O
Ospite
Aggiornato HijackThis alla nuova versione 2.9.0.11, grazie ERCOLINO sempre per le informazioni che ci rendi anche su quest'ottimo software. 
Importante Richiesta controllo Logfile of HijackThis (Versione 2.10.0.31) del 06/05/2023
- Creatore Discussione ERCOLINO
- Data di inizio
installata nuova versione, mi date gentilmente un'occhiata al log? Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11
Platform: x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time: 11.12.2018 - 09:24 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Chrome: 49.0.2623.112
Firefox: 52.9.0.6746
Internet Explorer: 8.0.6001.18702
Default: "C:\Programmi\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
1 C:\Programmi\Alwil Software\Avast5\AvastUI.exe
1 C:\Programmi\Alwil Software\Avast5\aswidsagent.exe
1 C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
1 C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
1 C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
1 C:\Programmi\PDF Complete\pdfsvc.exe
1 C:\Programmi\ProtectTools\Embedded Security Software\PSDrt.exe
1 C:\Programmi\ProtectTools\Embedded Security Software\PSDsrvc.EXE
1 C:\WINDOWS\Explorer.EXE
1 C:\WINDOWS\System32\alg.exe
1 C:\WINDOWS\System32\smss.exe
2 C:\WINDOWS\system32\Ati2evxx.exe
1 C:\WINDOWS\system32\IFXSPMGT.exe
1 C:\WINDOWS\system32\IFXTCS.exe
1 C:\WINDOWS\system32\SearchFilterHost.exe
1 C:\WINDOWS\system32\SearchIndexer.exe
1 C:\WINDOWS\system32\SearchProtocolHost.exe
1 C:\WINDOWS\system32\csrss.exe
1 C:\WINDOWS\system32\lsass.exe
1 C:\WINDOWS\system32\services.exe
1 C:\WINDOWS\system32\spoolsv.exe
8 C:\WINDOWS\system32\svchost.exe
1 C:\WINDOWS\system32\wbem\unsecapp.exe
1 C:\WINDOWS\system32\winlogon.exe
R0 - HKCU\Software\Microsoft\Internet Connection Wizard: [ShellNext] = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Collegamenti
R0 - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.hp.com
R0 - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.hp.com
R0 - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.hp.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: = http://www.google.com/search?q={...sec. - 25012 bytes, CRC32: FFFFFFFF. Sign: ࡺꍔ
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11
Platform: x32 Windows XP (Professional), 5.1.2600.0, Service Pack: 3
Time: 11.12.2018 - 09:24 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Chrome: 49.0.2623.112
Firefox: 52.9.0.6746
Internet Explorer: 8.0.6001.18702
Default: "C:\Programmi\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Programmi\Alwil Software\Avast5\AvastSvc.exe
1 C:\Programmi\Alwil Software\Avast5\AvastUI.exe
1 C:\Programmi\Alwil Software\Avast5\aswidsagent.exe
1 C:\Programmi\File comuni\InterVideo\RegMgr\iviRegMgr.exe
1 C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLIDSvcM.exe
1 C:\Programmi\Hewlett-Packard\Shared\hpqwmiex.exe
1 C:\Programmi\PDF Complete\pdfsvc.exe
1 C:\Programmi\ProtectTools\Embedded Security Software\PSDrt.exe
1 C:\Programmi\ProtectTools\Embedded Security Software\PSDsrvc.EXE
1 C:\WINDOWS\Explorer.EXE
1 C:\WINDOWS\System32\alg.exe
1 C:\WINDOWS\System32\smss.exe
2 C:\WINDOWS\system32\Ati2evxx.exe
1 C:\WINDOWS\system32\IFXSPMGT.exe
1 C:\WINDOWS\system32\IFXTCS.exe
1 C:\WINDOWS\system32\SearchFilterHost.exe
1 C:\WINDOWS\system32\SearchIndexer.exe
1 C:\WINDOWS\system32\SearchProtocolHost.exe
1 C:\WINDOWS\system32\csrss.exe
1 C:\WINDOWS\system32\lsass.exe
1 C:\WINDOWS\system32\services.exe
1 C:\WINDOWS\system32\spoolsv.exe
8 C:\WINDOWS\system32\svchost.exe
1 C:\WINDOWS\system32\wbem\unsecapp.exe
1 C:\WINDOWS\system32\winlogon.exe
R0 - HKCU\Software\Microsoft\Internet Connection Wizard: [ShellNext] = http://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar: [LinksFolderName] = Collegamenti
R0 - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.hp.com
R0 - HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.hp.com
R0 - HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.hp.com
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: [SuggestionsURLFallback] = http://clients5.google.com/complete/search?hl={language}&q={searchTerms}&client=ie8&inputencoding={inputEncoding}&outputencoding={outputEncoding} - Google
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: = http://www.google.com/search?q={...sec. - 25012 bytes, CRC32: FFFFFFFF. Sign: ࡺꍔ
Ultima modifica:
Degli r4 ne puoi fare a meno.
