Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

virus Trojan ? Opzioni
reartu46
Inviato: Tuesday, April 09, 2019 10:40:28 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
???
Sponsor
Inviato: Tuesday, April 09, 2019 10:40:28 PM

 
cbbusto
Inviato: Friday, April 19, 2019 11:49:57 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Non so se hai già risolto, ho visto solo ora il tuo post.
Comunque dal log che hai messo non si nota niente perchè hai usato una vecchia versione di HJT. Devi usare la nuova versione HijackThis Fork3.

Download nuovo HijackThis Fork3
https://www.yourlifeupdated.net/programmi/hijackthis-e-rinato-ecco-hijackthis-fork-ripara-errori-di-windows/
Scorri la pagina e clicca su: Download HijackThis Fork 3
Appare un file binary- salva il file poi lo apri fai una nuova scansione e posti il log, il procedimento è come il precedente.
reartu46
Inviato: Sunday, April 21, 2019 1:33:04 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Ciao Claudio
sei un vero aiutamici .... nel senso vero della parola .... non ti tiri mai indietro nell'aiutare persone che come me brancolano nel buio
ti ringrazio

Prima di postare il LOG ti auguro una buona Pasqua

Ecco

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Home), 10.0.17763.437 (ReleaseId: 1809), Service Pack: 0
Time: 21.04.2019 - 01:24 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: PINO AL (group: Administrator) on PINOAL-TOSH, FirstRun: yes

Chrome: 73.0.3683.103
Firefox: 47.0.2.6148
Edge: 11.0.17763.437
Internet Explorer: 11.0.17763.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
14 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11811.1001.27.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.714.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Users\PINO AL\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\PINO AL\Downloads\HiJackThis.exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\SysWOW64\SecUPDUtilSvc.exe
1 C:\Windows\SysWOW64\spdsvc.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
1 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hasplms.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
86 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://news.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_it - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [SuggestionsURLFallback] = http://ie8.ebay.com/open-search/output-xml.php?q={searchTerms}&c=0 - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [URL] = http://rover.ebay.com/rover/1/724-44559-9400-8/4?satitle={searchTerms} - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [SuggestionsURLFallback] = http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSearch&AWSAccessKeyId=15HRV3AZSMPK0GXTY102&AssociateTag=ie8suggestion-20&ResponseGroup=ItemAttributes,OfferListings,Reviews,Images&MerchantId=FeaturedBuyBoxMerchant&SearchIndex=All&Keywords={searchTerms}&Style=http%3A%2F%2Fg-ecx.images-amazon.com%2Fimages%2FG%2F01%2FAssociates%2FApps%2FIE8Search%2FOpenSearchDescription.xml - Amazon
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [URL] = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 - Amazon
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google.com

ELIMINATI TUTTI GLI HOSTS 01 DAL QUESTO LOG

O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2-32 - HKLM\..\BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [EEDSpeedLauncher] = C:\WINDOWS\system32\eed_ec.dll C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [OneDrive] = C:\Users\PINO AL\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] = C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe -update plugin
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [CDAServer] = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (2019/03/06)
O4 - Startup other users: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Startup other users: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Open With JPEGCompress: (default) = C:\Program Files (x86)\JPEGCompress\owjc.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.60.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.5.0_16 [CODEBASE] = http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.7.0_55 [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.7.0_67 [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_31 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_60 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.60.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\HPDCS: [CLSID] = {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppfile: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppsam: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppzip: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\ipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Alcatel FOLK Modem Device Helper - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe Files (x86)\INet\BackgroundService\ServiceManager.exe -start
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Nero BackItUp Scheduler 4.0 - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service R2: Samsung Cloud Print Service - (SamsungCloudPrintSvc) - C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
O23 - Service R2: Samsung Printer Dianostics Service - C:\WINDOWS\SysWOW64\\spdsvc.exe
O23 - Service R2: Samsung UPD Utility Service - (SamsungUPDUtilSvc) - C:\WINDOWS\SysWoW64\SecUPDUtilSvc.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Windows\system32\hasplms.exe -run
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TOSHIBA Power Saver - (TosCoSrv) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service R2: Unchecky - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: IconMan_R - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service S2: Servizio di Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc
O23 - Service S3: GameConsoleService - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Notebook Performance Tuning Service (TEMPRO) - (TemproMonitoringService) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service S3: TOSHIBA HDD SSD Alert Service - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe


--
End of file - Time spent: 85,4 sec. - 1290744 bytes, CRC32: FFFFFFFF. Sign: 䗰䕋

Il PC e' diventato maledettamente lento

mi auguro che sia semplice leggere questo LOG ed eventualmente correggere
Grazie
reartu46
Inviato: Sunday, April 21, 2019 1:49:57 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
con il vecchio HJ bastava collegarsi al sito
https://www.hijackthis.de/index.php
e vedevi se c'erano virus (notavo allora una grande "X" rossa
Ora questo sito non funziona piu'

Come fai a leggere il mio LOG ?

e' solo una curiosita' non ho la giusta competenza per saper interpretare anomalie e sanarle
Tu sei il mago del forum
Buonanotte
giza
Inviato: Sunday, April 21, 2019 10:35:21 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,410
intanto vai su jhiac, e seleziona scan only. poi metti la spunta su tutti gli 01
e sugli 04 (tranne l'antivirus) poi in basso fixa . fai una nuova scansione e postala.
p.s. torna sul post con edit e cancella i kilometrici 01. ciao
per il resto aspetta cbbusto
reartu46
Inviato: Sunday, April 21, 2019 11:05:50 AM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
grazie giza
mi spieghi cosa sono questi kilometrici host ?
se li fixo e quindi li cancello che succede ?
cbbusto
Inviato: Sunday, April 21, 2019 12:41:03 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ciao e buona Pasqua, come immaginavo hai un macello di 01 host, la maggior parte sono dirottatori e diversi malware, poi ci sono anche siti regolari, sono diverse migliaia dove sei andato a prenderli non lo so, adesso fai qoeste operazioni:

Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Le voci 01 se presenti vanno sempre eliminate tutte

Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......lasciare solo l'antivirus.
I malware si diffondono all’interno del sistema operativo Windows, spesso a velocità sorprendenti, proprio sfruttando i programmi presenti in esecuzione automatica.

Ricorda che Hijackthis deve essere avviato da una cartella a lui dedicata sul desktop. Solo così Hijackthis creerà copie di backup di quello che viene eliminato prima di apportare modifiche, così in caso di inconvenienti si possono reinstallare.

Con pazienza seleziona tutte le voci 01e le fixi tutte

O4 - HKCU\..\Run: [EEDSpeedLauncher] = C:\WINDOWS\system32\eed_ec.dll C:\WINDOWS\system32\eed_ec.dll,SpeedLauncher
O4 - HKCU\..\Run: [OneDrive] = C:\Users\PINO AL\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (Microsoft)
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] = C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe -update plugin
O4 - HKLM\..\Run: [HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVBg] = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\StartupApproved\Run: [CDAServer] = C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe (2019/03/06)
O4 - Startup other users: C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe
O4 - Startup other users: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe

Poi fai la pulizia del registro col seguente programma:
Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.
Quando hai finito rifai una nuova scansione con HJT e posta il nuovo log, vedo cos'è rimasto e vediamo se c'è altro da fare.

Aggiungo una breve spiegazione sui file Hosts.
File hosts: cos'è e a cosa serve
Il file host è un file di testo semplice alla stregua di qualsiasi altro .txt .
Il file hosts serve a collegare 2 indirizzi IP, senza bisogno di contattare il server DNS.
Tutti quei file 01 che avevi erano tutti reindirizzamenti nel file hosts, alcuni indirizzi anche nocivi.
Un utente normale usa i DNS molto più comodi e veloci.

I file hosts vengono salvati sul disco fisso e si trova:

C:\Windows\System32\drivers\etc\hosts

Fammi sapere se il pc è migliorato, non fare altro aspetta la mia risposta, oggi e domani avrò poco tempo, abbi pazienza. Ciao

reartu46
Inviato: Sunday, April 21, 2019 4:18:46 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Buongiorno
grazie per i tuoi suggerimenti
ho eseguito quanto da te consigliato
Il PC e' ancora lento
ti posto il nuovo LOG

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x64 Windows 10 (Home), 10.0.17763.437 (ReleaseId: 1809), Service Pack: 0
Time: 21.04.2019 - 16:13 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: PINO AL (group: Administrator) on PINOAL-TOSH, FirstRun: no

