stato gentilissimo,

ho riavviato e sembra funzionare tutto,

Grazie mille!

ZB


S è a posto metti Risolto di fianco al titolo.Speak to the hand
Torna in alto
 
ziobleed
Inviato: Monday, March 30, 2020 2:39:15 PM
Rank: Newbie

Iscritto dal : 3/27/2020
Posts: 5
Fatto

grazie ancora

ZB
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » [RISOLTO] log HijackThis sospetto?


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.