Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » analisi file di HIJackthis

2 pages: [1] 2
analisi file di HIJackthis Opzioni
Topic Precedente · Topic Sucessivo
saltacaresoni
Inviato: Tuesday, March 24, 2020 5:04:44 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
Torna in alto
 
Sponsor
Inviato: Tuesday, March 24, 2020 5:04:44 PM

 
Torna in alto
 
cbbusto
Inviato: Tuesday, March 24, 2020 10:46:10 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Il log che hai messo non va bene, hai usato una vecchia versione di HJT, scarica la nuova che è la 2.9.0.18 la trovi su aiutamici, qui:
http://software.aiutamici.com/software?ID=11175
Posta il nuovo log.
Dimmi anche che problemi ha il pc.
Ciao
Torna in alto
 
saltacaresoni
Inviato: Wednesday, March 25, 2020 8:27:28 AM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Education), 10.0.17134.1365 (ReleaseId: 1803), Service Pack: 0
Time: 25.03.2020 - 08:13 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: IO-SUPER (group: Administrator) on DESKTOP-SDAIN6U, FirstRun: yes

Chrome: 80.0.3987.149
Firefox: 70.0.0.7228
Edge: 11.0.17134.1345
Internet Explorer: 11.0.17134.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
1 C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Program Files\WindowsApps\Microsoft.XboxGamingOverlay_1.16.1012.0_x64__8wekyb3d8bbwe\GameBar.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
1 C:\Users\IO-SUPER\Desktop\HiJackThis\HiJackThis.exe
2 C:\Windows\SysWOW64\svchost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\ViakaraokeSrv.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
68 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
7 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/?gws_rd=ssl
O1 - Hosts: 127.0.0.1 platform.wondershare.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O4 - HKCU\..\Run: [CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe
O4 - HKCU\..\StartupApproved\Run: [Avanquest Message] = C:\Users\IO-SUPER\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe (2016/11/19)
O4 - HKCU\..\StartupApproved\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (2016/10/05)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/06/05)
O4 - HKCU\..\StartupApproved\Run: [DAEMON Tools Lite Automount] = C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun (2019/06/05)
O4 - HKCU\..\StartupApproved\Run: [Lync] = C:\Program Files\Microsoft Office\Office16\lync.exe /fromrunkey (2016/12/14)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\IO-SUPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2016/12/16)
O4 - HKCU\..\StartupApproved\Run: [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (2018/06/05)
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (2019/02/26)
O4 - HKLM\..\StartupApproved\Run32: [MalTray] = C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun (2018/04/09)
O4 - HKLM\..\StartupApproved\Run32: [NBKeyScan] = C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (2016/10/05)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2019/02/26)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2019/02/26)
O4 - HKLM\..\StartupApproved\Run: [MRT] = C:\WINDOWS\system32\MRT-KB890830.exe /R (2017/03/21)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 152.195.53.24 (mirrored) - Action: Block
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 54.164.247.213 (mirrored) - Action: Block
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 54.85.42.146 (mirrored) - Action: Block
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 93.184.219.20 (mirrored) - Action: Block
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: "VIA Karaoke digital mixer Service" ; {PlaceHolder="UAA","High Definition Audio"} - (VIAKaraokeService) - C:\WINDOWS\system32\viakaraokesrv.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Disc Soft Lite Bus Service - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\elevation_service.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NMIndexingService - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Nero BackItUp Scheduler 3 - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe


--
End of file - Time spent: 45 sec. - 22992 bytes, CRC32: FFFFFFFF. Sign: ﹳﵨ



Quando metto il PC in sospensione e poi lo rilancio digitando o il mause o un tasto il PC riprende la schermata e l'eventuale lavoro (WORD PDF EXCELL) ma l'audio si spegne mi dice nessun altoparlante acceso.
Quindi devo spegnerlo con il pulsante arresto e poi riaccenderlo e allora torna l'audio a volte questa operazione devo farla due volte e oltre .
Il tasto sospensione mi è molto utile perché lascio il lavoro e poi lo riprendo quando ho tempo e il Pc mi si riprende in poco tempo.
Grazie per L'aiuto
Torna in alto
 
cbbusto
Inviato: Wednesday, March 25, 2020 7:23:59 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ti rispondo più tardi, ti posso dire che lasciare in sospensione il pc non è consigliabile, io lo spengo e riaccendo anche se devo fermarmi per 1 ora.
Torna in alto
 
saltacaresoni
Inviato: Wednesday, March 25, 2020 8:02:03 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
Torna in alto
 
saltacaresoni
Inviato: Wednesday, March 25, 2020 8:46:31 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
Cosa significa quando dici che la sospensione non è consigliabile?
Torna in alto
 
cbbusto
Inviato: Wednesday, March 25, 2020 11:09:28 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
saltacaresoni ha scritto:
Cosa significa quando dici che la sospensione non è consigliabile?


perchè può succedere quello che succede a te, e poi si preserva meglio il disco. Comunque ognuno agisce come preferisce.
Per quanto riguarda il log, apri HJT poi fixa e elimina le seguenti righe:

