Ciao Claudio
sei un vero aiutamici .... nel senso vero della parola .... non ti tiri mai indietro nell'aiutare persone che come me brancolano nel buio
ti ringrazio

Prima di postare il LOG ti auguro una buona Pasqua

Ecco

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Home), 10.0.17763.437 (ReleaseId: 1809), Service Pack: 0
Time: 21.04.2019 - 01:24 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: PINO AL (group: Administrator) on PINOAL-TOSH, FirstRun: yes

Chrome: 73.0.3683.103
Firefox: 47.0.2.6148
Edge: 11.0.17763.437
Internet Explorer: 11.0.17763.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.714.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Users\PINO AL\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\PINO AL\Downloads\HiJackThis.exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\SysWOW64\SecUPDUtilSvc.exe
1 C:\Windows\SysWOW64\spdsvc.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hasplms.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
86 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://news.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_it - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [SuggestionsURLFallback] = http://ie8.ebay.com/open-search/output-xml.php?q={searchTerms}&c=0 - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [URL] = http://rover.ebay.com/rover/1/724-44559-9400-8/4?satitle={searchTerms} - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [SuggestionsURLFallback] = http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSearch&AWSAccessKeyId=15HRV3AZSMPK0GXTY102&AssociateTag=ie8suggestion-20&ResponseGroup=ItemAttributes,OfferListings,Reviews,Images&MerchantId=FeaturedBuyBoxMerchant&SearchIndex=All&Keywords={searchTerms}&Style=http%3A%2F%2Fg-ecx.images-amazon.com%2Fimages%2FG%2F01%2FAssociates%2FApps%2FIE8Search%2FOpenSearchDescription.xml - Amazon
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [URL] = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 - Amazon
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google.com

ELIMINATI TUTTI GLI HOSTS 01 DAL QUESTO LOG

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2-32 - HKLM\..\BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [EEDSpeedLauncher] = C:\WINDOWS\system32\eed_ec.dll C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [OneDrive] = C:\Users\PINO AL\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] = C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe -update plugin
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [CDAServer] = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (2019/03/06)
O4 - Startup other users: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Startup other users: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Open With JPEGCompress: (default) = C:\Program Files (x86)\JPEGCompress\owjc.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.60.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.5.0_16 [CODEBASE] = http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.7.0_55 [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.7.0_67 [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_31 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_60 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.60.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\HPDCS: [CLSID] = {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppfile: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppsam: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppzip: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\ipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Alcatel FOLK Modem Device Helper - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe Files (x86)\INet\BackgroundService\ServiceManager.exe -start
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Nero BackItUp Scheduler 4.0 - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service R2: Samsung Cloud Print Service - (SamsungCloudPrintSvc) - C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
O23 - Service R2: Samsung Printer Dianostics Service - C:\WINDOWS\SysWOW64\\spdsvc.exe
O23 - Service R2: Samsung UPD Utility Service - (SamsungUPDUtilSvc) - C:\WINDOWS\SysWoW64\SecUPDUtilSvc.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Windows\system32\hasplms.exe -run
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TOSHIBA Power Saver - (TosCoSrv) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service R2: Unchecky - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: IconMan_R - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service S2: Servizio di Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc
O23 - Service S3: GameConsoleService - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Notebook Performance Tuning Service (TEMPRO) - (TemproMonitoringService) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service S3: TOSHIBA HDD SSD Alert Service - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe


--
End of file - Time spent: 85,4 sec. - 1290744 bytes, CRC32: FFFFFFFF. Sign: 䗰䕋

Il PC e' diventato maledettamente lento

mi auguro che sia semplice leggere questo LOG ed eventualmente correggere
Grazie

intanto vai su jhiac, e seleziona scan only. poi metti la spunta su tutti gli 01
e sugli 04 (tranne l'antivirus) poi in basso fixa . fai una nuova scansione e postala.
p.s. torna sul post con edit e cancella i kilometrici 01. ciao
per il resto aspetta cbbusto

Ciao e buona Pasqua, come immaginavo hai un macello di 01 host, la maggior parte sono dirottatori e diversi malware, poi ci sono anche siti regolari, sono diverse migliaia dove sei andato a prenderli non lo so, adesso fai qoeste operazioni:

Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Le voci 01 se presenti vanno sempre eliminate tutte

Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......lasciare solo l'antivirus.
I malware si diffondono all’interno del sistema operativo Windows, spesso a velocità sorprendenti, proprio sfruttando i programmi presenti in esecuzione automatica.

