Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PREGO CONTROLLO LOG

PREGO CONTROLLO LOG Opzioni
Topic Precedente · Topic Sucessivo
reartu46
Inviato: Monday, March 29, 2021 11:50:04 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Buonasera
ogni tanto vengo a chiedere un po' di aiuto per il mio PC
forse abbastnza anziano ... nonche' LENTISSIMNO
Ho eseguito i vari controlli ed eliminato qualche malware
una quarantina di HOSTS da HJ... poi tutto il resto bene
ma rimane LENTO

Potete farmi il tagliando ? -- GRAZIE ... !!!
Trasmetto il LOG di HJ


Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Home), 10.0.18363.1379 (ReleaseId: 1909), Service Pack: 0
Time: 29.03.2021 - 22:16 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: PINO AL (group: Administrator) on PINOAL-TOSH, FirstRun: no

Chrome: 87.0.4280.88
Firefox: 78.0.2.7494
Edge: 11.0.18362.1350
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2008.12711.0_x64__8wekyb3d8bbwe\LocalBridge.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2020.20120.4004.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12011.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21022.139.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2102.4-0\NisSrv.exe
1 C:\Users\PINO AL\Desktop\ANTIVIRUS MALWARE SPYWARE\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\DSDFunctionKeyCtlService.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\backgroundTaskHost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hasplms.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
84 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://news.google.it/
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.63\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\89.0.774.63\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll
O2-32 - HKLM\..\BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2020/03/16)
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS\System32
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS\System32\Wbem
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS\System32\WindowsPowerShell\v1.0
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Open With JPEGCompress: (default) = C:\Program Files (x86)\JPEGCompress\owjc.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: (no name) [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\ipp: [CLSID] = (no CLSID) - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - (no file)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Nero BackItUp Scheduler 4.0 - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Windows\system32\hasplms.exe -run
O23 - Service S2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S2: Alcatel FOLK Modem Device Helper - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe Files (x86)\INet\BackgroundService\ServiceManager.exe -start
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: IconMan_R - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service S2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service S2: Samsung Cloud Print Service - (SamsungCloudPrintSvc) - C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
O23 - Service S2: Samsung Printer Dianostics Service - C:\WINDOWS\SysWOW64\\spdsvc.exe
O23 - Service S2: Samsung UPD Utility Service - (SamsungUPDUtilSvc) - C:\WINDOWS\SysWoW64\SecUPDUtilSvc.exe
O23 - Service S2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service S2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service S2: TSDSettingService - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\dynabookSystemService.exe
O23 - Service S2: TSDTabletControlService - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\TOSTABSYSSVC.exe
O23 - Service S2: TSDWirelessLEDCtlService - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\RMService.exe
O23 - Service S2: Unchecky - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service S2: dynabook Function Key control service - (DSDFunctionKeyCtlService) - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\DSDFunctionKeyCtlService.exe
O23 - Service S3: CCleaner Browser Elevation Service - (CCleanerBrowserElevationService) - C:\Program Files (x86)\CCleaner Browser\Application\87.0.7072.69\elevation_service.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\87.0.4280.88\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service S3: TOSHIBA HDD SSD Alert Service - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe


--
End of file - Time spent: 102,1 sec. - 20118 bytes, CRC32: FFFFFFFF. Sign: 쵘䊾
Torna in alto
 
Sponsor
Inviato: Monday, March 29, 2021 11:50:04 PM

 
Torna in alto
 
reartu46
Inviato: Tuesday, March 30, 2021 10:57:19 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Leggo su altri post il consiglio di svuotare la cartella Prefech
E' utile ?
debbo lasciare la sottocartella ReadyBoot ?
Torna in alto
 
solfami
Inviato: Tuesday, March 30, 2021 5:09:01 PM

Rank: AiutAmico

Iscritto dal : 11/14/2003
Posts: 2,268
reartu46 ha scritto:
Leggo su altri post il consiglio di svuotare la cartella Prefech
E' utile ?
debbo lasciare la sottocartella ReadyBoot ?


Salve
In genere lascio fare al prog pulitore Ccleaner
ma si può svuotare tutto, tanto si ricrea( W7 )
Per il log devi sentire uno più sicuro, attendi il Pink phanter.
Saluti
Torna in alto
 
wolfestein
Inviato: Tuesday, March 30, 2021 10:17:37 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948
Apri Gestione attività e vedi se c'è qualche programma che assorbe risorse.
Usa PrivaZer(AUP non ha bisogno di installazione)per una pulizia più approfondita.
http://software.aiutamici.com/software?ID=10228
Inoltre vedo che usi Chrome che assorbe un bel pò di ram.
Torna in alto
 
reartu46
Inviato: Tuesday, March 30, 2021 11:48:29 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
wolfestein ha scritto:

Inoltre vedo che usi Chrome che assorbe un bel pò di ram.

Purtroppo molti pregrammi di cui io mi servo girano esclusivamente con Chrome

wolfestein ha scritto:
Apri Gestione attività e vedi se c'è qualche programma che assorbe risorse.


