Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PC inchiodato!

PC inchiodato! Opzioni
Topic Precedente · Topic Sucessivo
giovanitasca
Inviato: Sunday, January 26, 2020 3:23:38 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Da qualche giorno ho notato lentezza assoluta e la lucetta rossa dell'accensione è perennemente rossa. Il task manager mi dice che l'unico progarmma in esecuzione è "processo di inattività del sistema" con oscillazioni intorno al 95%. Inoltre quando lo spengo impiega moltissimo tempo. Ho fatto varie scansioni ma da quel poco che ne capisc non sembra ci siano dei grossi problemi.
Mi potete aiutare?

Posto il vari log:

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x32 Windows 7 (Ultimate), 6.1.7601.24544, Service Pack: 1
Time: 26.01.2020 - 14:45 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Tasca Pane (group: Administrator) on TASCAPANE-PC, FirstRun: yes

Firefox: 72.0.2.7321
Internet Explorer: 11.0.9600.19597
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files\4dots Software\Free File Unlocker\luminati\net_svc.exe
1 C:\Program Files\4dots Software\Free File Unlocker\net_updater32.exe
1 C:\Program Files\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
1 C:\Program Files\Google\Update\1.3.35.422\GoogleCrashHandler.exe
1 C:\Program Files\Macrium\Reflect\ReflectService.exe
1 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1 C:\Program Files\Microsoft Security Client\NisSrv.exe
1 C:\Program Files\Microsoft Security Client\msseces.exe
1 C:\Program Files\OO Software\Defrag\oodag.exe
1 C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
1 C:\Program Files\PDFCreator\PDFCreator.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1 C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe
1 C:\Program Files\SwitchService\svc\hkeyswsvc.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Users\Tasca Pane\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\System32\Namirial\WakeUpSDService.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
13 C:\Windows\System32\svchost.exe
2 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
O2 - HKLM\..\BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe
O4 - HKLM\..\Run: [MSC] = C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey
O4 - HKLM\..\Session Manager: [BootExecute] = C:\Windows\system32\OODBS.exe
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner.exe /MONITOR (HKCU) (2019/09/08)
O4 - MSConfig\startupreg: Chromium [command] = c:\users\tasca pane\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session (HKCU) (2020/01/06)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi a PDF esistente: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi destinazione link a PDF esistente: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti destinazione link in Adobe PDF: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti in Adobe PDF: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&sporta in Microsoft Excel: (default) = C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\I&nvia a OneNote: (default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll
O15 - Trusted Zone: *.localhost
O16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.191.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_31 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.191.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: Shockwave Flash Object [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\0PerformanceMonitor: (no name) - {3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: AK910SwitchService - C:\Program Files\AK910SwitchService\svc\AK910SwitchService.exe
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
O23 - Service R2: CodeMeter Runtime Server - (CodeMeter.exe) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: FreemakeVideoCapture - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service R2: Key4SwitchService - C:\Program Files\SwitchService\svc\hkeyswsvc.exe
O23 - Service R2: Luminati Net Updater (win_freefileunlocker.4dotssoftware.com) - (luminati_net_updater_win_freefileunlocker_4dotssoftware_com) - C:/Program Files/4dots Software/Free File Unlocker/net_updater32.exe --updater win_freefileunlocker.4dotssoftware.com
O23 - Service R2: Macrium Reflect Image Mounting Service - (ReflectService.exe) - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service R2: Management Service smart card embedded in a MicroSD - (SCSD_Service) - C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
O23 - Service R2: Namirial WakeUpSD Service - (WakeUpSvc) - C:\Windows\system32\Namirial\WakeUpSDService.exe
O23 - Service R2: O&O Defrag Agent - (OODefragAgent) - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service R2: SQL Server (SQLEXPRESS) - (MSSQL$SQLEXPRESS) - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -sSQLEXPRESS
O23 - Service S2: LiveUpdate - (LiveUpdateSvc) - (no file)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Firebird Server - DefaultInstance - (FirebirdServerDefaultInstance) - (no file)
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Visual Studio Standard Collector Service - (VSStandardCollectorService140) - C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe


--
End of file - Time spent: 56,4 sec. - 20414 bytes, CRC32: FFFFFFFF. Sign: 곰軙


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x86
Ran by Tasca Pane (Administrator) on 26/01/2020 at 14:23:33,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 16

Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IMB0K7N (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34RRNA13 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55NOKUAM (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI10H0YP (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMRDBLL7 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3K0F7HD (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD6GYBL3 (Temporary Internet Files Folder)
Successfully deleted: C:\Users\Tasca Pane\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNRDWAMN (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0IMB0K7N (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\34RRNA13 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\55NOKUAM (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CI10H0YP (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MMRDBLL7 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\T3K0F7HD (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VD6GYBL3 (Temporary Internet Files Folder)
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YNRDWAMN (Temporary Internet Files Folder)



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/01/2020 at 14:27:39,32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Malwarebytes
www.malwarebytes.com

-Dettagli log-
Data scansione: 26/01/20
Ora scansione: 13:23
File di log: a750b086-4036-11ea-8cce-08606e698e27.json

-Informazioni software-
Versione: 4.0.4.49
Versione componenti: 1.0.793
Aggiorna versione pacchetto: 1.0.18260
Licenza: Free

-Informazioni sistema-
SO: Windows 7 Service Pack 1
CPU: x86
File system: NTFS
Utente: TascaPane-PC\Tasca Pane

-Riepilogo scansione-
Tipo di scansione: Ricerca elementi nocivi
Scansione avviata da: Manuale
Risultati: Completata
Elementi analizzati: 424454
Minacce rilevate: 0
Minacce messe in quarantena: 0
Tempo impiegato: 47 min, 37 sec

-Opzioni di scansione-
Memoria: Attivata
Esecuzioni automatiche: Attivata
File system: Attivata
Archivi compressi: Attivata
Rootkit: Disattivata
Analisi euristica: Attivata
PUP: Rilevare
PUM: Rilevare

-Dettagli scansione-
Processo: 0
(Nessun elemento nocivo rilevato)

Modulo: 0
(Nessun elemento nocivo rilevato)

Chiave di registro: 0
(Nessun elemento nocivo rilevato)

Valore di registro: 0
(Nessun elemento nocivo rilevato)

Dati di registro: 0
(Nessun elemento nocivo rilevato)

Flusso di dati: 0
(Nessun elemento nocivo rilevato)

Cartella: 0
(Nessun elemento nocivo rilevato)

File: 0
(Nessun elemento nocivo rilevato)

Settore fisico: 0
(Nessun elemento nocivo rilevato)

WMI: 0
(Nessun elemento nocivo rilevato)


(end)

Rkill 2.9.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2020 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/26/2020 02:28:17 PM in x86 mode.
Windows Version: Windows 7 Ultimate Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 01/26/2020 02:31:55 PM
Execution time: 0 hours(s), 3 minute(s), and 37 seconds(s)
Torna in alto
 
Sponsor
Inviato: Sunday, January 26, 2020 3:23:38 PM

 
Torna in alto
 
cbbusto
Inviato: Tuesday, January 28, 2020 11:45:41 AM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Tieni presente che stai usando win 7 che non è più supportato e non viene aggiornato, quindi è più vulnerabile. Le possibilità di allungare il supporto ci sarebbe ma è a pagamento e nemmeno sicuro.
Hai un programma pericoloso e lo devi eliminare, è questo: 1 C:\Program Files\Google\Update\1.3.35.422\GoogleCrashHandler.exe per una rimozione completa ti consiglio di usare IoBit Uninstaller, scaricalo da qui: https://www.iobit.com/it/advanceduninstaller.php
Poi rimuovi questi programmi in Avvio:
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exeO4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe
O4 - HKLM\..\Session Manager: [BootExecute] = C:\Windows\system32\OODBS.exe
O4 - MSConfig\startupreg: CCleaner Smart Cleaning [command] = C:\Program Files\CCleaner\CCleaner.exe /MONITOR (HKCU) (2019/09/08)
O4 - MSConfig\startupreg: Chromium [command] = c:\users\tasca pane\appdata\local\chromium\application\chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session (HKCU) (2020/01/06)
Fai questa scansione:
Scarica Adwcleaner sul desktop: http://www.bleepingcomputer.com/download/adwcleaner/
Per il download cliccare su: Download now
Chiudi tutti i browser (è importante IE,Firefox Chrome ecc...)
Clicca sul pulsante "Analisi".
Finita la scansione clicca su "Pulizia"
Conferma con OK le varie finestre che ti compariranno.
Riavvia il pc e uscirà il log con le eliminazioni.
Postalo qui.
ADW crea un backup dei files e delle impostazioni eliminati, si trova in "C:\AdwCleaner\Quarantine" in modo da consentire l'eventuale ripristino di dati erroneamente cancellati.
Pulizia del Registro:

