Dipende da molti fattori, tra gli altri i siti visitati e file scaricati,
Ma qui siamo ot
Ma qui siamo ot
Importante Richiesta controllo Logfile of HijackThis (Versione 2.10.0.31) del 06/05/2023
- Creatore Discussione ERCOLINO
- Data di inizio
dal Post:https://www.digital-forum.it/showthread.php?202010-Problema-Chrome&p=6258646#post6258646
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Pro), 10.0.17134.885 (ReleaseId: 1803), Service Pack: 0
Time: 13.08.2019 - 22:51 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Roby-Projet 64 (group: Administrator) on PCTECHARDUINO, FirstRun: yes
Chrome: 75.0.3770.142
Firefox: 68.0.1.7137
Edge: 11.0.17134.858
Internet Explorer: 11.0.17134.1
Default: "D:\chrome-win\chrome.exe" -- "%1" (Chromium)
Boot mode: Normal
Running processes:
Number | Path
2 C:\Program Files (x86)\AnyDesk\AnyDesk.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
1 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
1 C:\Program Files\Ext2Fsd\Ext2Srv.exe
1 C:\Program Files\Grass Valley\GV LicenseManager\AppMaintainer.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\rempl\sedsvc.exe
1 C:\ProgramData\WIFIService\WIFIService.exe
1 C:\Users\Roby-Projet 64\Desktop\HiJackThis.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
66 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe --control
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GV LicenseManager.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GV Video IO Hardware Driver.lnk -> C:\Program Files (x86)\Grass Valley\Video IO HW Driver\StormDiag.exe
O4 - HKCU\..\StartupApproved\Run: [PSVRToolbox] = C:\Users\Roby-Projet 64\Downloads\VR\PSVRToolboxPortable\PSVRToolbox.exe (2019/08/02)
O4 - HKCU\..\StartupApproved\Run: [SUPERAntiSpyware] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (2019/08/12)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/08/12)
O4 - HKLM\..\Run: [AsioReg] = C:\WINDOWS\system32\REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Hotkeycontrol] = C:\Program Files\Hotkeycontrol\Hotkeycontrol.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O4 - HKLM\..\Session Manager: [BootExecute] = (no file)
O4 - HKLM\..\StartupApproved\Run32: [CTHelper] = CTHELPER.EXE (file missing) (2018/09/28)
O4 - HKLM\..\StartupApproved\Run32: [CTxfiHlp] = CTXFIHLP.EXE (file missing) (2018/09/28)
O4-32 - HKLM\..\Run: [AsioThk32Reg] = C:\WINDOWS\system32\REGSVR32.EXE /S CTASIO.DLL
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4-32 - HKLM\..\Run: [Nikon Message Center 2] = C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (Realtek HD Audio Control Panel)
O17 - DHCP DNS 1: 45.114.8.167
O17 - DHCP DNS 2: 92.246.76.123
O17 - DHCP DNS 3: 45.86.180.227
O17 - DHCP DNS 4: 116.203.6.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 116.203.6.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 45.114.8.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 45.86.180.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 92.246.76.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 116.203.6.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 45.114.8.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 45.86.180.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 92.246.76.123
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 119e6564-986a-4124-aecb-01eed5afbb54.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:119e6564-986a-4124-aecb-01eed5afbb54
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 1be0df60-dbcf-417c-bd2e-e1c4d93a0465.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:1be0df60-dbcf-417c-bd2e-e1c4d93a0465
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 88534288-3172-4cf7-bd5a-c3593026237d.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:88534288-3172-4cf7-bd5a-c3593026237d
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: COMODO Chromodo Update Service - (ChromodoUpdater) - C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
O23 - Service R2: COMODO Dragon Update Service - (DragonUpdater) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service R2: Ext2 Management Service - (Ext2Srv) - C:\Program Files\Ext2Fsd\Ext2Srv.exe
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: RepetierServer - C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service R2: WIFIService - C:\ProgramData\WIFIService\WIFIService.exe
O23 - Service R2: Windows Remediation Service - (sedsvc) - C:\Program Files\rempl\sedsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: DiskDrill Watcher - (cfbackd) - C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe
O23 - Service S3: FlexNet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O26 - Debugger: HKLM\..\SppExtComObj.exe: [Debugger] = rundll32.exe SppExtComObjHook.dll,PatcherMain (file missing)
O26 - Debugger: HKLM\..\osppsvc.exe: [Debugger] = rundll32.exe SppExtComObjHook.dll,PatcherMain (file missing)
--
End of file - Time spent: 37,6 sec. - 25924 bytes, CRC32: FFFFFFFF. Sign: ㋋⾍
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Pro), 10.0.17134.885 (ReleaseId: 1803), Service Pack: 0
Time: 13.08.2019 - 22:51 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Roby-Projet 64 (group: Administrator) on PCTECHARDUINO, FirstRun: yes
Chrome: 75.0.3770.142
Firefox: 68.0.1.7137
Edge: 11.0.17134.858
Internet Explorer: 11.0.17134.1
Default: "D:\chrome-win\chrome.exe" -- "%1" (Chromium)
Boot mode: Normal
Running processes:
Number | Path
2 C:\Program Files (x86)\AnyDesk\AnyDesk.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
1 C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
1 C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
1 C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
1 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1 C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
1 C:\Program Files\Ext2Fsd\Ext2Srv.exe
1 C:\Program Files\Grass Valley\GV LicenseManager\AppMaintainer.exe
2 C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
1 C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\SUPERAntiSpyware\SASCore64.exe
1 C:\Program Files\Windows Defender\MSASCuiL.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.ZuneVideo_10.19031.11411.0_x64__8wekyb3d8bbwe\Video.UI.exe
1 C:\Program Files\rempl\sedsvc.exe
1 C:\ProgramData\WIFIService\WIFIService.exe
1 C:\Users\Roby-Projet 64\Desktop\HiJackThis.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
7 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchFilterHost.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SearchProtocolHost.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\audiodg.exe
1 C:\Windows\System32\browser_broker.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
66 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
2 C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
O2 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_221\bin\jp2ssv.dll
O2 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_221\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AnyDesk.lnk -> C:\Program Files (x86)\AnyDesk\AnyDesk.exe --control
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GV LicenseManager.lnk -> C:\Program Files (x86)\Grass Valley\GV LicenseManager\AppMaintainer.exe
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GV Video IO Hardware Driver.lnk -> C:\Program Files (x86)\Grass Valley\Video IO HW Driver\StormDiag.exe
O4 - HKCU\..\StartupApproved\Run: [PSVRToolbox] = C:\Users\Roby-Projet 64\Downloads\VR\PSVRToolboxPortable\PSVRToolbox.exe (2019/08/02)
O4 - HKCU\..\StartupApproved\Run: [SUPERAntiSpyware] = C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (2019/08/12)
O4 - HKCU\..\StartupApproved\Run: [Steam] = C:\Program Files (x86)\Steam\steam.exe -silent (2019/08/12)
O4 - HKLM\..\Run: [AsioReg] = C:\WINDOWS\system32\REGSVR32.EXE /S CTASIO.DLL
O4 - HKLM\..\Run: [Hotkeycontrol] = C:\Program Files\Hotkeycontrol\Hotkeycontrol.exe
O4 - HKLM\..\Run: [RTHDVCPL] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O4 - HKLM\..\Session Manager: [BootExecute] = (no file)
O4 - HKLM\..\StartupApproved\Run32: [CTHelper] = CTHELPER.EXE (file missing) (2018/09/28)
O4 - HKLM\..\StartupApproved\Run32: [CTxfiHlp] = CTXFIHLP.EXE (file missing) (2018/09/28)
O4-32 - HKLM\..\Run: [AsioThk32Reg] = C:\WINDOWS\system32\REGSVR32.EXE /S CTASIO.DLL
O4-32 - HKLM\..\Run: [GrooveMonitor] = C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4-32 - HKLM\..\Run: [Nikon Message Center 2] = C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [Wondershare Helper Compact.exe] = C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (file missing)
O5 - HKCU\Control Panel\don't load: [RTSnMg64.cpl] (Realtek HD Audio Control Panel)
O17 - DHCP DNS 1: 45.114.8.167
O17 - DHCP DNS 2: 92.246.76.123
O17 - DHCP DNS 3: 45.86.180.227
O17 - DHCP DNS 4: 116.203.6.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 116.203.6.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 45.114.8.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 45.86.180.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{321ec55f-6356-41de-b507-07c9eb8983b8}: [NameServer] = 92.246.76.123
