Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Info trojan

Info trojan Opzioni
Topic Precedente · Topic Sucessivo
tempesta10
Inviato: Thursday, October 18, 2018 11:54:29 AM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Per cbbusto, ieri pomeriggio ho fatto un controllo posto i log in progressione a come fatti:
# -------------------------------
# Malwarebytes AdwCleaner 7.2.4.0
# -------------------------------
# Build: 09-25-2018
# Database: 2018-10-12.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 10-17-2018
# Duration: 00:00:10
# OS: Windows 10 Home
# Cleaned: 31
# Failed: 0


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\ProgramData\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\IObit\Advanced SystemCare
Deleted C:\Program Files (x86)\Common Files\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Alberto\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Corrado\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Stella\AppData\LocalLow\IObit\Advanced SystemCare
Deleted C:\Users\Alberto\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Corrado\AppData\Roaming\IObit\Advanced SystemCare
Deleted C:\Users\Stella\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

Deleted C:\Windows\System32\Tasks\Driver Booster Scheduler

***** [ Registry ] *****

Deleted HKLM\Software\Wow6432Node\Trymedia Systems
Deleted HKU\S-1-5-21-1294507179-1061758829-1366383323-1008\Software\Microsoft\Windows\CurrentVersion\Run|Advanced SystemCare 11
Deleted HKLM\Software\Wow6432Node\IObit\RealTimeProtector
Deleted HKLM\Software\Wow6432Node\IObit\Advanced SystemCare
Deleted HKLM\Software\Wow6432Node\IOBIT\ASC
Deleted HKLM\SOFTWARE\Classes\CLSID\{645FF040-5081-101B-9F08-00AA002F954E}\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\LNKFILE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\SOFTWARE\CLASSES\DIRECTORY\SHELLEX\CONTEXTMENUHANDLERS\Advanced SystemCare
Deleted HKLM\Software\Classes\CLSID\{2803063F-4B8D-4dc6-8874-D1802487FE2D}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F2FB3566-02C9-47B0-B68C-A1C543109F15}
Deleted HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster Scheduler
Deleted HKU\S-1-5-21-1294507179-1061758829-1366383323-1008\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Deleted HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3E656C5F-0A5F-42B7-9F20-C30A57594768}
Deleted HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{3E656C5F-0A5F-42B7-9F20-C30A57594768}
Deleted HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{3E656C5F-0A5F-42B7-9F20-C30A57594768}
Deleted HKU\S-1-5-21-1294507179-1061758829-1366383323-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com
Deleted HKLM\SYSTEM\Setup\FirstBoot\Services\WCAssistantService

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [4542 octets] - [17/10/2018 14:10:18]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C00].txt ##########


Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 17/10/18
Ora scansione: 14:28
File di log: 30ffdd8c-d208-11e8-81bc-4061860deae4.json

-Informazioni software-
Versione: 3.6.1.2711
Versione componenti: 1.0.463
Aggiorna versione pacchetto: 1.0.7399
Licenza: Trial

-Informazioni sistema-
SO: Windows 10 (Build 17134.345)
CPU: x64
File system: NTFS
Utente: Alberto-PC\Alberto

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 359653
Minacce rilevate: 1
Minacce messe in quarantena: 1
Tempo impiegato: 7 min, 16 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 1
PUP.Optional.GameHack, C:\PROGRAM FILES (X86)\CHEAT ENGINE 6.8.1\STANDALONEPHASE1.DAT, In quarantena, [8053], [393793],1.0.7399

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)



Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Home), 10.0.17134.345 (ReleaseId: 1803), Service Pack: 0
Time: 17.10.2018 - 15:03 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Alberto (group: Administrator) on ALBERTO-PC, FirstRun: yes

