Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Hijack This

Log Hijack This Opzioni
Topic Precedente · Topic Sucessivo
bunzi
Inviato: Wednesday, November 14, 2018 7:55:45 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 371
Buongiorno a tutti, mi potreste controllare il log per favore? Grazie mille in anticipo



Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Home), 10.0.17134.407 (ReleaseId: 1803), Service Pack: 0
Time: 14.11.2018 - 19:58 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Magni (group: Administrator) on ADMIN, FirstRun: yes

Chrome: 70.0.3538.102
Firefox: 61.0.1.6759
Edge: 11.0.17134.407
Internet Explorer: 11.0.17134.1
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Dolby PCEE4\pcee4.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
2 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1 C:\Program Files (x86)\Launch Manager\LManager.exe
1 C:\Program Files (x86)\Launch Manager\LMutilps32.exe
1 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
1 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1 C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
1 C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
1 C:\Program Files\Allway Sync\Bin\SyncService.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\EgisTec IPS\EgisUpdate.exe
1 C:\Program Files\EgisTec IPS\PmmUpdate.exe
1 C:\Program Files\Elantech\ETDCtrl.exe
1 C:\Program Files\Elantech\ETDCtrlHelper.exe
1 C:\Program Files\Elantech\ETDService.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18081.14710.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\internet explorer\iexplore.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
1 C:\Users\Magni\Desktop\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\Magni\Desktop\HijackThisPortable\App\HijackThis\MemCompression
1 C:\Users\Magni\Desktop\HijackThisPortable\App\HijackThis\Registry
1 C:\Users\Magni\Desktop\HijackThisPortable\HijackThisPortable.exe
1 C:\Windows\RfBtnSvc64.exe
6 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxext.exe
1 C:\Windows\System32\igfxpers.exe
1 C:\Windows\System32\igfxtray.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
72 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{455EDACD-9219-456E-ADD4-65DD16F6DCED} [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{455EDACD-9219-456E-ADD4-65DD16F6DCED} [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - HKLM\..\BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
O4 - HKCU\..\Run: [CCleaner Monitoring] = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\Run: [EPSON SX100 Series] = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S7BB.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [OfficeSyncProcess] = C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2016/08/31) = C:\Users\Magni\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Magni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr (2018/10/06)
O4 - HKLM\..\Run: [HotKeysCmds] = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [IgfxTray] = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [bit4id store register] = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKLM\..\StartupApproved\Run32: [Family Tree Builder Update] (2016/08/31) = C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] (1601/01/01) = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] (1601/01/01) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] (1601/01/01) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [BCSSync] = C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4-32 - HKLM\..\Run: [Dolby Advanced Audio v2] = C:\Dolby PCEE4\pcee4.exe -autostart
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [bit4id store register] = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Pubblica su un &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - Task (Job): (Ready) {35072B6C-FDDF-6D02-AF73-3924C16AE994}.job - C:\Users\Magni\AppData\Roaming\{747F42C4-512D-2FB2-3A1B-0860E6C9F55E}\UPDATE~1.EXE /Check
O22 - Task: (disabled) (telemetry) \Microsoft\Windows\IME\SQM data sender - {CCB1D8CB-D39F-41C9-B793-0196214BDC4E} - C:\Windows\System32\IME\shared\imecfm.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall - {EFF7F153-1C97-417A-B633-FEDE6683A939} - C:\WINDOWS\system32\wuaueng.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WindowsUpdate\AUSessionConnect - {784E29F4-5EBE-4279-9948-1E8FE941646D} - C:\WINDOWS\system32\wuaueng.dll (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\BthSQM - {C8367320-6F85-11E0-A1F0-0800200C9A66},SYSTEM - C:\WINDOWS\System32\BthTelemetry.dll (Microsoft)
O22 - Task: ALU - C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto
O22 - Task: ALUAgent - C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EgisUpdate - C:\Program Files\EgisTec IPS\EgisUpdate.exe -d
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
O22 - Task: PMMUpdate - C:\Program Files\EgisTec IPS\PMMUpdate.exe
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\UpdateOrchestrator\AC Power Download - C:\WINDOWS\system32\usoclient.exe StartDownload (Microsoft)
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: \Microsoft\Windows\WindowsUpdate\AUScheduledInstall - {F3B4E234-7A68-4E43-B813-E4BA55A065F6} - C:\WINDOWS\system32\wuaueng.dll (Microsoft)
O22 - Task: {35072B6C-FDDF-6D02-AF73-3924C16AE994} - C:\Users\Magni\AppData\Roaming\{747F4~1\UPDATE~1.EXE /Check (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Botkind Service - (BotkindSyncService) - C:\Program Files\Allway Sync\Bin\SyncService.exe Files\Allway Sync\Bin\SyncService.exe service
O23 - Service R2: Dritek RF Button Command Service - (RfButtonDriverService) - C:\Windows\RfBtnSvc64.exe
O23 - Service R2: Dritek WMI Service - (DsiWMIService) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Servizio Windows Defender Antivirus - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe
O23 - Service R2: ZAtheros Wlan Agent - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
O23 - Service R3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BCL EasyConverter SDK 3 Loader - (becldr3Service) - C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe
O23 - Service S3: EgisTec Ticket Service - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service S3: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: McAfee Security Scan Component Host Service - (McComponentHostService) - C:\Program Files\McAfee Security Scan\3.11.812\McCHSvc.exe
O23 - Service S3: Microsoft SharePoint Workspace Audit Service - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE /auditservice
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 84 sec. - 38362 bytes, CRC32: FFFFFFFF. Sign: 隱樆
Torna in alto
 