Comunque sia verifica di routine o hai problemi?
Comunque sia verifica di routine o hai problemi?
Ok
Se guardi fanno riferimento a URL
Comunque sia il tuo log per me è ok
Se guardi fanno riferimento a URL
Comunque sia il tuo log per me è ok
mi date gentilmente un'occhiata a questo log? Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11
Platform: x64 Windows 7 (Home Premium), 6.1.7601.24312, Service Pack: 1
Time: 22.12.2018 - 10:33 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Chrome: 71.0.3578.98
Firefox: 64.0.0.6914
Internet Explorer: 11.0.9600.19230
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
1 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1 C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Alessandro\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\SysWOW64\PnkBstrA.exe
1 C:\Windows\SysWOW64\ezSharedSvcHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
15 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2-32 - HKLM\..\BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2-32 - HKLM\..\BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKCU\..\Run: [Flvto Youtube Downloader] = C:\Users\Alessandro\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe /minimize (file missing)
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\Alwil Software\Avast5\AvLaunch.exe /gui
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2016/04/13)
O4 - MSConfig\startupreg: Adobe Reader Speed Launcher [command] = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (HKLM) (2011/03/09) (file missing)
O4 - MSConfig\startupreg: AlcoholAutomount [command] = C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -automount (HKCU) (2012/05/08)
O4 - MSConfig\startupreg: Avast [command] = C:\Program Files\Alwil Software\Avast5\AvastUI.exe (HKLM) (2015/01/24)
O4 - MSConfig\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [command] = C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (HKCU) (2010/10/30)
O4 - MSConfig\startupreg: Bing Bar [command] = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (HKLM) (2010/10/30) (file missing)
O4 - MSConfig\startupreg: Easybits Recovery [command] = C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (HKLM) (2011/12/27)
O4 - MSConfig\startupreg: HP Quick Launch [command] = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (HKLM) (2012/02/29)
O4 - MSConfig\startupreg: HPAdvisorDock [command] = C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (HKCU) (2015/09/17)
O4 - MSConfig\startupreg: HPWirelessAssistant [command] = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden (HKLM) (2011/12/27) (file missing)
O4 - MSConfig\startupreg: HotKeysCmds [command] = C:\Windows\system32\hkcmd.exe (HKLM) (2011/12/27)
O4 - MSConfig\startupreg: IgfxTray [command] = C:\Windows\system32\igfxtray.exe (HKLM) (2011/12/26)
O4 - MSConfig\startupreg: LightScribe Control Panel [command] = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (HKCU) (2011/12/27)
O4 - MSConfig\startupreg: Magic Desktop for HP notification [command] = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (HKLM) (2014/09/30)
O4 - MSConfig\startupreg: Microsoft Default Manager [command] = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume (HKLM) (2012/07/28)
O4 - MSConfig\startupreg: Persistence [command] = C:\Windows\system32\igfxpers.exe (HKLM) (2011/12/26)
O4 - MSConfig\startupreg: RTHDVCPL [command] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (HKLM) (2017/08/24)
O4 - MSConfig\startupreg: SunJavaUpdateSched [command] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2012/12/16) (file missing)
O4 - MSConfig\startupreg: SynTPEnh [command] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (HKLM) (2012/03/16)
O4 - MSConfig\startupreg: TkBellExe [command] = C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot (HKLM) (2016/06/06)
O4 - MSConfig\startupreg: Uninstall Adobe Download Manager [command] = C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp (HKLM) (2010/10/30)
O4 - MSConfig\startupreg: msnmsgr [command] = C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background (HKCU) (2012/03/31)
O4 - MSConfig\startupreg: uTorrent [command] = C:\Users\Alessandro\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (HKCU) (2015/06/09)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Free YouTube Download: (default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Free YouTube to MP3 Converter: (default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Viene lanciato HP Network Check, che aiuta a risolvere i problemi di connessione - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Button: HKLM\..\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}: Free YouTube Download - (no file)
O9 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Network Check (Controllo rete HP) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Tools menu item: HKLM\..\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}: Free YouTube Download - (no file)