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 116.203.6.218
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 45.114.8.167
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 45.86.180.227
O17 - HKLM\System\CCS\Services\Tcpip\..\{8d65f285-b097-4631-b1b8-5ff3e8e34e8f}: [NameServer] = 92.246.76.123
O21-32 - HKLM\..\ShellExecuteHooks: [{B5A7F190-DDA6-4420-B3BA-52453494E6CD}] - Groove GFS Stub Execution Hook - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (disabled)
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 1 (GFS Unread Stub): Groove Explorer Icon Overlay 1 (GFS Unread Stub) - {99FD978C-D287-4F50-827F-B2C658EDA8E7} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2 (GFS Stub): Groove Explorer Icon Overlay 2 (GFS Stub) - {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 2.5 (GFS Unread Folder): Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) - {920E6DB1-9907-4370-B3A0-BAFC03D81399} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 3 (GFS Folder): Groove Explorer Icon Overlay 3 (GFS Folder) - {16F3DD56-1AF5-4347-846D-7C10C4192619} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O21-32 - HKLM\..\ShellIconOverlayIdentifiers\Groove Explorer Icon Overlay 4 (GFS Unread Mark): Groove Explorer Icon Overlay 4 (GFS Unread Mark) - {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 119e6564-986a-4124-aecb-01eed5afbb54.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:119e6564-986a-4124-aecb-01eed5afbb54
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 1be0df60-dbcf-417c-bd2e-e1c4d93a0465.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:1be0df60-dbcf-417c-bd2e-e1c4d93a0465
O22 - Task (.job): (Not scheduled) SUPERAntiSpyware Scheduled Task 88534288-3172-4cf7-bd5a-c3593026237d.job - C:\Program Files\SUPERAntiSpyware\SASTask.exe "C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" /TASK:88534288-3172-4cf7-bd5a-c3593026237d
O23 - Service R2: AnyDesk Service - (AnyDesk) - C:\Program Files (x86)\AnyDesk\AnyDesk.exe --service
O23 - Service R2: Apple Mobile Device Service - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service R2: COMODO Chromodo Update Service - (ChromodoUpdater) - C:\Program Files (x86)\Comodo\Chromodo\chromodo_updater.exe
O23 - Service R2: COMODO Dragon Update Service - (DragonUpdater) - C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
O23 - Service R2: Ext2 Management Service - (Ext2Srv) - C:\Program Files\Ext2Fsd\Ext2Srv.exe
O23 - Service R2: FlexNet Licensing Service 64 - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service R2: NVIDIA Display Container LS - (NVDisplay.ContainerLocalSystem) - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe -s NVDisplay.ContainerLocalSystem -f "C:\ProgramData\NVIDIA\NVDisplay.ContainerLocalSystem.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\Display.NvContainer\plugins\LocalSystem" -r -p 30000
O23 - Service R2: NVIDIA Telemetry Container - (NvTelemetryContainer) - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe -s NvTelemetryContainer -f "C:\ProgramData\NVIDIA\NvTelemetryContainer.log" -l 3 -d "C:\Program Files\NVIDIA Corporation\NvTelemetry\plugins" -r
O23 - Service R2: RepetierServer - C:\Program Files (x86)\Repetier-Server\bin\RepetierServer.exe
O23 - Service R2: SAS Core Service - (!SASCORE) - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service R2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service R2: WIFIService - C:\ProgramData\WIFIService\WIFIService.exe
O23 - Service R2: Windows Remediation Service - (sedsvc) - C:\Program Files\rempl\sedsvc.exe
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: DiskDrill Watcher - (cfbackd) - C:\Program Files (x86)\CleverFiles\Disk Drill\cfbackd.w32.exe
O23 - Service S3: FlexNet Licensing Service - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\75.0.3770.142\elevation_service.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Microsoft Office Groove Audit Service - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: Steam Client Service - C:\Program Files (x86)\Common Files\Steam\SteamService.exe /RunAsService
O26 - Debugger: HKLM\..\SppExtComObj.exe: [Debugger] = rundll32.exe SppExtComObjHook.dll,PatcherMain (file missing)
O26 - Debugger: HKLM\..\osppsvc.exe: [Debugger] = rundll32.exe SppExtComObjHook.dll,PatcherMain (file missing)
--
End of file - Time spent: 37,6 sec. - 25924 bytes, CRC32: FFFFFFFF. Sign: ㋋⾍
Roby
Togli gli 017 e vedi se la situazione migliora.