O1 - Hosts: 127.0.0.1 platform.wondershare.com
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 lmlicenses.wip4.adobe.com
O1 - Hosts: 127.0.0.1 lm.licenses.adobe.com
O1 - Hosts: 127.0.0.1 na1r.services.adobe.com
O1 - Hosts: 127.0.0.1 hlrcv.stage.adobe.com
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 152.195.53.24 (mirrored) - Action: Block
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 54.164.247.213 (mirrored) - Action: Block
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 54.85.42.146 (mirrored) - Action: Block
O7 - IPSec: Name: IObit ButtPlug (2017/09/27) - {9dd418d0-9e27-4378-b201-048cb5dab85c} - Source: my IP - Destination: IP: 93.184.219.20 (mirrored) - Action: Block

Poi devi disattivare tutte le voci In avvio automatico tranne l'antivirus defender, puoi farlo anche con Ccleaner, vai in Strumenti/Avvio seleziona le voci e fai doppio clic su ognuna e il programma viene disattivato, ovviamente i programmi non vengono toccati.
Poi fai una pulizia del Registro, col seguente programma:

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
alla fine rifai una scansione con HJT e posta il nuovo log.
Fai sapere come va il pc.
Fai sapere
Torna in alto
 
saltacaresoni
Inviato: Thursday, March 26, 2020 9:09:06 AM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
Vi posto il file di HJT ho fatto un riavvio a presto vi saproò dire come và comunque già con il riavvio sembra il PC più reattivo .
Grazie

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Education), 10.0.17134.1365 (ReleaseId: 1803), Service Pack: 0
Time: 26.03.2020 - 09:05 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: IO-SUPER (group: Administrator) on DESKTOP-SDAIN6U, FirstRun: yes

Chrome: 80.0.3987.149
Firefox: 70.0.0.7228
Edge: 11.0.17134.1345
Internet Explorer: 11.0.17134.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
1 C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler.exe
1 C:\Program Files (x86)\Google\Update\1.3.35.452\GoogleCrashHandler64.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
1 C:\Program Files (x86)\NVIDIA Corporation\NvNode\nvnodejslauncher.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
2 C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Program Files\WindowsApps\AdobeNotificationClient_1.0.1.22_x86__enpm4xejd91yc\AdobeNotificationClient.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.20022.11011.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2003.8-0\NisSrv.exe
1 C:\Users\IO-SUPER\Desktop\HiJackThis\HiJackThis.exe
2 C:\Windows\SysWOW64\svchost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
2 C:\Windows\System32\CompatTelRunner.exe
9 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\ViakaraokeSrv.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\backgroundTaskHost.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dasHost.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
70 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
6 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
2 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/?gws_rd=ssl
O4 - HKCU\..\StartupApproved\Run: [Avanquest Message] = C:\Users\IO-SUPER\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe (2016/11/19)
O4 - HKCU\..\StartupApproved\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] = C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (2016/10/05)
O4 - HKCU\..\StartupApproved\Run: [CCXProcess] = C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe (2020/03/26)
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2019/06/05)
O4 - HKCU\..\StartupApproved\Run: [DAEMON Tools Lite Automount] = C:\Program Files\DAEMON Tools Lite\DTAgent.exe -autorun (2019/06/05)
O4 - HKCU\..\StartupApproved\Run: [Lync] = C:\Program Files\Microsoft Office\Office16\lync.exe /fromrunkey (2016/12/14)
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\IO-SUPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2016/12/16)
O4 - HKCU\..\StartupApproved\Run: [Sidebar] = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (2018/06/05)
O4 - HKLM\..\StartupApproved\Run32: [Adobe Creative Cloud] = C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true (2019/02/26)
O4 - HKLM\..\StartupApproved\Run32: [MalTray] = C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun (2018/04/09)
O4 - HKLM\..\StartupApproved\Run32: [NBKeyScan] = C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (2016/10/05)
O4 - HKLM\..\StartupApproved\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (2019/02/26)
O4 - HKLM\..\StartupApproved\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (2019/02/26)
O4 - HKLM\..\StartupApproved\Run: [MRT] = C:\WINDOWS\system32\MRT-KB890830.exe /R (2017/03/21)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco1: AccExtIco1 Class - {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco2: AccExtIco2 Class - {853B7E05-C47D-4985-909A-D0DC5C6D7303} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\ AccExtIco3: AccExtIco3 Class - {42D38F2E-98E9-4382-B546-E24E4D6D04BB} - C:\Program Files (x86)\Common Files\Adobe\CoreSyncExtension\CoreSync_x64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: "VIA Karaoke digital mixer Service" ; {PlaceHolder="UAA","High Definition Audio"} - (VIAKaraokeService) - C:\WINDOWS\system32\viakaraokesrv.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: AdobeUpdateService - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA LocalSystem Container - (NvContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerLocalSystem -a -f "C:\ProgramData\NVIDIA\NvContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\LocalSystem" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Disc Soft Lite Bus Service - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\80.0.3987.149\elevation_service.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: NMIndexingService - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service S3: NVIDIA NetworkService Container - (NvContainerNetworkService) - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe -s NvContainerNetworkService -f "C:\ProgramData\NVIDIA\NvContainerNetworkService.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvContainer\plugins\NetworkService" -r -p 30000 -st "C:\Program Files\NVIDIA Corporation\NvContainer\NvContainerTelemetryApi.dll"
O23 - Service S3: Nero BackItUp Scheduler 3 - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.236\WsAppService.exe