Per una pulizia profonda del registro, usa Eusing Free Registry Cleaner sw da usare saltuariamente, lo scarichi da qui: http://www.eusing.com/free_registry_cleaner/registry_cleaner.htm
clic su Download Site1, una volta lanciato appare una finestra che chiede il codice, clic su ignora e procedi, poi in alto a sinistra clic su Analizza Registro, lascia fare fino alla fine non ti preoccupare se trova molte voci, poi clicca su Ripara Registro, il sw è sicuro comunque crea un punto di ripristino e fa anche il backup dei file eliminati infatti in alto sotto ripara registro si trova la voce Ripristina Registro.
Per fare questa pulizia meglio chiudere tutti i programmi e disconnesso.
Il programma è compatibile con tutti i S.O. windows compreso win 10. Vedo cha hai Macrium Reflect quindi avrai fatto l'immagine del sistema, se non risolvi fai un ripristino.
Fai sapere se ci sono dei miglioramenti. Ciao
Torna in alto
 
giovanitasca
Inviato: Tuesday, January 28, 2020 8:23:13 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ho fatto quanto detto.
Non ho rimosso la voce 04 Pdf creator in quanto utilizzo spessissimo la stampante virtuale
Ho instalalto il programma di disinstallazione ma come faccio a trovare quello che mi indichi. Posso cancellare il file direttamente dalla cartella in cui si trova?
Comunque, già con una pulizia il PC è molto migliorato (oserei dire che è tornato alla normalità)
A proposito di W7, posso passare a W10 senza rinunciare a quanto già installato? Ho dei programmi di gestione che non posso assolutamente perdere e sarebbe molto problematico uma loro reinstalalzione.

Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18

Platform: x32 Windows 7 (Ultimate), 6.1.7601.24544, Service Pack: 1
Time: 28.01.2020 - 20:22 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Tasca Pane (group: Administrator) on TASCAPANE-PC, FirstRun: no

Firefox: 72.0.2.7321
Internet Explorer: 11.0.9600.19597
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)