Sponsor
Inviato: Wednesday, November 14, 2018 7:55:45 PM

 
Torna in alto
 
cbbusto
Inviato: Wednesday, November 14, 2018 11:48:45 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Dovresti dire che problemi ha il pc, in modo da regolarsi.
Torna in alto
 
bunzi
Inviato: Thursday, November 15, 2018 9:17:29 AM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 371
Buongiorno cbbusto e grazie per l'interessamento, i problemi che riscontro sono questi:
1) Quando apro Internet nella pagina iniziale di Libero se vado nella casella cerca non riesco a scrivere niente, devo insistere parecchie volte se no non appare niente.
2) Qualsiasi mail che arriva se all'interno contiene un richiamo a un sito, solitamente cliccandoci sopra si andava al sito, ora non lo fa più, devo evidenziarlo e copiarlo nella barra degli indirizzi.
3) Nella posta tutti i giorni ho una mail di Microsoft Outlook che dice: Sembra non siano disponibili le autorizzazioni per recuperare i messaggi di posta dell'indirizzo xxxxx.@libero.it ma io la posta di Libero la leggo. Boooh.

Preciso che prima di inviare il log ho attivato CCLEANER, PRIVAZER e ADWCLEANER, mi manca la candeggina e poi la pulizia sarebbe perfetta.
Torna in alto
 
giza
Inviato: Thursday, November 15, 2018 9:23:30 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,421
fai anche le altre scansioni come indicato
http://forum.aiutamici.com/yaf_postst96025_ELIMINARE-PAGINE-PUBBLICITARIE-E-PORCHERIE-VARIE-E-PULIRE-SISTEMA.aspx

e fixa tutti i 04 tranne l'antivirus.
Torna in alto
 
cbbusto
Inviato: Thursday, November 15, 2018 2:57:36 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
bunzi ha scritto:
Buongiorno cbbusto e grazie per l'interessamento, i problemi che riscontro sono questi:
1) Quando apro Internet nella pagina iniziale di Libero se vado nella casella cerca non riesco a scrivere niente, devo insistere parecchie volte se no non appare niente.
2) Qualsiasi mail che arriva se all'interno contiene un richiamo a un sito, solitamente cliccandoci sopra si andava al sito, ora non lo fa più, devo evidenziarlo e copiarlo nella barra degli indirizzi.
3) Nella posta tutti i giorni ho una mail di Microsoft Outlook che dice: Sembra non siano disponibili le autorizzazioni per recuperare i messaggi di posta dell'indirizzo xxxxx.@libero.it ma io la posta di Libero la leggo. Boooh.

Preciso che prima di inviare il log ho attivato CCLEANER, PRIVAZER e ADWCLEANER, mi manca la candeggina e poi la pulizia sarebbe perfetta.