Ricorda che Hijackthis deve essere avviato da una cartella a lui dedicata sul desktop. Solo così Hijackthis creerà copie di backup di quello che viene eliminato prima di apportare modifiche, così in caso di inconvenienti si possono reinstallare.

Con pazienza seleziona tutte le voci 01e le fixi tutte

O4 - HKCU\..\Run: [EEDSpeedLauncher] = C:\WINDOWS\system32\eed_ec.dll C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [OneDrive] = C:\Users\PINO AL\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] = C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe -update plugin
O4 - HKLM\..\Run: [HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [CDAServer] = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (2019/03/06)
O4 - Startup other users: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Startup other users: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

Poi fai la pulizia del registro col seguente programma:
Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Quando hai finito rifai una nuova scansione con HJT e posta il nuovo log, vedo cos'è rimasto e vediamo se c'è altro da fare.

Aggiungo una breve spiegazione sui file Hosts.
File hosts: cos'è e a cosa serve
Il file host è un file di testo semplice alla stregua di qualsiasi altro .txt .
Il file hosts serve a collegare 2 indirizzi IP, senza bisogno di contattare il server DNS.
Tutti quei file 01 che avevi erano tutti reindirizzamenti nel file hosts, alcuni indirizzi anche nocivi.
Un utente normale usa i DNS molto più comodi e veloci.

I file hosts vengono salvati sul disco fisso e si trova:

C:\Windows\System32\drivers\etc\hosts

Fammi sapere se il pc è migliorato, non fare altro aspetta la mia risposta, oggi e domani avrò poco tempo, abbi pazienza. Ciao

Sono appena rientrato e cerco di rispondere alla tua domanda, intanto non sono per niente un mago, cerco di documentarmi e cercare di scoprire quali sono i file pericolosi, ma c'e sempre da imparare. Il sito che controllava il log postato e ti forniva risultati non esiste più, col nuovo Hjt, che presenta molte più voci e da la possibilità di fare altre operazioni, devi controllare tutte le voci capire quali sono i file nocivi facendo diverse ricerche, un lavoro abbastanza lungo.
Ho visto che hai la release 1809 questa è stata bloccata dalla Microsoft perchè ha dato parecchi problemi, verrà ripresentato un nuovo aggiornamento a maggio, non so se ti è arrivato l'update o sei andato tu a ricercare quella release, io non l'ho fatta e sono ancora alla 1803.
Poi vedo che hai installato Avast che è un mattone, io ti consiglio di rimuoverlo e attivare Defender che in win 10 è fra i migliori e molto più leggero, il mio è solo un consiglio poi decidi tu.

Apri Hjt ed elimina anche le seguenti voci:

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_it - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [SuggestionsURLFallback] = http://ie8.ebay.com/open-search/output-xml.php?q={searchTerms}&c=0 - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [URL] = http://rover.ebay.com/rover/1/724-44559-9400-8/4?satitle={searchTerms} - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [SuggestionsURLFallback] = http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSearch&AWSAccessKeyId=15HRV3AZSMPK0GXTY102&AssociateTag=ie8suggestion-20&ResponseGroup=ItemAttributes,OfferListings,Reviews,Images&MerchantId=FeaturedBuyBoxMerchant&SearchIndex=All&Keywords={searchTerms}&Style=http%3A%2F%2Fg-ecx.images-amazon.com%2Fimages%2FG%2F01%2FAssociates%2FApps%2FIE8Search%2FOpenSearchDescription.xml - Amazon
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [URL] = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 - Amazon
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google

Fai una scansione con Malwarebytes, poi con Adwcleaner e anche con Junkware Removal Tool che ancora funziona, lo puoi scaricare da qui:
https://www.bleepingcomputer.com/download/junkware-removal-tool/
Se ancora il pc dovesse essere lento allora è un problema serio, potrebbe essere necessario reinizializzare il sistema, fai sapere.
Ciao e buona notte-

Hjt lo hai nel portatile, hai l'eseguibile lo copi su una chiavetta e poi fai la scansione su XP, se non dovesse funzionare, allora usa la vecchia versione che per xp va molto bene, ti ricordo che c'è anche la versione portable la scarichi sempre dal portatile e poi lanci l'eseguibile da xp. Ciao