Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

controllo hijackthis Opzioni
break
Inviato: Saturday, June 04, 2022 11:32:27 AM

Rank: AiutAmico

Iscritto dal : 11/21/2009
Posts: 416
buon giorno al forum, ho necessità che un volenteroso mi analizzi l'estratto di hijackthis in quanto il pc
è diventato lentissimo all'avvio e allo spegnimento(ho già eseguito scansioni con adwcleaner e malwareby
senza rilievo di anomalie). Grazie anticipatamente per eventuali suggerimenti
break

Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:28:40, on 04/06/2022
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Unable to get Internet Explorer version!


Boot mode: Normal

Running processes:
C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeyboardLeds.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Softland\FBackup 9\bTray.exe
C:\Users\Michele\Documents\SICUREZZA\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.30\BHO\ie_to_edge_bho.dll
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [Volume2] "C:\Program Files (x86)\Volume2\Volume2.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [EPSDNMON] "C:\Program Files (x86)\Epson Software\Download Navigator\EPSDNMON.EXE"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRFE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-243 245 247 Series" /EF "HKCU"
O4 - HKCU\..\Run: [KeyboardLeds.exe] "C:\Users\Michele\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KeyboardLeds.exe"
O4 - HKCU\..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIRFE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-243 245 247 Series"
O4 - HKCU\..\Run: [MicrosoftEdgeAutoLaunch_EAC917FD4AC17650BD07D7FB19558C87] "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start /prefetch:5
O4 - HKCU\..\Run: [FBackup 9 Tray Agent] "C:\Program Files (x86)\Softland\FBackup 9\bTray.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Delete Cached Standalone Update Binary] C:\WINDOWS\system32\cmd.exe /q /c del /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe"
O4 - HKCU\..\RunOnce: [Uninstall 21.205.1003.0003] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\21.205.1003.0003"
O4 - HKCU\..\RunOnce: [Uninstall 21.205.1003.0005] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\21.205.1003.0005"
O4 - HKCU\..\RunOnce: [Uninstall 21.220.1024.0005] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\21.220.1024.0005"
O4 - HKCU\..\RunOnce: [Uninstall 21.230.1107.0004] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\21.230.1107.0004"
O4 - HKCU\..\RunOnce: [Uninstall 21.245.1128.0002] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\21.245.1128.0002"
O4 - HKCU\..\RunOnce: [Uninstall 22.002.0103.0004] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.002.0103.0004"
O4 - HKCU\..\RunOnce: [Uninstall 22.012.0117.0003] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.012.0117.0003"
O4 - HKCU\..\RunOnce: [Uninstall 22.022.0130.0001] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.022.0130.0001"
O4 - HKCU\..\RunOnce: [Uninstall 22.033.0213.0002] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.033.0213.0002"
O4 - HKCU\..\RunOnce: [Uninstall 22.045.0227.0004] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.045.0227.0004"
O4 - HKCU\..\RunOnce: [Uninstall 22.055.0313.0001] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.055.0313.0001"
O4 - HKCU\..\RunOnce: [Uninstall 22.077.0410.0007] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.077.0410.0007"
O4 - HKCU\..\RunOnce: [Uninstall 22.089.0426.0003] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Michele\AppData\Local\Microsoft\OneDrive\22.089.0426.0003"
O4 - Startup: KeyboardLeds.exe
O4 - Startup: TB-Tray.lnk = C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
O4 - Startup: thunderbird.exe.lnk = C:\ProgramData\Chameleon Manager\Roaming\Michele\thunderbird.exe
O4 - Startup: YoWindow.lnk = C:\Program Files (x86)\YoWindow\yowindow.exe
O4 - Global Startup: TB-Tray.lnk = C:\Program Files (x86)\Thunderbird-Tray\TBTray.exe
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Advanced SystemCare Service 15 (AdvancedSystemCareService15) - Unknown owner - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AOMEI Backupper Scheduler Service (Backupper Service) - AOMEI International Network Limited - C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.4.0\ABService.exe
O23 - Service: Servizio Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CCleaner Performance Optimizer Service (CCleanerPerformanceOptimizerService) - Unknown owner - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\CredentialEnrollmentManager.exe,-100 (CredentialEnrollmentManagerUserSvc) - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: CredentialEnrollmentManagerUserSvc_61218 - Unknown owner - C:\WINDOWS\system32\CredentialEnrollmentManager.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\WINDOWS\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: FBackup 9 Service (FBackup9Srv) - Softland - C:\Program Files (x86)\Softland\FBackup 9\bService.exe
O23 - Service: Foxit PDF Reader Update Service (FoxitReaderUpdateService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: MyEpson Portal Service - Seiko Epson Corporation - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\WINDOWS\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\WINDOWS\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\WINDOWS\system32\SgrmBroker.exe (file missing)
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\WINDOWS\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: Unchecky (unchecky) - Reason Software Company Inc. - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: VirtualBox system service (VBoxSDS) - Oracle Corporation - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12457 bytes
Sponsor
Inviato: Saturday, June 04, 2022 11:32:27 AM