Edge: 11.0.17134.345
Internet Explorer: 11.0.17134.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\CCCCCC\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\CCCCCC\HijackThisPortable\App\HijackThis\MemCompression
1 C:\CCCCCC\HijackThisPortable\App\HijackThis\Registry
1 C:\CCCCCC\HijackThisPortable\HijackThisPortable.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1 C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
1 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
1 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files (x86)\eMule\emule.exe
1 C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
1 C:\Program Files\Bitdefender Agent\ProductAgentService.exe
1 C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
1 C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
1 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\OneDrive.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
74 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
6 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [SuggestionsURL] = https://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&pc=UE15 - Bing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [URL] = https://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE15 - Bing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1C935332-934B-41FE-9766-368A462068C5} [URL] = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 - Kelkoo
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E880DD9-D407-451B-9EF6-BF1D7C234F51} [SuggestionsURL,SuggestionsURLFallback] = http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command={searchTerms} - Yahoo!
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E880DD9-D407-451B-9EF6-BF1D7C234F51} [URL] = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 - Yahoo!
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{1C935332-934B-41FE-9766-368A462068C5} [URL] = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 - Kelkoo
R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2E880DD9-D407-451B-9EF6-BF1D7C234F51} [URL] = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 - Yahoo!
O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 pubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 securepubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 www.googletagservices.com
O1 - Hosts: 0.0.0.0 gads.pubmatic.com
O1 - Hosts: 0.0.0.0 ads.pubmatic.com
O1 - Hosts: 0.0.0.0 tpc.googlesyndication.com
O1 - Hosts: 0.0.0.0 pagead2.googlesyndication.com
O1 - Hosts: 0.0.0.0 googleads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 adclick.g.doublecklick.net
O1 - Hosts: 0.0.0.0 googleads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 http://www.googleadservices.com
O1 - Hosts: 0.0.0.0 pubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 securepubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 pagead2.googlesyndication.com
O1 - Hosts: 0.0.0.0 spclient.wg.spotify.com
O1 - Hosts: 0.0.0.0 audio2.spotify.com
O2 - HKLM\..\BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll
O2-32 - HKLM\..\BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2-32 - HKLM\..\BHO: Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll
O4 - HKCU\..\Run: [OneDrive] = C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\Run: [eMuleAutoStart] = C:\Program Files (x86)\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [Uninstall 18.151.0729.0006\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 18.151.0729.0006] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\18.151.0729.0006"
O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring] (2018/06/29) = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [EPLTarget\P0000000000000000] (2018/06/29) = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
O4 - HKLM\..\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
O4 - HKLM\..\StartupApproved\Run32: [HP Software Update] (1601/01/01) = c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\StartupApproved\Run32: [Magic Desktop for HP notification] (2018/06/29) = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4 - HKLM\..\StartupApproved\Run32: [UpdatePRCShortCut] (1601/01/01) = C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\StartupApproved\Run32: [hpsysdrv] (1601/01/01) = c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\StartupApproved\Run: [IAAnotif] (1601/01/01) = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (2018/06/29) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - Startup other users: C:\Users\Corrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr
O4 - Startup other users: C:\Users\Stella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt: E&sporta in Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt: I&nvia a OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21-32 - HKLM\..\ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (disabled)
O22 - Task (Job): (Not scheduled) EPSON XP-610 Series Invitation {15C74D37-15E3-45B5-9D3E-451E1D9E27B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Invitation"
O22 - Task (Job): (Not scheduled) EPSON XP-610 Series Invitation {6EA4C99A-0D15-4A8E-952A-27F30194D5D4}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Invitation"
O22 - Task (Job): (Not scheduled) EPSON XP-610 Series Update {6EA4C99A-0D15-4A8E-952A-27F30194D5D4}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Update"
O22 - Task (Job): (Not scheduled) TrackerAutoUpdate.job - C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
O22 - Task (Job): (Ready) EPSON XP-610 Series Update {15C74D37-15E3-45B5-9D3E-451E1D9E27B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Update"