Su Libero non mi pronuncio perchè mai usato, fai le 3 scansioni in ordine: Malwarebytes, Advcleaner e JRT, Le spiegazioni le trovi sul link di giza, poi disattiva tutte le voci in Avvio automatico tranne l'antivirus, lo puoi fare anche con Ccleaner, vai in Strumenti>Avvio, seleziona le varie voci e fai doppio clic su ognuna in questo modo vengono disattivate, ovviamente i programmi non vengono toccati, alla fine di tutto rifai una scansione con HJT e posta il nuovo log aggiornato, stasera lo controllo e poi ti dico cosa fare. Ciao
Torna in alto
 
bunzi
Inviato: Friday, November 16, 2018 11:59:36 AM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 371
ciao cbbusto ho seguito alla lettera ciò che mi è stato indicato e ora allego il nuovo log:


Logfile of HiJackThis Fork (Beta) by Alex Dragokas v.2.8.0.4

Platform: x64 Windows 10 (Home), 10.0.17134.407 (ReleaseId: 1803), Service Pack: 0
Time: 16.11.2018 - 11:53 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Magni (group: Administrator) on ADMIN, FirstRun: yes

Chrome: 70.0.3538.102
Firefox: 61.0.1.6759
Edge: 11.0.17134.407
Internet Explorer: 11.0.17134.1
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Launch Manager\LManager.exe
1 C:\Program Files (x86)\Launch Manager\LMutilps32.exe
1 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
1 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
1 C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
1 C:\Program Files\Allway Sync\Bin\SyncService.exe
1 C:\Program Files\CCleaner\CCleaner64.exe
1 C:\Program Files\Elantech\ETDService.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.34.81.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2018.18091.17210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.18082.13811.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20083.0_x64__8wekyb3d8bbwe\HxOutlook.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11001.20083.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\Program Files\rempl\sedsvc.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\MsMpEng.exe
1 C:\ProgramData\Microsoft\Windows Defender\Platform\4.18.1810.5-0\NisSrv.exe
1 C:\Users\Magni\Desktop\HijackThisPortable\App\HijackThis\HijackThis.exe
1 C:\Users\Magni\Desktop\HijackThisPortable\App\HijackThis\MemCompression
1 C:\Users\Magni\Desktop\HijackThisPortable\App\HijackThis\Registry
1 C:\Users\Magni\Desktop\HijackThisPortable\HijackThisPortable.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\RfBtnSvc64.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
2 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\hkcmd.exe
1 C:\Windows\System32\igfxext.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{455EDACD-9219-456E-ADD4-65DD16F6DCED} [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{455EDACD-9219-456E-ADD4-65DD16F6DCED} [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
O1 - Hosts: 0.0.0.1 mssplus.mcafee.com
O2 - HKLM\..\BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_171\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
O4 - HKCU\..\RunOnce: [Uninstall 18.172.0826.0010\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Magni\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 18.172.0826.0010] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Magni\AppData\Local\Microsoft\OneDrive\18.172.0826.0010"
O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring] (2018/11/16) = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [EPSON SX100 Series] (2018/11/16) = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S7BB.tmp" /EF "HKCU"
O4 - HKCU\..\StartupApproved\Run: [OfficeSyncProcess] (2018/11/16) = C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2016/08/31) = C:\Users\Magni\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Magni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr (2018/10/06)
O4 - HKLM\..\StartupApproved\Run32: [BCSSync] (2018/11/16) = C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4 - HKLM\..\StartupApproved\Run32: [Dolby Advanced Audio v2] (2018/11/16) = C:\Dolby PCEE4\pcee4.exe -autostart