 
cbbusto
Inviato: Saturday, June 04, 2022 3:24:14 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Hai usato una vecchia versione di HJT, scarica l'ultima versione la trovi su Aiutamici sezione software qui: http://software.aiutamici.com/software?ID=11175
Dipo averlo scaricato fai una scansione e posta il log. Ciao
wolfestein
Inviato: Saturday, June 04, 2022 3:30:29 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,888
cbbusto mi hai preceeduto stavo per dargli lo stesso consiglio.
giza
Inviato: Saturday, June 04, 2022 3:33:10 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,515
nel frattempo elimina tutti gli 04
sabbb
Inviato: Saturday, June 04, 2022 8:24:28 PM
Rank: AiutAmico

Iscritto dal : 9/12/2009
Posts: 6,631
giza ha scritto:
nel frattempo elimina tutti gli 04


giza
Inviato: Sunday, June 05, 2022 10:01:24 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,515
nn l'ho capita
sabbb
Inviato: Sunday, June 05, 2022 11:06:03 AM
Rank: AiutAmico

Iscritto dal : 9/12/2009
Posts: 6,631
Volevo semplicemente dire lascia fare a chi lo sa fare (o comunque lo sa fare meglio di te ) ma con tutto l'affetto Speak to the hand

(Se dai indicazioni errate o grossolane e a quello il PC non gli funziona più,potrebbe essere un problema)

C'è Claudio che se la cava bene,lascia fare a lui. (poi fa tu)
giza
Inviato: Sunday, June 05, 2022 11:40:51 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,515
certamente, ma fixare gli 04 (gli altri sono da esperto) non credo incasinino il pc. almeno vede se è più veloce in apertura.

COMUNQUE, IL MONZA è IN SERIE A !!!!Dancing Dancing Dancing Whistle Whistle
break
Inviato: Sunday, June 05, 2022 3:48:52 PM

Rank: AiutAmico

Iscritto dal : 11/21/2009
Posts: 416
buon pomeriggio, ringrazio per l'intervento che ho eseguito e vedremo se ci saranno miglioramenti
riallego la lista hiac con la versione aggiornata e i 04 fissati come suggeritomi
break
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.26

Platform: x64 Windows 10 (Home), 10.0.19043.1706 (ReleaseId: 2009), Service Pack: 0
Time: 05.06.2022 - 15:38 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Michele (group: Administrator) on DESKTOP-OLER5QI, FirstRun: yes