--
End of file - Time spent: 81,9 sec. - 21348 bytes, CRC32: FFFFFFFF. Sign: 㛝聙
Torna in alto
 
cbbusto
Inviato: Thursday, March 26, 2020 12:21:55 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
I programmi in Avvio sono rimasti tutti, e questi rallentano.
Torna in alto
 
saltacaresoni
Inviato: Thursday, March 26, 2020 1:29:53 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
In Cleaner me li da tutti disattivati!!!!
Torna in alto
 
saltacaresoni
Inviato: Thursday, March 26, 2020 1:34:38 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
Ti invio i programmi disattivati da Cleaner


No HKCU:Run Avanquest Message Avanquest Software "C:\Users\IO-SUPER\AppData\Local\Avanquest\Avanquest Message\AQNotif.exe"
No HKCU:Run BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} Nero AG "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
No HKCU:Run CCleaner Smart Cleaning Piriform Ltd "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
No HKCU:Run CCXProcess Adobe Systems Incorporated "C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe"
No HKCU:Run DAEMON Tools Lite Automount Disc Soft Ltd "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
No HKCU:Run Lync Microsoft Corporation "C:\Program Files\Microsoft Office\Office16\lync.exe" /fromrunkey
No HKCU:Run OneDrive Microsoft Corporation "C:\Users\IO-SUPER\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
No HKCU:Run Sidebar Microsoft Corporation C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
No HKCU:Run Sidebar Microsoft Corporation C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun
No HKCU:Run Steam Valve Corporation "C:\Program Files (x86)\Steam\steam.exe" -silent
No HKLM:Run Adobe Creative Cloud Adobe Inc. "C:\Program Files\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
No HKLM:Run AdobeAAMUpdater-1.0 Adobe Systems Incorporated "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
No HKLM:Run AdobeGCInvoker-1.0 Adobe Systems, Incorporated "C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe"
No HKLM:Run MalTray Glarysoft Ltd C:\Program Files (x86)\Glarysoft\Malware Hunter\mhtray.exe /autorun
No HKLM:Run MRT Microsoft Corporation "C:\WINDOWS\system32\MRT-KB890830.exe" /R
No HKLM:Run NBKeyScan Nero AG "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
No HKLM:Run NvBackend
No HKLM:Run StartCCC Advanced Micro Devices, Inc. "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
Torna in alto
 
cbbusto
Inviato: Thursday, March 26, 2020 4:49:32 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
In effeti sono disattivati, non capisco perchè appaiono ancora nel log.
Prova a controllare da windows cosa risulta:
Fai clic con il pulsante destro del mouse sul pulsante Start , seleziona Gestione attività, quindi seleziona la scheda Avvio. Se la scheda Avvio non è presente, seleziona Più dettagli. Seleziona l'app da modificare, quindi seleziona Abilita per eseguirla all'avvio o Disabilita in caso contrario.
Comunque se il pc è migliorato, va bene.

Potresti cancellare il primo log col vecchioHJT perchè crea confusione. Ciao
Torna in alto
 
saltacaresoni
Inviato: Thursday, March 26, 2020 5:53:54 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
come si cancella ? ti ringrazio
Torna in alto
 
cbbusto
Inviato: Thursday, March 26, 2020 6:55:51 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
saltacaresoni ha scritto:
come si cancella ? ti ringrazio


devi aprire il tuo topic e poi cliccare su Edit in alto a destra, seleziona quello che devi cancellare e lo elimini.
Torna in alto
 
saltacaresoni
Inviato: Friday, March 27, 2020 8:55:52 AM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
non c'è l'opzione elimina!!
Torna in alto
 
saltacaresoni
Inviato: Friday, March 27, 2020 8:58:40 AM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
ok fatto scusate!
Torna in alto
 
cbbusto
Inviato: Friday, March 27, 2020 11:16:46 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
In windows nei passagi che ti ho indicato, hai trovato i file in avvio da disabilitare?
Torna in alto
 
saltacaresoni
Inviato: Friday, March 27, 2020 1:36:43 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
si da gestione attività la scheda avvio ha vari programmi tutti con lo stato disabilitato
Torna in alto
 
saltacaresoni
Inviato: Friday, March 27, 2020 1:42:22 PM

Rank: AiutAmico

Iscritto dal : 11/15/2014
Posts: 76
proprio ora ho lasciato in sospensione per prova il PC circa mezz'ora e poi all'accensione con un tasto si è ripresentato il problema mi ha dato errore con schermata azzurra ha fatto una scansione fino al 100% e poi ha riavviato il PC con l'audio disabilitato con l'icona la x rossa.
poi arrestando e riavviando il PC ritorna l'audio d'oh!
Torna in alto
 
Utenti presenti in questo topic
Guest

2 pages: [1] 2

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » analisi file di HIJackthis


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.