Chrome: 73.0.3683.103
Firefox: 47.0.2.6148
Edge: 11.0.17763.437
Internet Explorer: 11.0.17763.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
1 C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe.bak
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe.bak
1 C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.42.60.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19032.714.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.19031.11411.0_x64__8wekyb3d8bbwe\Music.UI.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Users\PINO AL\Desktop\HiJackThis.exe
2 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
1 C:\Windows\SysWOW64\SecUPDUtilSvc.exe
1 C:\Windows\SysWOW64\spdsvc.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
5 C:\Windows\System32\MicrosoftEdgeCP.exe
1 C:\Windows\System32\MicrosoftEdgeSH.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\SrTasks.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\VSSVC.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
2 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hasplms.exe
1 C:\Windows\System32\hkcmd.exe.bak
1 C:\Windows\System32\igfxpers.exe.bak
1 C:\Windows\System32\igfxtray.exe.bak
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\mqsvc.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\snmp.exe
1 C:\Windows\System32\spoolsv.exe
82 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://news.google.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_it - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [SuggestionsURLFallback] = http://ie8.ebay.com/open-search/output-xml.php?q={searchTerms}&c=0 - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [URL] = http://rover.ebay.com/rover/1/724-44559-9400-8/4?satitle={searchTerms} - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [SuggestionsURLFallback] = http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSearch&AWSAccessKeyId=15HRV3AZSMPK0GXTY102&AssociateTag=ie8suggestion-20&ResponseGroup=ItemAttributes,OfferListings,Reviews,Images&MerchantId=FeaturedBuyBoxMerchant&SearchIndex=All&Keywords={searchTerms}&Style=http%3A%2F%2Fg-ecx.images-amazon.com%2Fimages%2FG%2F01%2FAssociates%2FApps%2FIE8Search%2FOpenSearchDescription.xml - Amazon
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [URL] = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 - Amazon
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_60\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_60\bin\ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
O2-32 - HKLM\..\BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Open With JPEGCompress: (default) = C:\Program Files (x86)\JPEGCompress\owjc.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O16-32 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.60.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.5.0_16 [CODEBASE] = http://java.sun.com/update/1.5.0/jinstall-1_5_0_16-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.7.0_55 [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_55-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0017-0000-0067-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.7.0_67 [CODEBASE] = http://java.sun.com/update/1.7.0/jinstall-1_7_0_67-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_31 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0060-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_60 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O16-32 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.60.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_60-windows-i586.cab
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\HPDCS: [CLSID] = {BA135F49-A12C-4E26-A2C4-6EA945999072} - C:\Program Files (x86)\Common Files\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppfile: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppsam: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\hppzip: [CLSID] = {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Program Files (x86)\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll
O18 - HKLM\Software\Classes\Protocols\Handler\ipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\0x00000001: [CLSID] = {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O18 - HKLM\Software\Classes\Protocols\Handler\msdaipp\oledb: [CLSID] = {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\system\ole db\MSDAIPP.DLL
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Alcatel FOLK Modem Device Helper - C:\Program Files (x86)\INet\BackgroundService\ServiceManager.exe Files (x86)\INet\BackgroundService\ServiceManager.exe -start
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: IconMan_R - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
O23 - Service R2: Intel(R) Management & Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Nero BackItUp Scheduler 4.0 - c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service R2: Samsung Cloud Print Service - (SamsungCloudPrintSvc) - C:\Program Files\Samsung\Samsung Cloud Print PC Agent\SCP_Svc.exe
O23 - Service R2: Samsung Printer Dianostics Service - C:\WINDOWS\SysWOW64\\spdsvc.exe
O23 - Service R2: Samsung UPD Utility Service - (SamsungUPDUtilSvc) - C:\WINDOWS\SysWoW64\SecUPDUtilSvc.exe
O23 - Service R2: Sentinel LDK License Manager - (hasplms) - C:\Windows\system32\hasplms.exe -run
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TOSHIBA Power Saver - (TosCoSrv) - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service R2: Unchecky - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: Servizio di Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc
O23 - Service S3: GameConsoleService - C:\Program Files (x86)\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.103\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Notebook Performance Tuning Service (TEMPRO) - (TemproMonitoringService) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service S3: Office 64 Source Engine - (ose64) - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TMachInfo - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service S3: TOSHIBA HDD SSD Alert Service - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe


--
End of file - Time spent: 98,7 sec. - 30546 bytes, CRC32: FFFFFFFF. Sign: 䔂爎

Ti auguro un buon proseguimento di BUONE FESTE
grazie Ciao
cbbusto
Inviato: Sunday, April 21, 2019 11:24:28 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Sono appena rientrato e cerco di rispondere alla tua domanda, intanto non sono per niente un mago, cerco di documentarmi e cercare di scoprire quali sono i file pericolosi, ma c'e sempre da imparare. Il sito che controllava il log postato e ti forniva risultati non esiste più, col nuovo Hjt, che presenta molte più voci e da la possibilità di fare altre operazioni, devi controllare tutte le voci capire quali sono i file nocivi facendo diverse ricerche, un lavoro abbastanza lungo.
Ho visto che hai la release 1809 questa è stata bloccata dalla Microsoft perchè ha dato parecchi problemi, verrà ripresentato un nuovo aggiornamento a maggio, non so se ti è arrivato l'update o sei andato tu a ricercare quella release, io non l'ho fatta e sono ancora alla 1803.
Poi vedo che hai installato Avast che è un mattone, io ti consiglio di rimuoverlo e attivare Defender che in win 10 è fra i migliori e molto più leggero, il mio è solo un consiglio poi decidi tu.

Apri Hjt ed elimina anche le seguenti voci:

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7PRFA_it - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [SuggestionsURLFallback] = http://ie8.ebay.com/open-search/output-xml.php?q={searchTerms}&c=0 - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7BE6ED1F-517D-4BCF-84DE-A8F4DA4AA22F}: [URL] = http://rover.ebay.com/rover/1/724-44559-9400-8/4?satitle={searchTerms} - eBay
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C6F3A5AD-47B9-45BC-B7FB-8736803EB180}: [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [SuggestionsURLFallback] = http://xml-us.amznxslt.com/onca/xml?Service=AWSECommerceService&Version=2008-06-26&Operation=ItemSearch&AWSAccessKeyId=15HRV3AZSMPK0GXTY102&AssociateTag=ie8suggestion-20&ResponseGroup=ItemAttributes,OfferListings,Reviews,Images&MerchantId=FeaturedBuyBoxMerchant&SearchIndex=All&Keywords={searchTerms}&Style=http%3A%2F%2Fg-ecx.images-amazon.com%2Fimages%2FG%2F01%2FAssociates%2FApps%2FIE8Search%2FOpenSearchDescription.xml - Amazon
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D21DFD00-59F6-4177-81AB-01158CA03BD2}: [URL] = http://www.amazon.co.uk/gp/search?ie=UTF8&keywords={searchTerms}&tag=tochibauk-win7-ie-search-21&index=blended&linkCode=ur2 - Amazon
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURL] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [URL] = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 - Google

Fai una scansione con Malwarebytes, poi con Adwcleaner e anche con Junkware Removal Tool che ancora funziona, lo puoi scaricare da qui:
https://www.bleepingcomputer.com/download/junkware-removal-tool/
Se ancora il pc dovesse essere lento allora è un problema serio, potrebbe essere necessario reinizializzare il sistema, fai sapere.
Ciao e buona notte-
reartu46
Inviato: Monday, April 22, 2019 9:59:38 PM

Rank: AiutAmico

Iscritto dal : 12/19/2005
Posts: 318
Ti ringrazio per la tua solerzia e la solita perizia nel risolvere i problemi altrui
Si adesso il PC si e' velocizzato
Avast (anche se un po pesante) fa il suo dovere in maniera egregia.
Questo PC e' quello portatile e quando l'ho comprato aveva solo il seven ora mi ritrovo ws 10.
In quanto alla versione di WS 10 io non ho fatto nulla per aggiornare la release 1809
Ogni tanto il PC si aggiorna da solo ..... e non mi permetto di interromperlo
Per adesso ho risolto cancellando tutti quegli hosts e le magagne che ho fixato.
Ti ringrazio nuovamente e magari qualche volta ti chiedero' dei consigli per il mio
"vetusto" windows XP (PC fisso) a cui sono affezionato anche perche' ho alcuni vecchi programmi
che ancora uso e questi girano solamente in XP e non nel WS seven o ten
grazie
Buonanotte

P.S. volevo scansionare con la nuova versione di HJ anche il mio PC con WS XP
ma XP non essendo piu' aggiornato non mi connette con il sito.
cbbusto
Inviato: Tuesday, April 23, 2019 12:08:03 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hjt lo hai nel portatile, hai l'eseguibile lo copi su una chiavetta e poi fai la scansione su XP, se non dovesse funzionare, allora usa la vecchia versione che per xp va molto bene, ti ricordo che c'è anche la versione portable la scarichi sempre dal portatile e poi lanci l'eseguibile da xp. Ciao
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.