O9-32 - Button: HKLM\..\{0000036B-C524-4050-81A0-243669A86B9F}: Messenger Companion (CTRL+MAIUSC+C) - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Viene lanciato HP Network Check, che aiuta a risolvere i problemi di connessione - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Pubblica su un &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Network Check (Controllo rete HP) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O16-32 - DPF: HKLM\..\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16-32 - DPF: HKLM\..\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation: (no name) [CODEBASE] = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - DHCP DNS 1: 192.168.43.1
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast5\ashShA64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast5\ashShA64.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{E54729E8-BB3D-4270-9D49-7389EA579090}] - EasyBits ShellExecute Hook - C:\Windows\SysWOW64\ezUPBHook.dll (disabled)
O22 - Task (.job): (Not scheduled) HPCeeScheduleForAlessandro.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForAlessandro (null)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Easybits Services for Windows - (ezSharedSvc) - C:\Windows\SysWow64\ezSharedSvcHost.exe
O23 - Service R2: HP Support Solutions Framework Service - (HPSupportSolutionsFrameworkService) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service R2: HP Touchpoint Analytics - (HPTouchpointAnalyticsService) - C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
O23 - Service R2: PnkBstrA - C:\Windows\SysWow64\PnkBstrA.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service S3: HP CASL Framework Service - (hpqcaslwmiex) - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Windows Live Family Safety Service - (fsssvc) - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
--
End of file - Time spent: 29,1 sec. - 25850 bytes, CRC32: FFFFFFFF. Sign: 쥾銳
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11
Platform: x64 Windows 7 (Home Premium), 6.1.7601.24312, Service Pack: 1
Time: 22.12.2018 - 10:33 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Chrome: 71.0.3578.98
Firefox: 64.0.0.6914
Internet Explorer: 11.0.9600.19230
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
1 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
1 C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
1 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
1 C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Alessandro\Desktop\HiJackThis\HiJackThis.exe
1 C:\Windows\SysWOW64\PnkBstrA.exe
1 C:\Windows\SysWOW64\ezSharedSvcHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
15 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\System32\wlanext.exe
1 C:\Windows\explorer.exe
1 C:\Windows\servicing\TrustedInstaller.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Default_Search_URL] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Search Page] = www.google.com
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = www.google.com
O2 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
O2 - HKLM\..\BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: Guida per l'accesso a Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2-32 - HKLM\..\BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O2-32 - HKLM\..\BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2-32 - HKLM\..\BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O4 - HKCU\..\Run: [Flvto Youtube Downloader] = C:\Users\Alessandro\AppData\Local\Flvto Youtube Downloader\FlvtoYoutubeDownloader.Redesign.exe /minimize (file missing)
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\Alwil Software\Avast5\AvLaunch.exe /gui
O4 - MSConfig\startupreg: Adobe ARM [command] = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (HKLM) (2016/04/13)
O4 - MSConfig\startupreg: Adobe Reader Speed Launcher [command] = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (HKLM) (2011/03/09) (file missing)
O4 - MSConfig\startupreg: AlcoholAutomount [command] = C:\Program Files (x86)\Alcohol Soft\Alcohol 52\AxAutoMntSrv.exe -automount (HKCU) (2012/05/08)
O4 - MSConfig\startupreg: Avast [command] = C:\Program Files\Alwil Software\Avast5\AvastUI.exe (HKLM) (2015/01/24)
O4 - MSConfig\startupreg: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [command] = C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (HKCU) (2010/10/30)
O4 - MSConfig\startupreg: Bing Bar [command] = C:\Program Files (x86)\MSN Toolbar\Platform\5.0.1438.0\mswinext.exe (HKLM) (2010/10/30) (file missing)
O4 - MSConfig\startupreg: Easybits Recovery [command] = C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (HKLM) (2011/12/27)
O4 - MSConfig\startupreg: HP Quick Launch [command] = C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (HKLM) (2012/02/29)
O4 - MSConfig\startupreg: HPAdvisorDock [command] = C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe (HKCU) (2015/09/17)
O4 - MSConfig\startupreg: HPWirelessAssistant [command] = C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden (HKLM) (2011/12/27) (file missing)
O4 - MSConfig\startupreg: HotKeysCmds [command] = C:\Windows\system32\hkcmd.exe (HKLM) (2011/12/27)
O4 - MSConfig\startupreg: IgfxTray [command] = C:\Windows\system32\igfxtray.exe (HKLM) (2011/12/26)
O4 - MSConfig\startupreg: LightScribe Control Panel [command] = C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (HKCU) (2011/12/27)