Poi aggiornaci nell'altro 3d da te aperto
Togli gli 017 e vedi se la situazione migliora.
Poi aggiornaci nell'altro 3d da te aperto
Cancella anche tutto il contenuto della cartella temp
C:Windows/Temp
Inoltre nel caso dai anche una lettura qui
https://forums.malwarebytes.com/topic/249242-removal-instructions-for-extenbro/
Buonasera. Potete darmi una mano? Il computer della mia ragazza va molto lento. INoltre ha un browser di nome Chromium che non riesce a disinstallare. Tra l'altro quest'ultimo non si trova nella lista programmi da disinstallare. Ho provato a fare una scansione con Malwarebytes ma Chromium sta ancora lì. Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time: 23.08.2019 - 17:16 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Nuria (group: Administrator) on NURIA-PC, FirstRun: yes
Chrome: 76.0.3809.100
Internet Explorer: 8.0.7601.17514
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
1 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1 C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
1 C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe
1 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1 C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Nuria\Desktop\HiJackThis.exe
1 C:\Windows\KMS-R@1n.exe
1 C:\Windows\KMS-R@1nHook.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\StikyNot.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
1 C:\Windows\System32\spoolsv.exe
10 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d3e7c741ef3cac1c
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d3e7c741ef3cac1c
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d3e7c741ef3cac1c
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31437847-0AC6-47A5-B09C-549B4B48B385}: [SuggestionsURL] = '' - Bing Search Engine
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{bce42d98-b1cd-493f-a64c-107aae7521be}: = http://www.search-by.com/search?...sec. - 17388 bytes, CRC32: FFFFFFFF. Sign: 葿ᵶ
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time: 23.08.2019 - 17:16 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Nuria (group: Administrator) on NURIA-PC, FirstRun: yes
Chrome: 76.0.3809.100
Internet Explorer: 8.0.7601.17514
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
1 C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
1 C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
1 C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
1 C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
1 C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
9 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe
1 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1 C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Nuria\Desktop\HiJackThis.exe
1 C:\Windows\KMS-R@1n.exe
1 C:\Windows\KMS-R@1nHook.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\StikyNot.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
1 C:\Windows\System32\spoolsv.exe
10 C:\Windows\System32\svchost.exe
3 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d3e7c741ef3cac1c
R0 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d3e7c741ef3cac1c
R0-32 - HKLM\Software\Microsoft\Internet Explorer\Main: [Start Page] = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-d3e7c741ef3cac1c
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31437847-0AC6-47A5-B09C-549B4B48B385}: [SuggestionsURL] = '' - Bing Search Engine
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{bce42d98-b1cd-493f-a64c-107aae7521be}: = http://www.search-by.com/search?...sec. - 17388 bytes, CRC32: FFFFFFFF. Sign: 葿ᵶ
Ercolino ho eliminato R0 e 01. Quale sarebbero le stringhe che fanno riferimento ad R1?