Dove ? Nel pannello di controllo ? Non lo trovo.....
Torna in alto
 
wolfestein
Inviato: Wednesday, March 31, 2021 12:09:10 AM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948
Per sicurezza fai una scansione con ADWCleaner.
http://software.aiutamici.com/software?ID=11168
Potresti per cortesia mettere la configurazione del tuo computer.
Grazie.
Torna in alto
 
reartu46
Inviato: Wednesday, March 31, 2021 12:41:57 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
# -------------------------------
# Malwarebytes AdwCleaner 8.0.9.0
# -------------------------------
# Build: 01-11-2021
# Database: 2021-01-11.1 (Local)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Scan
# -------------------------------
# Start: 03-31-2021
# Duration: 00:04:52
# OS: Windows 10 Home
# Scanned: 31956
# Detected: 0


***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

No malicious folders found.

***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries found.

***** [ Chromium URLs ] *****

No malicious Chromium URLs found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries found.

***** [ Firefox URLs ] *****

No malicious Firefox URLs found.

***** [ Hosts File Entries ] *****

No malicious hosts file entries found.

***** [ Preinstalled Software ] *****

No Preinstalled Software found.

AdwCleaner[S25].txt - [4288 octets] - [20/01/2021 16:22:57]
AdwCleaner[C25].txt - [4458 octets] - [20/01/2021 16:23:33]
AdwCleaner[S26].txt - [4484 octets] - [11/02/2021 23:31:17]
AdwCleaner[C26].txt - [4636 octets] - [11/02/2021 23:31:52]
AdwCleaner[S27].txt - [4606 octets] - [11/03/2021 16:41:25]
AdwCleaner[C27].txt - [4758 octets] - [11/03/2021 17:11:33]
AdwCleaner[S28].txt - [4618 octets] - [29/03/2021 20:16:35]
AdwCleaner[C28].txt - [4789 octets] - [29/03/2021 20:20:30]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[S29].txt ##########
Torna in alto
 
giza
Inviato: Wednesday, March 31, 2021 11:49:01 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,612
dopo aver fatto tutte le pulizie e controlli
http://forum.aiutamici.com/yaf_postst96025_ELIMINARE-PAGINE-PUBBLICITARIE-E-PORCHERIE-VARIE-E-PULIRE-SISTEMA.aspx
compreso start/pulizia disco
e poi ccleaner/strumenti/avvio e disattivato tutto tranne l'antivirus
e dopo aver cancellato in prefect tutto tranne redyboot e layout
e se non hai un ssd aver fatto la deframmentazione, ricontrolla la velocità.
Torna in alto
 
reartu46
Inviato: Wednesday, March 31, 2021 3:19:39 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
giza ha scritto:
dopo aver fatto tutte le pulizie e controlli
http://forum.aiutamici.com/yaf_postst96025_ELIMINARE-PAGINE-PUBBLICITARIE-E-PORCHERIE-VARIE-E-PULIRE-SISTEMA.aspx
compreso start/pulizia disco
e poi ccleaner/strumenti/avvio e disattivato tutto tranne l'antivirus
e dopo aver cancellato in prefect tutto tranne redyboot e layout
e se non hai un ssd aver fatto la deframmentazione, ricontrolla la velocità.


L'avevo gia fatto in precedenza prima di postare il LOG
anche la deframmentazione , tranne pulizia disco

Aspetto che " Pink phanter " mi dia una suo consiglio sul LOG
Torna in alto
 
reartu46
Inviato: Thursday, May 27, 2021 1:09:59 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Torno ad inserire il mio log nella speranza che il buon Claudio mi possa dare un'occhiata
Il PC e' estremamente lento e inoltre ad ogni LOG si formano una quarantina li HOSTS che io " fixo "
ma immancabilmente si riformano
P.S.
eseguo regolarmente tutte le scansioni e mai riesco a scovare qualche malware o virus
quindi non capisco come mai sia cosi lento


Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Home), 10.0.18363.1556 (ReleaseId: 1909), Service Pack: 0
Time: 27.05.2021 - 01:03 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: PINO AL (group: Administrator) on PINOAL-TOSH, FirstRun: no