O4 - MSConfig\startupreg: Magic Desktop for HP notification [command] = C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe (HKLM) (2014/09/30)
O4 - MSConfig\startupreg: Microsoft Default Manager [command] = C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe -resume (HKLM) (2012/07/28)
O4 - MSConfig\startupreg: Persistence [command] = C:\Windows\system32\igfxpers.exe (HKLM) (2011/12/26)
O4 - MSConfig\startupreg: RTHDVCPL [command] = C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s (HKLM) (2017/08/24)
O4 - MSConfig\startupreg: SunJavaUpdateSched [command] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2012/12/16) (file missing)
O4 - MSConfig\startupreg: SynTPEnh [command] = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (HKLM) (2012/03/16)
O4 - MSConfig\startupreg: TkBellExe [command] = C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe -osboot (HKLM) (2016/06/06)
O4 - MSConfig\startupreg: Uninstall Adobe Download Manager [command] = C:\Windows\system32\rundll32.exe "C:\Program Files (x86)\NOS\bin\getPlus_Helper_3004.dll",Uninstall /IE2883E8F-472F-4fb0-9522-AC9BF37916A7 /Get1noarp (HKLM) (2010/10/30)
O4 - MSConfig\startupreg: msnmsgr [command] = C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe /background (HKCU) (2012/03/31)
O4 - MSConfig\startupreg: uTorrent [command] = C:\Users\Alessandro\AppData\Roaming\uTorrent\uTorrent.exe /MINIMIZED (HKCU) (2015/06/09)
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Free YouTube Download: (default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
O8 - Context menu item: HKCU\..\Internet Explorer\MenuExt\Free YouTube to MP3 Converter: (default) = C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
O9 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Viene lanciato HP Network Check, che aiuta a risolvere i problemi di connessione - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Button: HKLM\..\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}: Free YouTube Download - (no file)
O9 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Network Check (Controllo rete HP) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Tools menu item: HKLM\..\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}: Free YouTube Download - (no file)
O9-32 - Button: HKLM\..\{0000036B-C524-4050-81A0-243669A86B9F}: Messenger Companion (CTRL+MAIUSC+C) - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9-32 - Button: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Inserisci blog - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Button: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: Viene lanciato HP Network Check, che aiuta a risolvere i problemi di connessione - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9-32 - Tools menu item: HKLM\..\{219C3416-8CB2-491a-A3C7-D9FCDDC9D600}: Pubblica su un &blog in Windows Live Writer - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9-32 - Tools menu item: HKLM\..\{25510184-5A38-4A99-B273-DCA8EEF6CD08}: HP Network Check (Controllo rete HP) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O16-32 - DPF: HKLM\..\{166B1BCA-3F9C-11CF-8075-444553540000}\DownloadInformation: (no name) [CODEBASE] = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16-32 - DPF: HKLM\..\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation: (no name) [CODEBASE] = http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - DHCP DNS 1: 192.168.43.1
O18 - HKLM\Software\Classes\Protocols\Handler\wlpg: [CLSID] = {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast5\ashShA64.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\Alwil Software\Avast5\ashShA64.dll
O21-32 - HKLM\..\ShellExecuteHooks: [{E54729E8-BB3D-4270-9D49-7389EA579090}] - EasyBits ShellExecute Hook - C:\Windows\SysWOW64\ezUPBHook.dll (disabled)
O22 - Task (.job): (Not scheduled) HPCeeScheduleForAlessandro.job - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe HPCeeScheduleForAlessandro (null)
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Easybits Services for Windows - (ezSharedSvc) - C:\Windows\SysWow64\ezSharedSvcHost.exe
O23 - Service R2: HP Support Solutions Framework Service - (HPSupportSolutionsFrameworkService) - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service R2: HP Touchpoint Analytics - (HPTouchpointAnalyticsService) - C:\Program Files\HP\HP Touchpoint Analytics Client\TouchpointAnalyticsClientService.exe
O23 - Service R2: PnkBstrA - C:\Windows\SysWow64\PnkBstrA.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\Alwil Software\Avast5\x64\aswidsagenta.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service S3: HP CASL Framework Service - (hpqcaslwmiex) - C:\Program Files (x86)\HP\Shared\hpqwmiex.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Windows Live Family Safety Service - (fsssvc) - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
--
End of file - Time spent: 29,1 sec. - 25850 bytes, CRC32: FFFFFFFF. Sign: 쥾銳
O
Ospite
A causa di rilevamento di qualche malware e rallentamenti, comunque ho pulito nel limite del possibile con antivirus "Kaspersky Free Ita" ed Adwcleaner chiedo gentilmente se mi analizzate questo log, grazie.