Firefox: 101.0.0.8181
Internet Explorer: 11.789.19041.0
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
1 C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
1 C:\Program Files (x86)\IObit\IObit Uninstaller\Pub\PubPlatform.exe
1 C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
1 C:\Program Files (x86)\Softland\FBackup 9\bService.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe
1 C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\WindowsApps\Microsoft.549981C3F5F10_4.2203.4603.0_x64__8wekyb3d8bbwe\Cortana.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.22042.168.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.2203.5-0\NisSrv.exe
1 C:\Users\Michele\Downloads\HijackThis(3)\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\Speech_OneCore\common\SpeechRuntime.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\igfxCUIService.exe
1 C:\Windows\System32\igfxEM.exe
1 C:\Windows\System32\igfxHK.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
78 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Search_cw5n1h2txyewy\SearchApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TextInputHost.exe
1 C:\Windows\explorer.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: Reset contents to default
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 rp.yefeneri2.com
O1 - Hosts: 0.0.0.0 os.yefeneri2.com
O1 - Hosts: 0.0.0.0 os2.yefeneri2.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com
O1 - Hosts: 0.0.0.0 cdn.appround.biz
O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com
O1 - Hosts: 0.0.0.0 cdn.bispd.com
O1 - Hosts: 0.0.0.0 cdn.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.cdndp.com
O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com
O1 - Hosts: 0.0.0.0 cdn.dpdownload.com
O1 - Hosts: 0.0.0.0 cdn.visualbee.net
O2 - HKLM\..\BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.33\BHO\ie_to_edge_bho_64.dll
O2-32 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.33\BHO\ie_to_edge_bho.dll
O3 - HKLM\..\Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O4-32 - HKLM\..\Run: [APSDaemon] = C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O9 - Button: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (file missing)
O9 - Tools menu item: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files (x86)\Bonjour\mdnsNSP.dll
O15 - Trusted Zone: *.localhost
O17 - DHCP DNS 1: 192.168.1.1
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avg: (no name) - {472083B0-C522-11CF-8763-00608CC02F24} - (no file)
O22 - Task (.job): (Not scheduled) EPSON XP-243 245 247 Series Update {986FCFCA-846A-4F32-BB67-EAFBC368EA23}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRFE.EXE /EXE:"{986FCFCA-846A-4F32-BB67-EAFBC368EA23}" /F:"Update"
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_AC - C:\WINDOWS\system32\MusNotification.exe /RunOnAC RebootDialog (Microsoft)
O22 - Task: (disabled) (update) \Microsoft\Windows\UpdateOrchestrator\Reboot_Battery - C:\WINDOWS\system32\MusNotification.exe /RunOnBattery RebootDialog (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\Retry - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ProvRetryTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Management\Provisioning\RunOnReboot - C:\WINDOWS\system32\ProvTool.exe /turn 5 /source ContinueSessionTask (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Maintenance Work - C:\WINDOWS\system32\usoclient.exe StartMaintenanceWork (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\UpdateOrchestrator\Schedule Wake To Work - C:\WINDOWS\system32\usoclient.exe StartWork (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Application Experience\PcaPatchDbTask - C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\PcaSvc.dll,PcaPatchSdbTask (Microsoft)