O22 - Task (Job): (disabled) (Not scheduled) Uninstaller_SkipUac_Stella.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task (Job): EPSON XP-610 Series Invitation {2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}" /F:"Invitation"
O22 - Task (Job): EPSON XP-610 Series Update {2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}" /F:"Update"
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\WINDOWS\system32\WSqmCons.exe -u (Microsoft)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: AdobeGCInvoker-1.0-Alberto-PC-Stella - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
O22 - Task: AdobeGCInvoker-1.0-MicrosoftAccount-corradilpilota@outlook.it - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
O22 - Task: Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 - C:\Program Files\Bitdefender Agent\WatchDog.exe repair
O22 - Task: BlueStacksHelper - C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: CLMLSvc - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O22 - Task: DVDAgent - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O22 - Task: Driver Booster SkipUAC (Corrado) - C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe /skipuac
O22 - Task: EPSON XP-610 Series Invitation {15C74D37-15E3-45B5-9D3E-451E1D9E27B4} - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Invitation"
O22 - Task: EPSON XP-610 Series Invitation {6EA4C99A-0D15-4A8E-952A-27F30194D5D4} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Invitation"
O22 - Task: EPSON XP-610 Series Update {15C74D37-15E3-45B5-9D3E-451E1D9E27B4} - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Update"
O22 - Task: EPSON XP-610 Series Update {6EA4C99A-0D15-4A8E-952A-27F30194D5D4} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Update"
O22 - Task: Registration - C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe Registration ShowMessageTask2D
O22 - Task: TrackerAutoUpdate - C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
O22 - Task: Uninstaller_SkipUac_Corrado - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: Uninstaller_SkipUac_Stella - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: \Hewlett-Packard\HP Assistant\PC Health Analysis - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis
O22 - Task: \Hewlett-Packard\HP Assistant\PC Tuneup - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer
O22 - Task: \Hewlett-Packard\HP Support Assistant\Ghost Resign Task - c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
O22 - Task: \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
O22 - Task: \Microsoft\Office\Office Automatic Updates 2.0 - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False (Microsoft)
O22 - Task: \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService (Microsoft)
O22 - Task: \Microsoft\Office\Office Feature Updates - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft)
O22 - Task: \Microsoft\Office\OfficeBackgroundTaskHandlerLogon - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft)
O22 - Task: \Microsoft\Office\OfficeBackgroundTaskHandlerRegistration - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft)
O22 - Task: \Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\StartRecording - C:\WINDOWS\ehome\ehrec /StartRecording (file missing)
O22 - Task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)
O22 - Task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\Setup\EOSNotify - C:\WINDOWS\system32\EOSNotify.exe (file missing)
O22 - Task: \Microsoft\Windows\Setup\Notifier - C:\WINDOWS\system32\Notifier.exe (file missing)
O22 - Task: \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file)
O22 - Task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: {F26F3DA9-7AF3-41CF-9ACA-0EA096BA0B53} - C:\Windows\system32\pcalua.exe -a J:\epson376810eu.exe -d J:\
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Bitdefender Auxiliary Service - (BDAuxSrv) - C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe "settings\services\configs\bdauxsrv_config.json"
O23 - Service R2: Bitdefender Desktop Update Service - (UPDATESRV) - C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe /service
O23 - Service R2: Bitdefender Device Management Service - (DevMgmtService) - C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
O23 - Service R2: Bitdefender Protected Service - (vsservp) - C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
O23 - Service R2: Bitdefender RedLine Service - (bdredline) - C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
O23 - Service R2: Bitdefender Virus Shield - (VSSERV) - C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe /service
O23 - Service R2: EPSON V3 Service4(06) - (EPSON_PM_RPCV4_06) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: HP Health Check Service - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Intel(R) Matrix Storage Event Monitor - (IAANTMON) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service R2: LightScribeService Direct Disc Labeling Service - (LightScribeService) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
O23 - Service R2: ProductAgentService - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R2: Servizio A portata di clic di Microsoft Office - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: Servizio di semplificazione dell'aggiornamento di Windows 10 - (osrss) - C:\WINDOWS\system32\svchost.exe -k osrss; "ServiceDll" = C:\WINDOWS\system32\osrss.dll
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: InstallDriver Table Manager - (IDriverT) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service S3: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service S3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Servizio Windows Defender Antivirus - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: hpqwmiex - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe


--
End of file - Time spent: 59 sec. - 58974 bytes, CRC32: FFFFFFFF. Sign: 库
Torna in alto
 
Sponsor
Inviato: Thursday, October 18, 2018 11:54:29 AM

 
Torna in alto
 
cbbusto
Inviato: Thursday, October 18, 2018 12:49:06 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ti rispondo più tardi, comunque oltre a quello che è stato eliminato da altre scansioni, hai delle voci da eliminare, dirottatori e motori di ricerca da eliminare e altro.
Torna in alto
 
cbbusto
Inviato: Thursday, October 18, 2018 4:43:39 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Vedo che hai Bidefender, un buon antivirus, però se hai la versione free allora ti consiglierei di eliminarlo e usare Defender, l'antivirus già inserito nel Sistema Operativo, ottimo antivirus alla stregua degli altri AV free, Defender è molto leggero e non appesantisce il sistema, mentre bitdefender è piuttosto pesante, questo è il mio consiglio poi decidi tu cosa vuoi fare, ti poso dire che io uso Defender da anni e funziona benissimo.
Ora veniamo alla eliminazioni,
Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.

Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......basterebbe solo l'antivirus.
I malware si diffondono all’interno del sistema operativo Windows, spesso a velocità sorprendenti, proprio sfruttando i programmi presenti in esecuzione automatica.
Ricorda che Hijackthis deve essere avviato da una cartella a lui dedicata sul desktop. Solo così Hijackthis creerà copie di backup di quello che viene eliminato prima di apportare modifiche, così in caso di inconvenienti si possono reinstallare.

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} [SuggestionsURL] = https://api.bing.com/qsml.aspx?query={searchTerms}&market={language}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}&sectionHeight={ie:sectionHeight}&FORM=IESS02&pc=UE15 - Bing
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1C935332-934B-41FE-9766-368A462068C5} [URL] = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 - Kelkoo

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E880DD9-D407-451B-9EF6-BF1D7C234F51} [SuggestionsURL,SuggestionsURLFallback] = http://sugg-ie.it.search.yahoo.com/os?market=it&appid=ie8&command={searchTerms} - Yahoo!

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E880DD9-D407-451B-9EF6-BF1D7C234F51} [URL] = http://it.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 - Yahoo!

R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{1C935332-934B-41FE-9766-368A462068C5} [URL] = http://it.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913930 - Kelkoo

R4 - SearchScopes: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{2E880DD9-D407-451B-9EF6-BF1D7C234F51} [URL] = http://it.search.yahoo.com
/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008 - Yahoo!
Le voci sopra sono tutti motori di ricerca pericolosi, io userei solo Google, ma va bene anche Bing che ho lasciato.

Le voci 01 seguenti sono tutti reindirizzamenti, meglio eliminare:

O1 - Hosts: Reset contents to default
O1 - Hosts: 0.0.0.0 pubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 securepubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 www.googletagservices.com
O1 - Hosts: 0.0.0.0 gads.pubmatic.com
O1 - Hosts: 0.0.0.0 ads.pubmatic.com
O1 - Hosts: 0.0.0.0 tpc.googlesyndication.com
O1 - Hosts: 0.0.0.0 pagead2.googlesyndication.com
O1 - Hosts: 0.0.0.0 googleads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 adclick.g.doublecklick.net
O1 - Hosts: 0.0.0.0 googleads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 http://www.googleadservices.com
O1 - Hosts: 0.0.0.0 pubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 securepubads.g.doubleclick.net
O1 - Hosts: 0.0.0.0 pagead2.googlesyndication.com
O1 - Hosts: 0.0.0.0 spclient.wg.spotify.com
O1 - Hosts: 0.0.0.0 audio2.spotify.com