Boot mode: Normal

Running processes:
Number | Path
1 C:\Program Files\4dots Software\Free File Unlocker\luminati\net_svc.exe
1 C:\Program Files\4dots Software\Free File Unlocker\net_updater32.exe
1 C:\Program Files\AK910SwitchService\svc\AK910SwitchService.exe
1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
1 C:\Program Files\Bonjour\mDNSResponder.exe
1 C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
1 C:\Program Files\Google\Update\1.3.35.422\GoogleCrashHandler.exe
1 C:\Program Files\IObit\IObit Uninstaller\UninstallMonitor.exe
1 C:\Program Files\Macrium\Reflect\ReflectService.exe
1 C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
1 C:\Program Files\Microsoft Security Client\MsMpEng.exe
1 C:\Program Files\Microsoft Security Client\NisSrv.exe
5 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\OO Software\Defrag\oodag.exe
1 C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
1 C:\Program Files\PDFCreator\PDFCreator.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore.exe
1 C:\Program Files\SwitchService\svc\hkeyswsvc.exe
1 C:\Program Files\WinRAR\WinRAR.exe
1 C:\Users\Tasca Pane\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\System32\Namirial\WakeUpSDService.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\notepad.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
O2 - HKLM\..\BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - HKLM\..\BHO: ExplorerWnd Helper - {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files\IObit\IObit Uninstaller\UninstallExplorer.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_191\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_191\bin\ssv.dll
O2 - HKLM\..\BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PDFCreator.lnk -> C:\Program Files\PDFCreator\PDFCreator.exe
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi a PDF esistente: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Aggiungi destinazione link a PDF esistente: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti destinazione link in Adobe PDF: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Converti in Adobe PDF: (default) = C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\E&sporta in Microsoft Excel: (default) = C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (file missing)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\I&nvia a OneNote: (default) = C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (file missing)
O10 - Unknown file in Winsock LSP: C:\Program Files\Bonjour\mdnsNSP.dll
O15 - Trusted Zone: *.localhost
O16 - DPF: HKLM\..\{8AD9C840-044E-11D1-B3E9-00805F499D93}\DownloadInformation: Java Plug-in 11.191.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-0018-0000-0031-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 1.8.0_31 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16 - DPF: HKLM\..\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\DownloadInformation: Java Plug-in 11.191.2 [CODEBASE] = http://java.sun.com/update/1.8.0/jinstall-1_8_0_31-windows-i586.cab
O16 - DPF: HKLM\..\{D27CDB6E-AE6D-11CF-96B8-444553540000}\DownloadInformation: Shockwave Flash Object [CODEBASE] = http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{A09F903F-7B42-4F16-9B5B-5F0699F6B1B2}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O21 - HKLM\..\ShellIconOverlayIdentifiers\0PerformanceMonitor: (no name) - {3B5B973C-92A4-4855-9D3F-0F3D23332208} - (no file)
O23 - Service R2: Servizio Bonjour - (Bonjour Service) - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service R2: AK910SwitchService - C:\Program Files\AK910SwitchService\svc\AK910SwitchService.exe
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: AMD FUEL Service - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService
O23 - Service R2: CodeMeter Runtime Server - (CodeMeter.exe) - C:\Program Files\CodeMeter\Runtime\bin\CodeMeter.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: FreemakeVideoCapture - C:\Program Files\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service R2: Key4SwitchService - C:\Program Files\SwitchService\svc\hkeyswsvc.exe
O23 - Service R2: Luminati Net Updater (win_freefileunlocker.4dotssoftware.com) - (luminati_net_updater_win_freefileunlocker_4dotssoftware_com) - C:/Program Files/4dots Software/Free File Unlocker/net_updater32.exe --updater win_freefileunlocker.4dotssoftware.com
O23 - Service R2: Macrium Reflect Image Mounting Service - (ReflectService.exe) - C:\Program Files\Macrium\Reflect\ReflectService.exe
O23 - Service R2: Management Service smart card embedded in a MicroSD - (SCSD_Service) - C:\Program Files\Oberthur Technologies\ID-One Cosmo microSD Driver 2.1.3\SC_SD_Service.exe
O23 - Service R2: Namirial WakeUpSD Service - (WakeUpSvc) - C:\Windows\system32\Namirial\WakeUpSDService.exe
O23 - Service R2: O&O Defrag Agent - (OODefragAgent) - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service R2: SQL Server (SQLEXPRESS) - (MSSQL$SQLEXPRESS) - C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -sSQLEXPRESS
O23 - Service S2: IObit Uninstaller Service - (IObitUnSvr) - C:\Program Files\IObit\IObit Uninstaller\IUService.exe
O23 - Service S2: LiveUpdate - (LiveUpdateSvc) - (no file)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Firebird Server - DefaultInstance - (FirebirdServerDefaultInstance) - (no file)
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Visual Studio Standard Collector Service - (VSStandardCollectorService140) - C:\Program Files\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe


--
End of file - Time spent: 40 sec. - 19698 bytes, CRC32: FFFFFFFF. Sign: ₅ꄆ


# -------------------------------
# Malwarebytes AdwCleaner 8.0.1.0
# -------------------------------
# Build: 12-17-2019
# Database: 2020-01-24.1 (Cloud)
# Support: https://www.malwarebytes.com/support
#
# -------------------------------
# Mode: Clean
# -------------------------------
# Start: 01-28-2020
# Duration: 00:00:02
# OS: Windows 7 Ultimate
# Cleaned: 2
# Failed: 1


***** [ Services ] *****

No malicious services cleaned.

***** [ Folders ] *****

Deleted C:\Users\Tasca Pane\AppData\Roaming\IObit\Advanced SystemCare

***** [ Files ] *****

No malicious files cleaned.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks cleaned.