O4 - HKLM\..\StartupApproved\Run32: [Family Tree Builder Update] (2016/08/31) = C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] (2018/11/16) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] (1601/01/01) = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\StartupApproved\Run: [HotKeysCmds] (2018/11/16) = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\StartupApproved\Run: [IgfxTray] (2018/11/16) = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\StartupApproved\Run: [Persistence] (2018/11/16) = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] (2018/11/16) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] (2018/11/16) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] (1601/01/01) = C:\Program Files\Windows Defender\MSASCuiL.exe
O4 - HKLM\..\StartupApproved\Run: [bit4id store register] (2018/11/16) = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [bit4id store register] = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - Pubblica su un &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O17 - DHCP DNS 1: 192.168.1.1
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O22 - Task (Job): (Ready) {35072B6C-FDDF-6D02-AF73-3924C16AE994}.job - C:\Users\Magni\AppData\Roaming\{747F42C4-512D-2FB2-3A1B-0860E6C9F55E}\UPDATE~1.EXE /Check
O22 - Task: (disabled) (telemetry) \Microsoft\Windows\IME\SQM data sender - {CCB1D8CB-D39F-41C9-B793-0196214BDC4E} - C:\Windows\System32\IME\shared\imecfm.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\HelloFace\FODCleanupTask - C:\WINDOWS\System32\WinBioPlugIns\FaceFodUninstaller.exe (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndContinueUpdates - {0DC331EE-8438-49D5-A721-E10B937CE459} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\InstallService\WakeUpAndScanForUpdates - {D5A04D91-6FE6-4FE4-A98A-FEB4500C5AF7} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\AutoWake - {E51DFD48-AA36-4B45-BB52-E831F02E8316} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SessionAgent - {45F26E9E-6199-477F-85DA-AF1EDFE067B1} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\SideShow\SystemDataProviders - {7CCA6768-8373-4D28-8876-83E8B4E3A969} - (no file)
O22 - Task: (disabled) \Microsoft\Windows\WindowsUpdate\AUFirmwareInstall - {EFF7F153-1C97-417A-B633-FEDE6683A939} - C:\WINDOWS\system32\wuaueng.dll (Microsoft)
O22 - Task: (disabled) \Microsoft\Windows\WindowsUpdate\AUSessionConnect - {784E29F4-5EBE-4279-9948-1E8FE941646D} - C:\WINDOWS\system32\wuaueng.dll (Microsoft)
O22 - Task: (telemetry) \Microsoft\Windows\Customer Experience Improvement Program\BthSQM - {C8367320-6F85-11E0-A1F0-0800200C9A66},SYSTEM - C:\WINDOWS\System32\BthTelemetry.dll (Microsoft)
O22 - Task: ALU - C:\Program Files (x86)\Acer\Live Updater\updater.exe -auto
O22 - Task: ALUAgent - C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe
O22 - Task: Adobe Acrobat Update Task - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
O22 - Task: Adobe Flash Player NPAPI Notifier - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_148_Plugin.exe -check plugin
O22 - Task: Adobe Flash Player Updater - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O22 - Task: CCleanerSkipUAC - C:\Program Files\CCleaner\CCleaner.exe $(Arg0)
O22 - Task: EgisUpdate - C:\Program Files\EgisTec IPS\EgisUpdate.exe -d
O22 - Task: GoogleUpdateTaskMachineCore - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c
O22 - Task: GoogleUpdateTaskMachineUA - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
O22 - Task: McAfee Remediation (Prepare) - C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe /prepare
O22 - Task: PMMUpdate - C:\Program Files\EgisTec IPS\PMMUpdate.exe
O22 - Task: \Microsoft\Windows Live\SOXE\Extractor Definitions Update Task - {3519154C-227E-47F3-9CC9-12C3F05817F1} - (no file)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceLocationRightsChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDevicePolicyChange - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -SettingChange - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceProtectionStateChanged - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -ProtectionStateChanged -FreeNetworkOnly - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DeviceDirectoryClient\RegisterDeviceWnsFallback - {AE31B729-D5FD-401E-AF42-784074835AFE},-RegisterDevice -Periodic - C:\WINDOWS\system32\DeviceDirectoryClient.dll (Microsoft)
O22 - Task: \Microsoft\Windows\DirectX\DXGIAdapterCache - C:\WINDOWS\system32\dxgiadaptercache.exe (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdates - {A558C6A5-B42B-4C98-B610-BF9559143139} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\ScanForUpdatesAsUser - {DDAFAEA2-8842-4E96-BADE-D44A8D676FDB} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\InstallService\SmartRetry - {F3A219C3-2698-4CBF-9C07-037EDB8E72E6} - C:\Windows\System32\InstallServiceTasks.dll (Microsoft)