Chrome: 90.0.4430.212
Firefox: 82.0.3.7617
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument %1 (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
1 C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_12104.1001.1.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.21042.110.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2104.14-0\NisSrv.exe
1 C:\Users\PINO AL\Desktop\ANTIVIRUS MALWARE SPYWARE\HiJackThis\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\SysWOW64\SecUPDUtilSvc.exe
1 C:\Windows\SysWOW64\spdsvc.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
2 C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\DSDFunctionKeyCtlService.exe
1 C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\RMService.exe
1 C:\Windows\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\dynabookSystemService.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hasplms.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\oobe\UserOOBEBroker.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
85 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\usocoreworker.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://news.google.it/
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho_64.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_241\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_241\bin\ssv.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\BHO\ie_to_edge_bho.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_241\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_241\bin\ssv.dll
O2-32 - HKLM\..\BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKCU\..\StartupApproved\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR (2020/03/16)
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS\System32
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS\System32\Wbem
O7 - TroubleShooting: (EV) %PATH% has missing system folder: C:\WINDOWS\System32\WindowsPowerShell\v1.0
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Open With JPEGCompress: (default) = C:\Program Files (x86)\JPEGCompress\owjc.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.241.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\ipp: [CLSID] = (no CLSID) - (no file)
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - (no file)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \S-1-5-21-2608866046-2011528707-3306363976-1000\DataSenseLiveTileTask - C:\WINDOWS\System32\DataUsageLiveTileTask.exe
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: \Mozilla\Firefox Default Browser Agent E7CF176E110C211B - C:\Program Files (x86)\Mozilla Firefox\default-browser-agent.exe do-task "E7CF176E110C211B"
O22 - Task: {714635DD-6F09-4CC3-8A5C-8FE5595D6F63} - c:\program files (x86)\microsoft\edge\application\msedge.exe http://www.skype.com/go/downloading?source=lightinstaller&ver=5.1.0.104&LastError=12007
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Alcatel FOLK Modem Device Helper - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe Files (x86)\INet\BackgroundService\ServiceManager.exe -start
O23 - Service R2: IconMan_R - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Nero BackItUp Scheduler 4.0 - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service R2: Samsung Cloud Print Service - (SamsungCloudPrintSvc) - C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
O23 - Service R2: Samsung Printer Dianostics Service - C:\WINDOWS\SysWOW64\\spdsvc.exe
O23 - Service R2: Samsung UPD Utility Service - (SamsungUPDUtilSvc) - C:\WINDOWS\SysWoW64\SecUPDUtilSvc.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Windows\system32\hasplms.exe -run
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TSDSettingService - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\dynabookSystemService.exe
O23 - Service R2: TSDWirelessLEDCtlService - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\RMService.exe
O23 - Service R2: Unchecky - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service R2: dynabook Function Key control service - (DSDFunctionKeyCtlService) - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\DSDFunctionKeyCtlService.exe
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S2: TSDTabletControlService - C:\WINDOWS\System32\DriverStore\FileRepository\tossrvctl.inf_amd64_b172549968baa801\TOSTABSYSSVC.exe
O23 - Service S3: CCleaner Browser Elevation Service - (CCleanerBrowserElevationService) - C:\Program Files (x86)\CCleaner Browser\Application\87.0.7072.69\elevation_service.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\90.0.4430.212\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service S3: TOSHIBA HDD SSD Alert Service - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe


--
End of file - Time spent: 103 sec. - 23372 bytes, CRC32: FFFFFFFF. Sign: 羓ﹽ
Torna in alto
 
wolfestein
Inviato: Thursday, May 27, 2021 10:45:29 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,948
Nel browser usi un programma per bloccare la pubblicità tipo uBlock Origin.
Torna in alto
 
reartu46
Inviato: Monday, May 31, 2021 9:30:51 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
wolfestein ha scritto:
Nel browser usi un programma per bloccare la pubblicità tipo uBlock Origin.


NO


CBBUSTO non e' più con noi ...
è tanto che non vedo un suo intervento
forse rivolge le sue attenzioni su un altro sito ?
Torna in alto
 
cbbusto
Inviato: Monday, May 31, 2021 2:10:24 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
reartu46 ha scritto:
wolfestein ha scritto:
Nel browser usi un programma per bloccare la pubblicità tipo uBlock Origin.


NO


CBBUSTO non e' più con noi ...
è tanto che non vedo un suo intervento
forse rivolge le sue attenzioni su un altro sito ?

Tranquillo ci sono ancora, passo poco nel forum. controllo e poi ti rispondo in giornata. ciao
Torna in alto
 
cbbusto
Inviato: Monday, May 31, 2021 6:56:07 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Allora Dal log non risultano infezioni, ci sono dei programmi inutili che consumano Ram e restano sempre attivi.
I file Svchost è inutile eliminarli, si riformano sempre è normale.
In win10 anche la deframmentazione è inutile, la fa lo stesso programma.

Fixa ed elimina le seguenti voci:
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
Software vecchio non serve e rimane sempre in memoria, veniva usato con win XP

El9iminare anche TOODSrv, è un programma della Toshiba consente di scrivere dati su CD e DVD, non è un processo essenziale, io ho un disco esterno Toshiba ma non lo uso.
1 C:\Windows\System32\TODDSrv.exe
Devi disattivarlo anche dai servizi.
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
Se non riesci vai in Windows/system32 e lo elimini senza problemi.
Questo altro programma lo usi? in win 10 non serve proprio:
1 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

1 C:\Windows\System32\oobe\UserOOBEBroker.exe
Altro programma da eliminare, inutile processo da disabilitare:

Visto che gli altri di pulizia li conosci già, ti consiglio di fare una buona pulizia del registro:
Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Elimina anche i file Prefect tutti e anche i file della cartella redyboot
Non c'è altro, fai sapere se ci sono delle migliorie.
Torna in alto
 
cbbusto
Inviato: Thursday, June 10, 2021 4:05:31 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
io ti ho risposto il 31 maggio ma non ti sei fatto più vivo, hai sistemato ? fai sapere. Ciao
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PREGO CONTROLLO LOG


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.