***** [ Registry ] *****

Deleted HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Eusing Free Registry Cleaner
Not Deleted HKCU\Software\Dealio

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries cleaned.

***** [ Chromium URLs ] *****

No malicious Chromium URLs cleaned.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries cleaned.

***** [ Firefox URLs ] *****

No malicious Firefox URLs cleaned.

***** [ Preinstalled Software ] *****

No Preinstalled Software cleaned.


*************************

[+] Delete Tracing Keys
[+] Reset Winsock

*************************

AdwCleaner[S00].txt - [3017 octets] - [23/06/2018 04:21:06]
AdwCleaner[C00].txt - [2929 octets] - [23/06/2018 04:21:51]
AdwCleaner[S01].txt - [1383 octets] - [23/06/2018 04:33:58]
AdwCleaner[C01].txt - [1549 octets] - [23/06/2018 04:34:33]
AdwCleaner[S02].txt - [1505 octets] - [24/06/2018 00:03:43]
AdwCleaner[C02].txt - [1671 octets] - [24/06/2018 00:04:00]
AdwCleaner[S03].txt - [1627 octets] - [25/06/2018 01:51:18]
AdwCleaner[S04].txt - [1688 octets] - [27/06/2018 19:02:12]
AdwCleaner[C04].txt - [1854 octets] - [27/06/2018 19:05:54]
AdwCleaner[S05].txt - [1929 octets] - [01/07/2018 23:06:15]
AdwCleaner[C05].txt - [2077 octets] - [01/07/2018 23:07:44]
AdwCleaner[S06].txt - [1987 octets] - [12/07/2018 00:12:01]
AdwCleaner[C06].txt - [2133 octets] - [12/07/2018 00:12:25]
AdwCleaner[S07].txt - [27031 octets] - [01/08/2018 00:38:23]
AdwCleaner[C07].txt - [23868 octets] - [01/08/2018 00:39:05]
AdwCleaner[S08].txt - [2178 octets] - [20/08/2018 23:36:46]
AdwCleaner[C08].txt - [2344 octets] - [20/08/2018 23:37:12]
AdwCleaner[S09].txt - [2300 octets] - [27/08/2018 21:39:44]
AdwCleaner[S10].txt - [3039 octets] - [17/09/2018 18:51:46]
AdwCleaner[C10].txt - [3131 octets] - [17/09/2018 18:52:08]
AdwCleaner[S11].txt - [3098 octets] - [28/10/2018 17:42:29]
AdwCleaner[C11].txt - [3208 octets] - [28/10/2018 17:43:11]
AdwCleaner[S12].txt - [2613 octets] - [04/11/2018 11:55:35]
AdwCleaner[S13].txt - [2674 octets] - [18/11/2018 11:35:44]
AdwCleaner[S14].txt - [2852 octets] - [13/12/2018 11:53:49]
AdwCleaner[C14].txt - [3000 octets] - [13/12/2018 11:54:29]
AdwCleaner[S15].txt - [2989 octets] - [13/01/2019 18:55:32]
AdwCleaner[C15].txt - [3119 octets] - [13/01/2019 18:56:09]
AdwCleaner[S16].txt - [3098 octets] - [16/01/2019 22:56:40]
AdwCleaner[C16].txt - [3246 octets] - [16/01/2019 22:57:03]
AdwCleaner[S17].txt - [3153 octets] - [09/03/2019 02:04:18]
AdwCleaner[C17].txt - [3301 octets] - [09/03/2019 02:04:44]
AdwCleaner[S18].txt - [3275 octets] - [19/03/2019 14:59:36]
AdwCleaner[S19].txt - [3506 octets] - [02/04/2019 11:22:48]
AdwCleaner[C19].txt - [3618 octets] - [02/04/2019 11:23:34]
AdwCleaner[S20].txt - [4252 octets] - [04/04/2019 14:47:39]
AdwCleaner[C20].txt - [4292 octets] - [04/04/2019 14:48:14]
AdwCleaner[S21].txt - [3580 octets] - [05/04/2019 16:10:31]
AdwCleaner[C21].txt - [3728 octets] - [05/04/2019 16:12:01]
AdwCleaner[S22].txt - [3702 octets] - [18/04/2019 20:21:40]
AdwCleaner[C22].txt - [3850 octets] - [18/04/2019 20:52:39]
AdwCleaner[S23].txt - [3943 octets] - [21/04/2019 19:28:24]
AdwCleaner[C23].txt - [4073 octets] - [21/04/2019 19:39:45]
AdwCleaner[S24].txt - [4553 octets] - [20/05/2019 14:34:02]
AdwCleaner[S25].txt - [4614 octets] - [16/06/2019 12:36:27]
AdwCleaner[C25].txt - [4706 octets] - [16/06/2019 12:36:45]
AdwCleaner[S26].txt - [4143 octets] - [18/08/2019 13:26:44]
AdwCleaner[C26].txt - [4342 octets] - [18/08/2019 13:28:30]
AdwCleaner[S27].txt - [8932 octets] - [08/12/2019 01:30:40]
AdwCleaner[C27].txt - [8266 octets] - [08/12/2019 01:31:41]
AdwCleaner[S28].txt - [5454 octets] - [09/12/2019 21:47:07]
AdwCleaner[C28].txt - [5382 octets] - [09/12/2019 21:48:58]
AdwCleaner[S29].txt - [4550 octets] - [09/12/2019 22:08:50]
AdwCleaner[C29].txt - [4698 octets] - [09/12/2019 22:09:28]
AdwCleaner[S30].txt - [4641 octets] - [30/12/2019 21:20:14]
AdwCleaner[S31].txt - [4702 octets] - [26/01/2020 14:18:35]
AdwCleaner[C31].txt - [4870 octets] - [26/01/2020 14:23:20]
AdwCleaner[S32].txt - [5009 octets] - [28/01/2020 12:28:27]