O22 - Task: (update) \Microsoft\Windows\UpdateOrchestrator\USO_UxBroker - C:\WINDOWS\system32\MusNotification.exe (Microsoft)
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - Michele - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EPSON XP-243 245 247 Series Update {986FCFCA-846A-4F32-BB67-EAFBC368EA23} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSRFE.EXE /EXE:"{986FCFCA-846A-4F32-BB67-EAFBC368EA23}" /F:"Update"
O22 - Task: OneDrive Reporting Task-S-1-5-21-3512549261-257355560-2067534038-1001 - C:\Users\Michele\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe /reporting
O22 - Task: Uninstaller_SkipUac_Michele - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: \Agent Activation Runtime\S-1-5-21-3512549261-257355560-2067534038-1001 - C:\WINDOWS\System32\AgentActivationRuntimeStarter.exe
O22 - Task: \Apple\AppleSoftwareUpdate - C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe -task
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\AppListBackup\Backup - {E0DCC2CC-3354-45F2-8914-519E07809082} - C:\WINDOWS\system32\AppListBackupLauncher.dll (Microsoft)
O22 - Task: \Mozilla\Firefox Background Update 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\firefox.exe --MOZ_LOG sync,prependheader,timestamp,append,maxsize:1,Dump:5 --MOZ_LOG_FILE C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\updates\308046B0AF4A39CB\backgroundupdate.moz_log --backgroundtask backgroundupdate
O22 - Task: \Mozilla\Firefox Default Browser Agent 308046B0AF4A39CB - C:\Program Files\Mozilla Firefox\default-browser-agent.exe do-task "308046B0AF4A39CB"
O22 - Task: \WiseCleaner\WRCSkipUAC - C:\Program Files (x86)\Wise\Wise Registry Cleaner\WiseRegCleaner.exe $UAC
O22 - Task: infatica_p2b - C:\Program Files (x86)\Infatica P2B\infatica-service-app.exe
O22 - Task: klcp_update - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /verysilent /update /freq=30
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: Digital Wave Update Service - (DigitalWave.Update.Service) - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: FBackup 9 Service - (FBackup9Srv) - C:\Program Files (x86)\Softland\FBackup 9\bService.exe -name:"FBackup9Srv" -disp:"FBackup 9 Service"
O23 - Service R2: Foxit PDF Reader Update Service - (FoxitReaderUpdateService) - C:\Program Files (x86)\Foxit Software\Foxit PDF Reader\FoxitPDFReaderUpdateService.exe
O23 - Service R2: Intel(R) HD Graphics Control Panel Service - (igfxCUIService2.0.0.0) - C:\WINDOWS\system32\igfxCUIService.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service R2: Unchecky - (unchecky) - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe
O23 - Service S2: AOMEI Backupper Scheduler Service - (Backupper Service) - C:\Program Files (x86)\AOMEI\AOMEI Backupper 6.4.0\ABService.exe
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S3: CCleaner Performance Optimizer Service - (CCleanerPerformanceOptimizerService) - C:\Program Files\CCleaner\CCleanerPerformanceOptimizerService.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service S3: VirtualBox system service - (VBoxSDS) - C:\Program Files\Oracle\VirtualBox\VBoxSDS.exe