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11
Platform: x64 Windows 10 (Pro), 10.0.17763.195 (ReleaseId: 1809), Service Pack: 0
Time: 26.12.2018 - 15:25 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: d80di (group: Administrator) on DESKTOP-IQ6DAQG, FirstRun: no
Chrome: 71.0.3578.98
Firefox: 64.0.0.6914
Edge: 11.0.17763.195
Internet Explorer: 11.0.17763.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
1 C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
1 C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
1 C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
1 C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
6 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\ProgramData\playersclub\LaunchServ.exe
1 C:\ProgramData\playersclub\paexec.exe
1 C:\ProgramData\playersclub\systemSpawn.exe
1 C:\Users\d80di\Desktop\HiJackThis.exe
1 C:\Windows\PaExec.exe
1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
61 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\V0330Mon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://feed.helperbar.com/?p=mKO_A...PtpWh8ZV1PSzDQscb5jgs0l-PndBqIbiz0lepfJr7On-A,,
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main: [SearchAssistant] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [Advanced SystemCare 12] = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto (file missing) (2018/11/30)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2018/11/08)
O4 - HKLM\..\StartupApproved\Run32: [ZaAntiRansomware] = C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe (2018/12/11)
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2018/11/08)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2018/12/26)
O4-32 - HKLM\..\Run: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe
O4-32 - HKLM\..\Run: [ZoneAlarm] = C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O15 - Trusted Zone: http://*.Wondershare.com
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - DHCP DNS 3: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6eb86b76-9fcc-4276-986b-aded420d388f}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6eb86b76-9fcc-4276-986b-aded420d388f}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{f8654bef-6c2a-4e68-b5d8-1c5bd4825469}: [NameServer] = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{f8654bef-6c2a-4e68-b5d8-1c5bd4825469}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{f8654bef-6c2a-4e68-b5d8-1c5bd4825469}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{6EB86B76-9FCC-4276-986B-ADED420D388F}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{6EB86B76-9FCC-4276-986B-ADED420D388F}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{F8654BEF-6C2A-4E68-B5D8-1C5BD4825469}: [NameServer] = 192.168.1.1
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{F8654BEF-6C2A-4E68-B5D8-1C5BD4825469}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{F8654BEF-6C2A-4E68-B5D8-1C5BD4825469}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
O23 - Service R2: Check Point Endpoint EFR - (CPEFR) - C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
O23 - Service R2: Check Point Endpoint Remediation - (RemediationService) - C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
O23 - Service R2: Check Point SandBlast Agent Threat Emulation - (TESvc) - C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe -s
O23 - Service R2: Check Point Sandblast Agent Cipolla - (CpSbaCipolla) - C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
O23 - Service R2: Check Point Sandblast Agent Updater - (CpSbaUpdater) - C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
O23 - Service R2: CorsairSSDTool - (CorsairSSDToolBox) - C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe
O23 - Service R2: Launcher Service: player - (player) - C:\ProgramData\playersclub\LaunchServ.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: Servizio Kaspersky Anti-Virus 18.0.0 - (AVP18.0.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe -r
O23 - Service R2: TrueVector Internet Monitor - (vsmon) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service
O23 - Service R2: ZAAR Update Service - (ZAARUpdateService) - C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
O23 - Service R2: ZoneAlarm ICM NET Service - (ZA NET ICM Service) - C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
O23 - Service S2: Advanced SystemCare Service 12 - (AdvancedSystemCareService12) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe
O23 - Service S3: ZoneAlarm Privacy Service - (ZAPrivacyService) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service S3: klvssbridge64_18.0.0 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe
--
End of file - Time spent: 20,3 sec. - 22656 bytes, CRC32: FFFFFFFF. Sign: ∮ꛏ
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.11
Platform: x64 Windows 10 (Pro), 10.0.17763.195 (ReleaseId: 1809), Service Pack: 0
Time: 26.12.2018 - 15:25 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: d80di (group: Administrator) on DESKTOP-IQ6DAQG, FirstRun: no
Chrome: 71.0.3578.98
Firefox: 64.0.0.6914
Edge: 11.0.17763.195
Internet Explorer: 11.0.17763.1
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
1 C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe
1 C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
1 C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
1 C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
1 C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe
1 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avpui.exe
6 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\ProgramData\playersclub\LaunchServ.exe
1 C:\ProgramData\playersclub\paexec.exe
1 C:\ProgramData\playersclub\systemSpawn.exe
1 C:\Users\d80di\Desktop\HiJackThis.exe
1 C:\Windows\PaExec.exe
1 C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
1 C:\Windows\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
4 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SettingSyncHost.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\conhost.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
61 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.LockApp_cw5n1h2txyewy\LockApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\V0330Mon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Bar] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Search Page] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://feed.helperbar.com/?p=mKO_A...PtpWh8ZV1PSzDQscb5jgs0l-PndBqIbiz0lepfJr7On-A,,
R0 - HKCU\Software\Microsoft\Internet Explorer\Search: [Default_Search_URL] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
R1 - HKCU\Software\Microsoft\Internet Explorer\Main: [SearchAssistant] = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOsSW_OiI2RWrCj9Lblq8Dsb6gwOuOBKGFd_Ax5iAy-kXx5LHbC4bPx_uSDOz-hgoYcEJa10Zz4m6XdqAX7kx7PaNZEJPX6eSvrDXEOJOTbusVZAv0A56rn9enNw90cqo0j5v1PJxS_mzt4CAu7VzwIPNEVXLBYVCskQa-6Kgnw,,&q={searchTerms}
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O4 - HKCU\..\StartupApproved\Run: [Advanced SystemCare 12] = C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe /Auto (file missing) (2018/11/30)
O4 - HKLM\..\StartupApproved\Run32: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (2018/11/08)
O4 - HKLM\..\StartupApproved\Run32: [ZaAntiRansomware] = C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAAR.exe (2018/12/11)
O4 - HKLM\..\StartupApproved\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s (2018/11/08)
O4 - HKLM\..\StartupApproved\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe (2018/12/26)
O4-32 - HKLM\..\Run: [V0330Mon.exe] = C:\WINDOWS\V0330Mon.exe
O4-32 - HKLM\..\Run: [ZoneAlarm] = C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
O15 - Trusted Zone: http://*.Wondershare.com
O17 - DHCP DNS 1: 8.8.8.8 (Well-known DNS: Google)
O17 - DHCP DNS 2: 8.8.4.4 (Well-known DNS: Google)
O17 - DHCP DNS 3: 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{6eb86b76-9fcc-4276-986b-aded420d388f}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6eb86b76-9fcc-4276-986b-aded420d388f}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{f8654bef-6c2a-4e68-b5d8-1c5bd4825469}: [NameServer] = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{f8654bef-6c2a-4e68-b5d8-1c5bd4825469}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\CCS\Services\Tcpip\..\{f8654bef-6c2a-4e68-b5d8-1c5bd4825469}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{6EB86B76-9FCC-4276-986B-ADED420D388F}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{6EB86B76-9FCC-4276-986B-ADED420D388F}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{F8654BEF-6C2A-4E68-B5D8-1C5BD4825469}: [NameServer] = 192.168.1.1
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{F8654BEF-6C2A-4E68-B5D8-1C5BD4825469}: [NameServer] = 8.8.4.4 (Well-known DNS: Google)
O17 - HKLM\System\ControlSet002\Services\Tcpip\..\{F8654BEF-6C2A-4E68-B5D8-1C5BD4825469}: [NameServer] = 8.8.8.8 (Well-known DNS: Google)
O22 - Task (.job): (disabled) (Not scheduled) CreateExplorerShellUnelevatedTask.job - C:\WINDOWS\explorer.exe /NOUACCHECK
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\System32\DriverStore\FileRepository\c0323831.inf_amd64_1212be4b9fe2386c\atiesrxx.exe
O23 - Service R2: Check Point Endpoint EFR - (CPEFR) - C:\Program Files (x86)\CheckPoint\Endpoint Security\EFR\EFRService.exe
O23 - Service R2: Check Point Endpoint Remediation - (RemediationService) - C:\Program Files (x86)\CheckPoint\Endpoint Security\Remediation\RemediationService.exe
O23 - Service R2: Check Point SandBlast Agent Threat Emulation - (TESvc) - C:\Program Files (x86)\CheckPoint\Endpoint Security\Threat Emulation\TESvc.exe -s
O23 - Service R2: Check Point Sandblast Agent Cipolla - (CpSbaCipolla) - C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
O23 - Service R2: Check Point Sandblast Agent Updater - (CpSbaUpdater) - C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\SBACipollaSrvHost.exe
O23 - Service R2: CorsairSSDTool - (CorsairSSDToolBox) - C:\Program Files (x86)\Corsair SSD Toolbox\CSSDTService.exe
O23 - Service R2: Launcher Service: player - (player) - C:\ProgramData\playersclub\LaunchServ.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: Servizio Kaspersky Anti-Virus 18.0.0 - (AVP18.0.0) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\avp.exe -r
O23 - Service R2: TrueVector Internet Monitor - (vsmon) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -service