########## EOF - C:\AdwCleaner\Logs\AdwCleaner[C32].txt ##########
Torna in alto
 
cbbusto
Inviato: Tuesday, January 28, 2020 11:31:11 PM

Rank: AiutAmico

Iscritto dal : 11/8/2008
Posts: 13,964
Si il programma lo puoi eliminare dalla cartella, poi pulisci il registro con Ccleaner.
Per il passaggio da Seven a win 10, attendi qualche altro amico perchè non conosco l'operazione.
Una bella pulizia è stata fatta da Adwcleaner.
Ciao
Torna in alto
 
giza
Inviato: Wednesday, January 29, 2020 10:07:16 AM

Rank: AiutAmico

Iscritto dal : 10/27/2006
Posts: 9,434
attento perchè molti programmi di 7 non girano su 10- controlla quei programmi e vedi se sono validi anche per 10
Torna in alto
 
giovanitasca
Inviato: Wednesday, January 29, 2020 2:06:12 PM
Rank: AiutAmico

Iscritto dal : 4/2/2005
Posts: 220
Ok, sempre preziosi e puntuali.
Grazie
Torna in alto
 
wolfestein
Inviato: Wednesday, January 29, 2020 4:19:22 PM

Rank: AiutAmico

Iscritto dal : 2/15/2009
Posts: 15,787
Per passare da W7 a W10 l'operazione è semplice ,l'ho fatta sul pc di mio nipote(ma son tornato a W7,il 10 proprio non lo digerisco).
Scarica lo strumento Media creation tool https://www.microsoft.com/it-it/software-download/windows10
Dopo averlo lanciato scegli l'opzione AGGIORNA il sistema si aggiornerà senza perdita di dati.
Se invece vuoi fare una installazione pulita scarica l'ISO che puoi masterizzare su dvd oppure puoi anche scegliere la versione USB.
N.B.Se vuoi puoi tornare a W7 entro 10 giorni.
Torna in alto
 
solfami
Inviato: Thursday, January 30, 2020 7:02:34 PM

Rank: AiutAmico

Iscritto dal : 11/14/2003
Posts: 2,259
N.B.Se vuoi puoi tornare a W7 entro 10 giorni.[/quote]
Salve
puoi farti un'immagine prima , poi rimonti il 7 quando vuoi
http://software.aiutamici.com/software?r=y&C1=1&C2=4&C3=66
Saluti
Torna in alto
 
Utenti presenti in questo topic
Guest

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » PC inchiodato!


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.