O4 - HKCU\..\Run: [OneDrive] = C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\Run: [eMuleAutoStart] = C:\Program Files (x86)\eMule\emule.exe -AutoStart
O4 - HKCU\..\RunOnce: [Uninstall 18.151.0729.0006\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\18.151.0729.0006\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 18.151.0729.0006] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alberto\AppData\Local\Microsoft\OneDrive\18.151.0729.0006"
O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring] (2018/06/29) = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [EPLTarget\P0000000000000000] (2018/06/29) = C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILQE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-610 Series"
O4 - HKLM\..\Run: [AdobeGCInvoker-1.0] = C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe
O4 - HKLM\..\StartupApproved\Run32: [HP Software Update] (1601/01/01) = c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\StartupApproved\Run32: [Magic Desktop for HP notification] (2018/06/29) = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
O4 - HKLM\..\StartupApproved\Run32: [UpdatePRCShortCut] (1601/01/01) = C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
O4 - HKLM\..\StartupApproved\Run32: [hpsysdrv] (1601/01/01) = c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\StartupApproved\Run: [IAAnotif] (1601/01/01) = C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (2018/06/29) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - Startup other users: C:\Users\Corrado\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Invia a OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE /tsr
O4 - Startup other users: C:\Users\Stella\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2007.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr
O4-32 - HKLM\..\Run: [EEventManager] = C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
O22 - Task (Job): (disabled) (Not scheduled) Uninstaller_SkipUac_Stella.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: (disabled) \Microsoft\Windows\Media Center\PeriodicScanRetry - C:\WINDOWS\ehome\MCUpdate.exe -pscn 0 (file missing)
O22 - Task: (disabled) \Microsoft\Windows\Media Center\RecordingRestart - C:\WINDOWS\ehome\ehrec /RestartRecording (file missing)
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player Updater - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: \Microsoft\Windows\Media Center\ActivateWindowsSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoActivateWindowsSearch (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ConfigureInternetTimeService - C:\WINDOWS\ehome\ehPrivJob.exe /DoConfigureInternetTimeService (file missing)
O22 - Task: \Microsoft\Windows\Media Center\DispatchRecoveryTasks - C:\WINDOWS\ehome\ehPrivJob.exe /DoRecoveryTasks $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\InstallPlayReady - C:\WINDOWS\ehome\ehPrivJob.exe /InstallPlayReady $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\MediaCenterRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -MediaCenterRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURActivate - C:\WINDOWS\ehome\ehPrivJob.exe /OCURActivate (file missing)
O22 - Task: \Microsoft\Windows\Media Center\OCURDiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /OCURDiscovery $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ObjectStoreRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -ObjectStoreRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscovery - C:\WINDOWS\ehome\ehPrivJob.exe /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW1 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:7 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PBDADiscoveryW2 - C:\WINDOWS\ehome\ehPrivJob.exe /wait:90 /PBDADiscovery (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -PvrRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\PvrScheduleTask - C:\WINDOWS\ehome\mcupdate.exe -PvrSchedule (file missing)
O22 - Task: \Microsoft\Windows\Media Center\RegisterSearch - C:\WINDOWS\ehome\ehPrivJob.exe /DoRegisterSearch $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ReindexSearchRoot - C:\WINDOWS\ehome\ehPrivJob.exe /DoReindexSearchRoot (file missing)
O22 - Task: \Microsoft\Windows\Media Center\SqlLiteRecoveryTask - C:\WINDOWS\ehome\mcupdate.exe -SqlLiteRecoveryTask (file missing)
O22 - Task: \Microsoft\Windows\Media Center\StartRecording - C:\WINDOWS\ehome\ehrec /StartRecording (file missing)
O22 - Task: \Microsoft\Windows\Media Center\UpdateRecordPath - C:\WINDOWS\ehome\ehPrivJob.exe /DoUpdateRecordPath $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\ehDRMInit - C:\WINDOWS\ehome\ehPrivJob.exe /DRMInit (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate - C:\WINDOWS\ehome\mcupdate $(Arg0) (file missing)
O22 - Task: \Microsoft\Windows\Media Center\mcupdate_scheduled - C:\WINDOWS\ehome\mcupdate -crl -hms -pscn 15 (file missing)

Dopo le eliminazioni fai una pulizia con ccleaner, poi rifai una scansione con HJT e posta il nuovo log, vedo cos'è rimasto, poi facciamo altre operazioni.
Intanto dimmi come va il pc. Buon lavoro.Speak to the hand


Torna in alto
 
tempesta10
Inviato: Friday, October 19, 2018 2:44:52 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
cbbusto, Grazie del tuo aiuto.
Per quanto riguarda Bitdefender non è la versione free;
il pc è più veloce dopo le eliminazioni, fatta pulizia e posto il nuovo log:

Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Home), 10.0.17134.345 (ReleaseId: 1803), Service Pack: 0
Time: 19.10.2018 - 14:32 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Alberto (group: Administrator) on ALBERTO-PC, FirstRun: yes

Edge: 11.0.17134.345
Internet Explorer: 11.0.17134.1
Default: "C:\WINDOWS\system32\LaunchWinApp.exe" "%1" (Microsoft Edge)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
1 C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
1 C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
1 C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
1 C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
1 C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe
1 C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
1 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files\Bitdefender Agent\ProductAgentService.exe
1 C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\bdagent.exe
2 C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe
1 C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
1 C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
1 C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Users\Alberto\Desktop\36\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\Alberto\Desktop\36\HijackThisPortable\App\HijackThis\MemCompression
1 C:\Users\Alberto\Desktop\36\HijackThisPortable\App\HijackThis\Registry
1 C:\Users\Alberto\Desktop\36\HijackThisPortable\HijackThisPortable.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
5 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\WUDFHost.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
79 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
O2 - HKLM\..\BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\pmbxie.dll
O2-32 - HKLM\..\BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2-32 - HKLM\..\BHO: Portafoglio di Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll
O4 - HKCU\..\Run: [CCleaner Monitoring] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt: E&sporta in Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt: I&nvia a OneNote - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O17 - DHCP DNS 1: 192.168.1.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21-32 - HKLM\..\ShellExecuteHooks: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (disabled)
O22 - Task (Job): (Not scheduled) EPSON XP-610 Series Invitation {15C74D37-15E3-45B5-9D3E-451E1D9E27B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Invitation"
O22 - Task (Job): (Not scheduled) EPSON XP-610 Series Invitation {6EA4C99A-0D15-4A8E-952A-27F30194D5D4}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Invitation"
O22 - Task (Job): (Not scheduled) EPSON XP-610 Series Update {6EA4C99A-0D15-4A8E-952A-27F30194D5D4}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Update"
O22 - Task (Job): (Not scheduled) TrackerAutoUpdate.job - C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
O22 - Task (Job): (Ready) EPSON XP-610 Series Update {15C74D37-15E3-45B5-9D3E-451E1D9E27B4}.job - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Update"
O22 - Task (Job): (disabled) (Not scheduled) Uninstaller_SkipUac_Alberto.job - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task (Job): EPSON XP-610 Series Invitation {2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}" /F:"Invitation"
O22 - Task (Job): EPSON XP-610 Series Update {2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{2BA8503D-785C-45C9-8AFE-8BEEB6DAC19C}" /F:"Update"
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\Shell\WindowsParentalControlsMigration - {343D770D-7788-47C2-B62A-B7C4CED925CB} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Task: (telemetry) \Microsoft\Office\Office Subscription Maintenance - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\Uploader - C:\WINDOWS\system32\WSqmCons.exe -u (Microsoft)
O22 - Task: AdobeGCInvoker-1.0-Alberto-PC-Stella - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (file missing)
O22 - Task: AdobeGCInvoker-1.0-MicrosoftAccount-corradilpilota@outlook.it - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGCInvokerUtility.exe (file missing)
O22 - Task: Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 - C:\Program Files\Bitdefender Agent\WatchDog.exe repair
O22 - Task: BlueStacksHelper - C:\ProgramData\BlueStacks\Client\Helper\BlueStacksHelper.exe
O22 - Task: CCleaner Update - C:\Program Files\CCleaner\CCUpdate.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: CLMLSvc - c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
O22 - Task: DVDAgent - c:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
O22 - Task: Driver Booster SkipUAC (Corrado) - C:\Program Files (x86)\IObit\Driver Booster\5.5.1\DriverBooster.exe /skipuac
O22 - Task: EPSON XP-610 Series Invitation {15C74D37-15E3-45B5-9D3E-451E1D9E27B4} - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Invitation"
O22 - Task: EPSON XP-610 Series Invitation {6EA4C99A-0D15-4A8E-952A-27F30194D5D4} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Invitation"
O22 - Task: EPSON XP-610 Series Update {15C74D37-15E3-45B5-9D3E-451E1D9E27B4} - C:\Windows\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{15C74D37-15E3-45B5-9D3E-451E1D9E27B4}" /F:"Update"
O22 - Task: EPSON XP-610 Series Update {6EA4C99A-0D15-4A8E-952A-27F30194D5D4} - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_ITSLQE.EXE /EXE:"{6EA4C99A-0D15-4A8E-952A-27F30194D5D4}" /F:"Update"