--
End of file - Time spent: 35,2 sec. - 30656 bytes, CRC32: FFFFFFFF. Sign: 쪯
cbbusto
Inviato: Sunday, June 05, 2022 5:55:53 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Fammi controllare bene poi ti rispondo ci sono almeno 40 o 50 file da eliminare. O entro sera o domani mattina ti rispondo, abbi pazienza.
cbbusto
Inviato: Sunday, June 05, 2022 6:36:30 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Chiudi tutti i programmi e disconnesso da internet, apri il log di HJT e fixa le righe sotto elencate:

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxyOverride] = *.local
O1 - Hosts: Reset contents to default
O1 - Hosts:
O1 - Hosts:
O1 - Hosts: 0.0.0.0 0.0.0.0 # fix for traceroute and netstat display anomaly
O1 - Hosts: 0.0.0.0 tracking.opencandy.com.s3.amazonaws.com
O1 - Hosts: 0.0.0.0 media.opencandy.com
O1 - Hosts: 0.0.0.0 cdn.opencandy.com
O1 - Hosts: 0.0.0.0 tracking.opencandy.com
O1 - Hosts: 0.0.0.0 api.opencandy.com
O1 - Hosts: 0.0.0.0 api.recommendedsw.com
O1 - Hosts: 0.0.0.0 rp.yefeneri2.com
O1 - Hosts: 0.0.0.0 os.yefeneri2.com
O1 - Hosts: 0.0.0.0 os2.yefeneri2.com
O1 - Hosts: 0.0.0.0 installer.betterinstaller.com
O1 - Hosts: 0.0.0.0 installer.filebulldog.com
O1 - Hosts: 0.0.0.0 d3oxtn1x3b8d7i.cloudfront.net
O1 - Hosts: 0.0.0.0 inno.bisrv.com
O1 - Hosts: 0.0.0.0 nsis.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.file2desktop.com
O1 - Hosts: 0.0.0.0 cdn.goateastcach.us
O1 - Hosts: 0.0.0.0 cdn.guttastatdk.us
O1 - Hosts: 0.0.0.0 cdn.inskinmedia.com
O1 - Hosts: 0.0.0.0 cdn.insta.oibundles2.com
O1 - Hosts: 0.0.0.0 cdn.insta.playbryte.com
O1 - Hosts: 0.0.0.0 cdn.llogetfastcach.us
O1 - Hosts: 0.0.0.0 cdn.montiera.com
O1 - Hosts: 0.0.0.0 cdn.msdwnld.com
O1 - Hosts: 0.0.0.0 cdn.mypcbackup.com
O1 - Hosts: 0.0.0.0 cdn.ppdownload.com
O1 - Hosts: 0.0.0.0 cdn.riceateastcach.us
O1 - Hosts: 0.0.0.0 cdn.shyapotato.us
O1 - Hosts: 0.0.0.0 cdn.solimba.com
O1 - Hosts: 0.0.0.0 cdn.tuto4pc.com
O1 - Hosts: 0.0.0.0 cdn.appround.biz
O1 - Hosts: 0.0.0.0 cdn.bigspeedpro.com
O1 - Hosts: 0.0.0.0 cdn.bispd.com
O1 - Hosts: 0.0.0.0 cdn.bisrv.com
O1 - Hosts: 0.0.0.0 cdn.cdndp.com
O1 - Hosts: 0.0.0.0 cdn.download.sweetpacks.com
O1 - Hosts: 0.0.0.0 cdn.dpdownload.com
O1 - Hosts: 0.0.0.0 cdn.visualbee.net
O2 - HKLM\..\BHO: IEToEdge BHO - {1FD49718-1D00-4B19-AF5F-070AF6D5D54C} - C:\Program Files (x86)\Microsoft\Edge\Application\102.0.1245.33\BHO\ie_to_edge_bho_64.dll
O3 - HKLM\..\Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O9 - Button: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (file missing)
O9 - Tools menu item: HKLM\..\{A95fe080-8f5d-11d2-a20b-00aa003c157a}: @C:\Program Files (x86)\Evernote\Evernote\OLIEResource.dll,-101 - C:\Program Files (x86)\Evernote\Evernote\EvernoteIERes\AddNote.html (file missing)
O22 - Task: Avast Emergency Update - C:\Program Files\Avast Software\Avast\AvEmUpdate.exe (file missing)

Le prime voci comprendono adware e trojan.
Alla fine fai una pulizia con ccleaner compreso il registro.
Il pc è sicuramente migliorato, fai attenzione quando navighi in Internet e cosa scarichi.
Fai sapere se tutto a posto. Ciao
break
Inviato: Tuesday, June 07, 2022 11:22:48 AM

Rank: AiutAmico

Iscritto dal : 11/21/2009
Posts: 416
purtroppo si è incasinato tutto e ho proceduto con la reinstallazione di windows e lentamente sono in fase di ricostruzione del tutto, molte operazioni effettuate all'inizio me le sono dimenticate e impiego tempo (tutto ciò anche se laborioso per me mi rinfresca la memoria di utilizzazione del PC )
saluti a tutti
break
cbbusto
Inviato: Thursday, June 09, 2022 11:10:07 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Comunque fixare ed eliminare le voci è abbastanza facile. Se reinstalli dovrebbe essere a posto, come già detto stai attento cosa scarichi e non aprire siti che non conosci.
Avendo reinstallato il Sistema dovrai fare tutti gli aggiornamenti, se non te la senti sarebbe bene contattare un tecnico per non fare altri pasticci.
Buon lavoro. Speak to the hand
break
Inviato: Friday, June 10, 2022 3:07:58 PM

Rank: AiutAmico

Iscritto dal : 11/21/2009
Posts: 416
buon giorno al forum, dopo i problemini dovuti alla reinstallazione di w10 tutto mi rifunziona ad eccezione
di thunderbird che non riesco a trasportare da un altro pc
ho letto e riletto quanto indicato su internet ma non riesco a trasferire il profile sul pc rigenerato
le operazioni che ho eseguito sono:
PC funzionante da C - clic su utente- nome- app.data- thunderbird- rooming- cartella profile- copia su
chiavetta usb
PC rigenerato da C come sopra e in rooming ho incollato la cartella copiata

purtroppo non vedo risultati, cosa sbaglio?
grazie per eventuali suggerimenti
break
Utenti presenti in questo topic
Guest


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.