|
|
Rank: AiutAmico
Iscritto dal : 3/6/2006
Posts: 109
|
Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4
Platform: x64 Windows 10 (Pro), 10.0.17134.285 (ReleaseId: 1803), Service Pack: 0
Time: 25.09.2018 - 04:23 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: XXXYYY (group: Administrator) on DESKTOP-B770T4V, FirstRun: yes
Chrome: 69.0.3497.100
Firefox: 60.0.2.6730
Edge: 11.0.17134.285
Internet Explorer: 11.0.17134.1
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler.exe
1 C:\Program Files (x86)\AVAST Software\Browser\Update\1.4.154.333\AvastBrowserCrashHandler64.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.10314.31700.1000_x64__8wekyb3d8bbwe\Office16\OfficeHubTaskHost.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_12.1815.210.0_x64__kzf8qxf38zg5c\SkypeHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11808.1001.9.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Users\windows\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Users\windows\Desktop\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\windows\Desktop\HijackThisPortable\App\HijackThis\MemCompression
1 C:\Users\windows\Desktop\HijackThisPortable\App\HijackThis\Registry
1 C:\Users\windows\Desktop\HijackThisPortable\HijackThisPortable.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\ViakaraokeSrv.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
20 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [OneDrive] = C:\Users\windows\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKLM\..\StartupApproved\Run: [AvastUI.exe] (1601/01/01) = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O17 - DHCP DNS 1: 192.168.1.1
O21 - HKLM\..\ShellIconOverlayIdentifiers: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShA64.dll
O21-32 - HKLM\..\ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task: (disabled) \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Avast Emergency Update - C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe
O22 - Task: AvastUpdateTaskMachineCore - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /c
O22 - Task: AvastUpdateTaskMachineUA - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /ua /installsource scheduler
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: \Avast Software\Overseer - C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe /from_scheduler:1
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateAssistant - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:Th2Eos:{} (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\UpdateAssistantCalendarRun - C:\WINDOWS\UpdateAssistant\UpdateAssistant.exe /ClientID Win10Upgrade:VNL:Th2Eos:{} /CalendarRun (Microsoft)
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\Program Files\Windows Defender\MpCmdRun.exe Scan -ScheduleJob
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
O23 - Service R2: "VIA Karaoke digital mixer Service" ; {PlaceHolder="UAA","High Definition Audio"} - (VIAKaraokeService) - C:\WINDOWS\system32\viakaraokesrv.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
O23 - Service S2: Service_21 - C:\Windows\System32\Service_21.exe
O23 - Service S2: Servizio %1!s! Update (avast) - (avast) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /svc
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio %1!s! Update (avastm) - (avastm) - C:\Program Files (x86)\AVAST Software\Browser\Update\AvastBrowserUpdate.exe /medsvc
O23 - Service S3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Servizio Windows Defender Advanced Threat Protection - (Sense) - C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe
O23 - Service S3: Servizio Windows Defender Antivirus - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
--
End of file - Time spent: 31 sec. - 26660 bytes, CRC32: FFFFFFFF. Sign: ፤⏓
|
|
|
|
|
|
Rank: AiutAmico
Iscritto dal : 10/31/2004
Posts: 7,183
|
presunto ? ……. office ….pulito ? hai cercato di disinstallare avast ?
|
|
Rank: AiutAmico
Iscritto dal : 3/6/2006
Posts: 109
|
"Presunto", si faceva per dire.
Office pulito? Non credo.
Non ho provato a disinstallare Avast.
Facendo la scansione, non ha trovato virus. Malwarebites, invece, ha trovato 144 elementi, che ho messo in quarantena.
|
|
Rank: AiutAmico
Iscritto dal : 10/27/2006
Posts: 9,617
|
|
|
Rank: AiutAmico
Iscritto dal : 11/8/2008
Posts: 13,964
|
2 antivirus non vanno bene, elimina avast che è un mattone e lascia defender che in win 10 è molto meglio, per avast dovrebbe esserci il suo uninstaller altrimenti usa IoBit uninstaller che pulisce anche le voci del registro, se il presunto virus è stato segnalato da Avast è molto probabile che si tratti di un falso positivo, fai le scansioni indicate.
Il log non presenta infezioni. Ciao
|
|
Rank: AiutAmico
Iscritto dal : 3/6/2006
Posts: 109
|
Il problema persiste: Word si inceppa non quando apro documento ma quando salvo e ora Internet in generale è lento, con un rumore che proviene dal case come se faticasse ad eseguire le operazioni.
Ad ogni modo, visto che non era specificato, Jr tool devo usarlo con l'antivirus disattivato? Perché ricordavo questa cosa, ma non essendone certo l'ho avviato con antivirus attivo.
Grazie.
|
|
Rank: AiutAmico
Iscritto dal : 10/27/2006
Posts: 9,617
|
surriscaldamento dovuto a polvere? le ventole sono pulite?
|
|
Rank: AiutAmico
Iscritto dal : 3/6/2006
Posts: 109
|
Proverò a controllare, ma per il resto, seguendo il vadenmecum sopra per rimuovere le infezioni, l'antivirus deve essere disattivato? Solo per Junk removal tool?
Grazie.
|
|
Rank: AiutAmico
Iscritto dal : 11/8/2008
Posts: 13,964
|
mauriziocv ha scritto:Proverò a controllare, ma per il resto, seguendo il vadenmecum sopra per rimuovere le infezioni, l'antivirus deve essere disattivato? Solo per Junk removal tool?
Grazie. Se parli di Jrt si l'antivirus deve essere disattivato per evitare potenziali conflitti, ovviamente finita la scansione lo riattivi. Hai eliminato Avast e attivato Defender? Per quanto riguarda Office 16, lo hai acquistato o è in prova, in ogni caso salva i dati e poi lo reinstalli.
|
|
|
Guest |