O22 - Task: Registration - C:\Program Files (x86)\Hewlett-Packard\HP TCS\RemEngine.exe Registration ShowMessageTask2D
O22 - Task: TrackerAutoUpdate - C:\Program Files\Tracker Software\Update\TrackerUpdate.exe -CheckUpdate
O22 - Task: Uninstaller_SkipUac_Alberto - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: Uninstaller_SkipUac_Corrado - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: Uninstaller_SkipUac_Stella - C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe /UninstallExplorer
O22 - Task: \Hewlett-Packard\HP Assistant\PC Health Analysis - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L Analysis
O22 - Task: \Hewlett-Packard\HP Assistant\PC Tuneup - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /L TuneupTimer
O22 - Task: \Hewlett-Packard\HP Support Assistant\Ghost Resign Task - c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\HPResignFileLoader.exe
O22 - Task: \Hewlett-Packard\HP Support Assistant\HPSAObjUtilTask - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\UtilTask.exe
O22 - Task: \Microsoft\Office\Office Automatic Updates 2.0 - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /frequentupdate SCHEDULEDTASK displaylevel=False (Microsoft)
O22 - Task: \Microsoft\Office\Office ClickToRun Service Monitor - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe /WatchService (Microsoft)
O22 - Task: \Microsoft\Office\Office Feature Updates - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\sdxhelper.exe (Microsoft)
O22 - Task: \Microsoft\Office\OfficeBackgroundTaskHandlerLogon - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft)
O22 - Task: \Microsoft\Office\OfficeBackgroundTaskHandlerRegistration - C:\Program Files (x86)\Microsoft Office\root\Office16\officebackgroundtaskhandler.exe (Microsoft)
O22 - Task: \Microsoft\Windows Defender\MP Scheduled Scan - c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\Setup\EOSNotify - C:\WINDOWS\system32\EOSNotify.exe (file missing)
O22 - Task: \Microsoft\Windows\Setup\Notifier - C:\WINDOWS\system32\Notifier.exe (file missing)
O22 - Task: \Microsoft\Windows\Shell\WindowsParentalControls - {DFA14C43-F385-4170-99CC-1B7765FA0E4A} - (no file)
O22 - Task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict1 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem
O22 - Task: \Microsoft\Windows\Tcpip\IpAddressConflict2 - C:\WINDOWS\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\Program Files\Windows Defender\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: {F26F3DA9-7AF3-41CF-9ACA-0EA096BA0B53} - C:\Windows\system32\pcalua.exe -a J:\epson376810eu.exe -d J:\
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Adobe Genuine Monitor Service - (AGMService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service R2: Adobe Genuine Software Integrity Service - (AGSService) - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service R2: Bitdefender Auxiliary Service - (BDAuxSrv) - C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe "settings\services\configs\bdauxsrv_config.json"
O23 - Service R2: Bitdefender Desktop Update Service - (UPDATESRV) - C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe /service
O23 - Service R2: Bitdefender Device Management Service - (DevMgmtService) - C:\Program Files\Bitdefender\Bitdefender Device Management\DevMgmtService.exe
O23 - Service R2: Bitdefender Protected Service - (BDProtSrv) - C:\Program Files\Bitdefender\Bitdefender Security\bdservicehost.exe "settings\services\configs\bdprotsrv_config.json"
O23 - Service R2: Bitdefender Protected Service - (vsservp) - C:\Program Files\Bitdefender\Bitdefender Security\vsservp.exe
O23 - Service R2: Bitdefender RedLine Service - (bdredline) - C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe
O23 - Service R2: Bitdefender Virus Shield - (VSSERV) - C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe /service
O23 - Service R2: EPSON V3 Service4(06) - (EPSON_PM_RPCV4_06) - C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: HP Health Check Service - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service R2: HuaweiHiSuiteService64.exe - C:\Program Files (x86)\HiSuite\HandSetService\HuaweiHiSuiteService64.exe -/service
O23 - Service R2: Intel(R) Matrix Storage Event Monitor - (IAANTMON) - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service R2: LightScribeService Direct Disc Labeling Service - (LightScribeService) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem"
O23 - Service R2: ProductAgentService - C:\Program Files\Bitdefender Agent\ProductAgentService.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R2: Servizio A portata di clic di Microsoft Office - (ClickToRunSvc) - C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe /service
O23 - Service R2: Servizio di semplificazione dell'aggiornamento di Windows 10 - (osrss) - C:\WINDOWS\system32\svchost.exe -k osrss; "ServiceDll" = C:\WINDOWS\system32\osrss.dll
O23 - Service R2: TeamViewer 13 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: InstallDriver Table Manager - (IDriverT) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service S3: MyEpson Portal Service - C:\Program Files (x86)\EPSON\MyEpson Portal\mepService.exe
O23 - Service S3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\Program Files\Windows Defender\NisSrv.exe
O23 - Service S3: Servizio Windows Defender Antivirus - (WinDefend) - C:\Program Files\Windows Defender\MsMpEng.exe
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O23 - Service S3: hpqwmiex - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe


--
End of file - Time spent: 46 sec. - 42226 bytes, CRC32: FFFFFFFF. Sign: 텙乔

Non so se la cosa sia rilevante, ma ho notato che il Firewall anziché essere gestito da Bitdefender è gestito da windows, questo anche prima delle varie pulizie; mentre sul portatile ha gestirlo è l'antivirus sempre bitdefender.
Torna in alto
 
cbbusto
Inviato: Friday, October 19, 2018 10:18:38 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Per bitdefender va bene, in avvio è rimasto il monitoraggio di ccleaner che anche lui rallenta ed è inutile.
Il firewall lascia pure gestito da windows che va bene.
Per il resto il log è a posto.
Ora fai le seguenti operazioni:
Scarica Junkware Removal Tool sul desktop.
https://filehippo.com/it/download_junkware_removal_tool/
Il download dovrebbe partire entro 5 secondi
Disattiva temporaneamente l'antivirus per evitare potenziali conflitti.
Doppio click su JRT
Lo strumento si aprirà e avvierà la scansione del sistema.
Devi avere pazienza in quanto questo tool può richiedere del tempo per completare la scansione .
Al termine, un log (JRT.txt) viene salvato sul desktop e si aprirà automaticamente.
Postalo qui.
Poi puliamo bene il Registro:

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.

Ora dovresti essere a posto. Ciao
Torna in alto
 
tempesta10
Inviato: Saturday, October 20, 2018 2:20:15 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ciao cbbusto, fatta la scansione co JRT posto il log, ho fatto anche la pulizia del registro ripetendola due volte, nella prima ha trovato 537 voci e 16 nella seconda.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 10 Home x64
Ran by Alberto (Administrator) on 20/10/2018 at 11:45:55,20
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 6

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Corrado) (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Alberto (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Corrado (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\Uninstaller_SkipUac_Stella (Task)
Successfully deleted: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Alberto.job (Task)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{1C935332-934B-41FE-9766-368A462068C5} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20/10/2018 at 11:51:00,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Grazie ancora per il tuo aiuto
Torna in alto
 
cbbusto
Inviato: Sunday, October 21, 2018 11:59:24 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Che il registro fosse sporco lo immaginavo, con tutto quello che è stato eliminato.
Dovresti essere a posto. Speak to the hand
Torna in alto
 
tempesta10
Inviato: Monday, October 22, 2018 12:46:11 PM

Rank: AiutAmico

Iscritto dal : 12/11/2009
Posts: 184
Ok, ti ringrazio moltissimo, una cena di pesce "virtuale" per il tuo aiuto.Dancing Dancing


Torna in alto
 
giza
Inviato: Monday, October 22, 2018 2:41:59 PM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,426
in pratica pesci in faccia. ahahaha
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Info trojan


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.