O23 - Service R2: ZAAR Update Service - (ZAARUpdateService) - C:\Program Files (x86)\CheckPoint\Endpoint Security\TPCommon\Cipolla\ZAARUpdateService.exe
O23 - Service R2: ZoneAlarm ICM NET Service - (ZA NET ICM Service) - C:\Program Files (x86)\CheckPoint\ICM\ICM-Service-NET.exe
O23 - Service S2: Advanced SystemCare Service 12 - (AdvancedSystemCareService12) - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe Files (x86)\IObit\Advanced SystemCare\ASCService.exe (file missing)
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Remote Packet Capture Protocol v.0 (experimental) - (rpcapd) - C:\Program Files (x86)\WinPcap\rpcapd.exe -d -f "C:\Program Files (x86)\WinPcap\rpcapd.ini"
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.233\WsAppService.exe
O23 - Service S3: ZoneAlarm Privacy Service - (ZAPrivacyService) - C:\Program Files (x86)\CheckPoint\ZoneAlarm\ZaPrivacyService.exe
O23 - Service S3: klvssbridge64_18.0.0 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 18.0.0\x64\vssbridge64.exe
--
End of file - Time spent: 20,3 sec. - 22656 bytes, CRC32: FFFFFFFF. Sign: ∮ꛏ
Ultima modifica:
O
Ospite
Ok grazie mille ERCOLINO, fixero' tutti gli R0 ed R1.
- Registrato
- 4 Luglio 2011
- Messaggi
- 13.081
Non ricordo cosa sono gli 010 ... si possono lasciare?
Ne' ho trovati un po' sul pc di un conoscente
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 3 missing)
O10 - Broken Internet access because of LSP chain gap (#10 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#11 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#12 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#13 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#14 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#15 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#16 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#17 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#18 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#19 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 3 missing)
O10 - Broken Internet access because of LSP chain gap (#3 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#3 in chain of 3 missing)
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#5 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#6 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#7 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#8 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#9 in chain of 19 missing)
Ne' ho trovati un po' sul pc di un conoscente
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#1 in chain of 3 missing)
O10 - Broken Internet access because of LSP chain gap (#10 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#11 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#12 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#13 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#14 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#15 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#16 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#17 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#18 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#19 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#2 in chain of 3 missing)
O10 - Broken Internet access because of LSP chain gap (#3 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#3 in chain of 3 missing)
O10 - Broken Internet access because of LSP chain gap (#4 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#5 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#6 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#7 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#8 in chain of 19 missing)
O10 - Broken Internet access because of LSP chain gap (#9 in chain of 19 missing)
- Registrato
- 4 Luglio 2011
- Messaggi
- 13.081
Ok ... pero' non ho rilevato nessun problema e l'accesso ad internet era ok
non e' forse dovuto al blocco al programma del firewall ?
piu' che altro perche' fra le note postate leggo
O10 - Rottura dell'accesso a Internet a causa del danno o dell'infezione in Winsock LSP
...
Se i file a cui fa riferimento l'LSP sono mancanti o la "catena" dei provider è interrotta, nessuno dei programmi sul tuo sistema può accedere a Internet. La rimozione dei riferimenti ai file mancanti e la riparazione della catena ripristinano in genere l'accesso a Internet.
Nota: il fissaggio di LSP è una procedura rischiosa. ...
Nuova versione 2.9.0.18
Pagina sviluppatore con tutti i dettagli
Download file .zip Qui
Change log
Default font for lists is replaced by "MS Sans Serif", 10pt.
Added hotkeys: Ctrl + F (search), Ctrl + A (select all).
Improved compatibility with 64-bit OS when you open files for editing or its properties (in ProcMan, StartupList, ADS Spy).
Fixed crash when parsing misformatted (encrypted) jobs due to error in stream reader.
Other little edits of errors and interface.
French translation is updated.
Microsoft certificates database is updated.
Added link to Chocolatey in github page.
Fixed bug in loading HJT due to incompatible icon for 32-bit OS.
Pagina sviluppatore con tutti i dettagli
Download file .zip Qui
Change log
Default font for lists is replaced by "MS Sans Serif", 10pt.
Added hotkeys: Ctrl + F (search), Ctrl + A (select all).