O22 - Task: \Microsoft\Windows\LanguageComponentsInstaller\ReconcileLanguageResources - {D0582E3B-3126-4CAA-9155-AC37C912A489} - C:\WINDOWS\System32\LanguageOverlayServer.dll (Microsoft)
O22 - Task: \Microsoft\Windows\MobilePC\HotStart - {06DA0625-9701-43DA-BFD7-FBEEA2180A1E} - (no file)
O22 - Task: \Microsoft\Windows\NetCfg\BindingWorkItemQueueHandler - {5AA199A0-1CED-43A5-9B85-3226086738A3} - (no file)
O22 - Task: \Microsoft\Windows\PerfTrack\BackgroundConfigSurveyor - {EA9155A3-8A39-40B4-8963-D3C761B18371} - (no file)
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ClientTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Client"
O22 - Task: \Microsoft\Windows\SMB\UninstallSMB1ServerTask - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe -ExecutionPolicy Unrestricted -NonInteractive -NoProfile -WindowStyle Hidden "& C:\WINDOWS\system32\WindowsPowerShell\v1.0\Modules\SmbShare\DisableUnusedSmb1.ps1 -Scenario Server"
O22 - Task: \Microsoft\Windows\SideShow\GadgetManager - {FF87090D-4A9A-4F47-879B-29A80C355D61},$(Arg0) - (no file)
O22 - Task: \Microsoft\Windows\Speech\HeadsetButtonPress - C:\WINDOWS\system32\speech_onecore\common\SpeechRuntime.exe StartedFromTask (Microsoft)
O22 - Task: \Microsoft\Windows\WaaSMedic\PerformRemediation - {72566E27-1ABB-4EB3-B4F0-EB431CB1CB32},None - C:\WINDOWS\System32\WaaSMedicSvc.dll (Microsoft)
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cache Maintenance - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe -IdleTask -TaskName WdCacheMaintenance
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Cleanup - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe -IdleTask -TaskName WdCleanup
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Scheduled Scan - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe Scan -ScheduleJob -ScanTrigger 55
O22 - Task: \Microsoft\Windows\Windows Defender\Windows Defender Verification - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MpCmdRun.exe -IdleTask -TaskName WdVerification
O22 - Task: \Microsoft\Windows\WindowsUpdate\AUScheduledInstall - {F3B4E234-7A68-4E43-B813-E4BA55A065F6} - C:\WINDOWS\system32\wuaueng.dll (Microsoft)
O22 - Task: \Microsoft\Windows\rempl\shell - C:\Program Files\rempl\sedlauncher.exe (Microsoft)
O22 - Task: {35072B6C-FDDF-6D02-AF73-3924C16AE994} - C:\Users\Magni\AppData\Roaming\{747F4~1\UPDATE~1.EXE /Check (file missing)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Botkind Service - (BotkindSyncService) - C:\Program Files\Allway Sync\Bin\SyncService.exe Files\Allway Sync\Bin\SyncService.exe service
O23 - Service R2: Dritek RF Button Command Service - (RfButtonDriverService) - C:\Windows\RfBtnSvc64.exe
O23 - Service R2: Dritek WMI Service - (DsiWMIService) - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service R2: Elan Service - (ETDService) - C:\Program Files\Elantech\ETDService.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: Servizio Windows Defender Antivirus - (WinDefend) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\MsMpEng.exe
O23 - Service R2: Windows Remediation Service - (sedsvc) - C:\Program Files\rempl\sedsvc.exe
O23 - Service R2: ZAtheros Wlan Agent - C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
O23 - Service R3: Servizio Controllo rete di Windows Defender Antivirus - (WdNisSvc) - C:\ProgramData\Microsoft\Windows Defender\platform\4.18.1810.5-0\NisSrv.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: BCL EasyConverter SDK 3 Loader - (becldr3Service) - C:\Program Files\BCL Technologies\easyConverter SDK 3\Common\becldr.exe
O23 - Service S3: EgisTec Ticket Service - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service S3: FLEXnet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service S3: Intel(R) Content Protection HECI Service - (cphs) - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service S3: McAfee Security Scan Component Host Service - (McComponentHostService) - C:\Program Files\McAfee Security Scan\3.11.812\McCHSvc.exe
O23 - Service S3: Microsoft SharePoint Workspace Audit Service - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE /auditservice
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc


--
End of file - Time spent: 67 sec. - 39644 bytes, CRC32: FFFFFFFF. Sign: 䱟엎

grazie
Torna in alto
 
cbbusto
Inviato: Friday, November 16, 2018 12:04:28 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Ora mi devo assentare, ci sentiamo prima di sera, ci sono delle voci da eliminare. Ciao
Torna in alto
 
cbbusto
Inviato: Friday, November 16, 2018 3:01:39 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Tutte le voci in avvio sono rimaste, non hai disattivato niente.

FIXARE VOCI IN HJT
Chiudi tutti i programmi e disconnesso da internet,
Lancia HijackThis e clicca sul secondo pulsante Do a system scan only
inserisci il segno di spunta nel quadratino davanti alle righe sotto elencate, una volta selezionate clicca il tasto Fix checked per procedere all'eliminazione, comparirà una finestra clicca su SI per accettare e l'operazione è conclusa.
Ti preciso che eliminando le voci 04, i programmi non vengono toccati ma viene solo disattivato l'Avvio automatico, inutile......basterebbe solo l'antivirus.
I malware si diffondono all’interno del sistema operativo Windows, spesso a velocità sorprendenti, proprio sfruttando i programmi presenti in esecuzione automatica.

R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{455EDACD-9219-456E-ADD4-65DD16F6DCED} [SuggestionsURL] = https://it.search.yahoo.com/sugg/ie?command={SearchTerms}&appid=i&output=osxml&appid=chrie - Yahoo Search
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{455EDACD-9219-456E-ADD4-65DD16F6DCED} [URL] = https://it.search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default - Yahoo Search
Yahoo Search meglio non usarlo alle volte si incappa in falsi Yahoo che dirottano, meglio usare Google.

O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.812\SSScheduler.exe
O4 - HKCU\..\RunOnce: [Uninstall 18.172.0826.0010\amd64] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Magni\AppData\Local\Microsoft\OneDrive\18.172.0826.0010\amd64"
O4 - HKCU\..\RunOnce: [Uninstall 18.172.0826.0010] = C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Magni\AppData\Local\Microsoft\OneDrive\18.172.0826.0010"
O4 - HKCU\..\StartupApproved\Run: [CCleaner Monitoring] (2018/11/16) = C:\Program Files\CCleaner\CCleaner64.exe /MONITOR
O4 - HKCU\..\StartupApproved\Run: [EPSON SX100 Series] (2018/11/16) = C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\WINDOWS\TEMP\E_S7BB.tmp" /EF "HKCU"
O4 - HKCU\..\StartupApproved\Run: [OfficeSyncProcess] (2018/11/16) = C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
O4 - HKCU\..\StartupApproved\Run: [OneDrive] (2016/08/31) = C:\Users\Magni\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background
O4 - HKCU\..\StartupApproved\StartupFolder: C:\Users\Magni\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Ritaglio schermata e avvio di OneNote 2010.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr (2018/10/06)
O4 - HKLM\..\StartupApproved\Run32: [BCSSync] (2018/11/16) = C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices
O4 - HKLM\..\StartupApproved\Run32: [Dolby Advanced Audio v2] (2018/11/16) = C:\Dolby PCEE4\pcee4.exe -autostart
O4 - HKLM\..\StartupApproved\Run32: [Family Tree Builder Update] (2016/08/31) = C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] (2018/11/16) = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4 - HKLM\..\StartupApproved\Run: [ETDCtrl] (1601/01/01) = C:\Program Files\Elantech\ETDCtrl.exe
O4 - HKLM\..\StartupApproved\Run: [HotKeysCmds] (2018/11/16) = C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\StartupApproved\Run: [IgfxTray] (2018/11/16) = C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\StartupApproved\Run: [Persistence] (2018/11/16) = C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\StartupApproved\Run: [RtHDVBg_Dolby] (2018/11/16) = C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE4
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] (2018/11/16) = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\StartupApproved\Run: [bit4id store register] (2018/11/16) = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [bit4id store register] = C:\WINDOWS\system32\RUNDLL32.EXE "C:\WINDOWS\system32\bit4cnsp.dll",RegisterMyPhysicalStore

Quando hai finito fai una pulizia del registro col seguente software:

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10.

Sicuramente il pc sarà più veloce, fai sapere. Ciao
Torna in alto
 
bunzi
Inviato: Friday, November 16, 2018 9:00:59 PM
Rank: AiutAmico

Iscritto dal : 12/31/2007
Posts: 371
Ciao cbbusto, con Ccleaner avevo fatto come hai detto, sono andato a vedere e tutti i servizi erano ancora evidenziati con il no a parte, l'ho rifatto e ora non c'è più niente che parte in automatico salvo MC Afee.
Installato anche Eusing Free Registry Cleaner che ha trovato 578 problemi che ho poi eliminato con la pulizia.
Sembra effettivamente più veloce, resta però il problema con Libero comunque le ricerche le farò attivando Google.

Grazie per i suggerimenti.
ciao
Torna in alto
 
cbbusto
Inviato: Friday, November 16, 2018 11:53:25 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
bunzi ha scritto:
Ciao cbbusto, con Ccleaner avevo fatto come hai detto, sono andato a vedere e tutti i servizi erano ancora evidenziati con il no a parte, l'ho rifatto e ora non c'è più niente che parte in automatico salvo MC Afee.
Installato anche Eusing Free Registry Cleaner che ha trovato 578 problemi che ho poi eliminato con la pulizia.
Sembra effettivamente più veloce, resta però il problema con Libero comunque le ricerche le farò attivando Google.

Grazie per i suggerimenti.
ciao


Di Libero hai la pagina iniziale di I.E. che non ti dovrebbe servire visto che hai Firefox e Chrome.
La pagina è questa: R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://libero.it/, quindi fixala con HJT ed eliminala. Vediamo.
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Log Hijack This


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.