Improved compatibility with 64-bit OS when you open files for editing or its properties (in ProcMan, StartupList, ADS Spy).
Fixed crash when parsing misformatted (encrypted) jobs due to error in stream reader.
Other little edits of errors and interface.
French translation is updated.
Microsoft certificates database is updated.
Added link to Chocolatey in github page.
Fixed bug in loading HJT due to incompatible icon for 32-bit OS.
O
Ospite
Installata la nuova versione 2.9.0.18
Alessandro1987
Digital-Forum Senior Plus
- Registrato
- 4 Luglio 2012
- Messaggi
- 591
Mi verifichereste se è tutto ok su questo PC?
E' incredibilmente lento (anche in scansione antivirus) oggi (sistema con SSD).
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 7 (Pro), 6.1.7601.24263, Service Pack: 1
Time: 24.01.2019 - 10:28 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: alessandro (group: Administrator) on TECH, FirstRun: no
Firefox: 64.0.2.6947
Internet Explorer: 11.0.9600.19230
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1 C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
4 C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
2 C:\Program Files (x86)\Webroot\WRSA.exe
1 C:\Program Files\AMD\CNext\CNext\cnext.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Internet Explorer\iexplore.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
5 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Users\alessandro.rambelli\Desktop\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2 - HKLM\..\BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2-32 - HKLM\..\BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
O4 - HKLM\..\Run: [StartCN] = C:\Program Files\AMD\CNext\CNext\cnext.exe atlogon
O4 - MSConfig\startupreg: SunJavaUpdateSched [command] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2018/11/29)
O4-32 - HKLM\..\Run: [WRSVC] = C:\Program Files (x86)\Webroot\WRSA.exe -ul
O17 - DHCP DNS 1: 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [Domain] = fis.local
O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [Domain] = fis.local
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: WRSVC - C:\Program Files (x86)\Webroot\WRSA.exe -service
--
End of file - Time spent: 11.5 sec. - 9710 bytes, CRC32: FFFFFFFF. Sign: 쭺
E' incredibilmente lento (anche in scansione antivirus) oggi (sistema con SSD).
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 7 (Pro), 6.1.7601.24263, Service Pack: 1
Time: 24.01.2019 - 10:28 (UTC+01:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: alessandro (group: Administrator) on TECH, FirstRun: no
Firefox: 64.0.2.6947
Internet Explorer: 11.0.9600.19230
Default: "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
1 C:\Program Files (x86)\Internet Explorer\iexplore.exe
1 C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE
4 C:\Program Files (x86)\Microsoft\Skype for Desktop\Skype.exe
2 C:\Program Files (x86)\Webroot\WRSA.exe
1 C:\Program Files\AMD\CNext\CNext\cnext.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Internet Explorer\iexplore.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
1 C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
5 C:\Program Files\Mozilla Firefox\firefox.exe
1 C:\Users\alessandro.rambelli\Desktop\HiJackThis.exe
1 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
1 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
12 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2 - HKLM\..\BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2-32 - HKLM\..\BHO: Webroot Filtering Extension - {C9C42510-9B41-42c1-9DCD-7282A2D07C61} - C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll
O4 - HKLM\..\Run: [StartCN] = C:\Program Files\AMD\CNext\CNext\cnext.exe atlogon
O4 - MSConfig\startupreg: SunJavaUpdateSched [command] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (HKLM) (2018/11/29)
O4-32 - HKLM\..\Run: [WRSVC] = C:\Program Files (x86)\Webroot\WRSA.exe -ul
O17 - DHCP DNS 1: 192.168.1.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: [Domain] = fis.local
O17 - HKLM\System\ControlSet002\Services\Tcpip\Parameters: [Domain] = fis.local
O23 - Service R2: AMD External Events Utility - C:\Windows\system32\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Diagnostics Tracking Service - (DiagTrack) - C:\Windows\System32\svchost.exe -k utcsvc; "ServiceDll" = C:\Windows\system32\diagtrack.dll
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service R2: WRSVC - C:\Program Files (x86)\Webroot\WRSA.exe -service
--
End of file - Time spent: 11.5 sec. - 9710 bytes, CRC32: FFFFFFFF. Sign: 쭺
Non mi sembra di vedere niente di anomalo.
Verifica nel task manager se c'è qualche processo che usa troppa CPU, verifica anche l'attività disco che non sia troppo occupato da qualche processo.
Verifica nel task manager se c'è qualche processo che usa troppa CPU, verifica anche l'attività disco che non sia troppo occupato da qualche processo.