Ho riavviato il pc ma Chromium è sempre presente.
Ecco il nuovo log:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time: 23.08.2019 - 21:35 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Nuria (group: Administrator) on NURIA-PC, FirstRun: yes
Chrome: 76.0.3809.100
Internet Explorer: 8.0.7601.17514
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
7 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe
1 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1 C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Nuria\Desktop\HiJackThis.exe
1 C:\Windows\KMS-R@1n.exe
1 C:\Windows\KMS-R@1nHook.exe
1 C:\Windows\SOUNDMAN.EXE
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\StikyNot.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\msiexec.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
1 C:\Windows\System32\spoolsv.exe
10 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31437847-0AC6-47A5-B09C-549B4B48B385}: [SuggestionsURL] = '' - Bing Search Engine
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{bce42d98-b1cd-493f-a64c-107aae7521be}: = http://www.search-by.com/search?...sec. - 11660 bytes, CRC32: FFFFFFFF. Sign: 媎ᇀ
Ho riavviato il pc ma Chromium è sempre presente.
Ecco il nuovo log:
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 7 (Ultimate), 6.1.7601.0, Service Pack: 1
Time: 23.08.2019 - 21:35 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Nuria (group: Administrator) on NURIA-PC, FirstRun: yes
Chrome: 76.0.3809.100
Internet Explorer: 8.0.7601.17514
Default: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Chrome)
Boot mode: Normal
Running processes:
Number | Path
7 C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
1 C:\Program Files (x86)\PDF Architect 6 Manager\PDF Architect 6\Architect Manager.exe
1 C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
1 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
1 C:\Program Files\PDF Architect 6\creator\common\creator-ws.exe
1 C:\Program Files\Windows Media Player\wmpnetwk.exe
1 C:\Users\Nuria\Desktop\HiJackThis.exe
1 C:\Windows\KMS-R@1n.exe
1 C:\Windows\KMS-R@1nHook.exe
1 C:\Windows\SOUNDMAN.EXE
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\StikyNot.exe
1 C:\Windows\System32\audiodg.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\lsm.exe
1 C:\Windows\System32\msiexec.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spool\drivers\x64\3\E_IATIILE.EXE
1 C:\Windows\System32\spoolsv.exe
10 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskeng.exe
1 C:\Windows\System32\taskhost.exe
1 C:\Windows\System32\wbem\WmiApSrv.exe
2 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\explorer.exe
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31437847-0AC6-47A5-B09C-549B4B48B385}: [SuggestionsURL] = '' - Bing Search Engine
R4 - SearchScopes: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{bce42d98-b1cd-493f-a64c-107aae7521be}: = http://www.search-by.com/search?...sec. - 11660 bytes, CRC32: FFFFFFFF. Sign: 媎ᇀ
Non c'è Ercolino. Non me lo trova nemmeno utilizzando revo unistaller.
Con la combinazione di tasti Win+R sulla tastiera, digitando il comando %localappdata% e poi Invio si apre la cartella AppData\Local di Windows. Qui c'è la cartella denominata Chromium. Se la elimino si disinstalla?
Con la combinazione di tasti Win+R sulla tastiera, digitando il comando %localappdata% e poi Invio si apre la cartella AppData\Local di Windows. Qui c'è la cartella denominata Chromium. Se la elimino si disinstalla?
- Registrato
- 16 Dicembre 2009
- Messaggi
- 10.122
Prova a dare una occhiata a questo articolo:
Rimuovere virus Chromium all'avvio di Windows: come fare?
Rimuovere virus Chromium all'avvio di Windows: come fare?
Biscuo ho seguito la tua guida e credo di averlo rimosso. La scansione con malwarebytes è stata proprio la prima cosa che ho fatto. Prima della scansione, chromium stava tra i programmi installati ma non me lo faceva disinstallare. Mi dava errore. Dopo la scansione è scomparso tra i programmi ma il browser era sempre funzionante. E' normale però che la voce Chromium risulta tra i programmi in avvio? C'è solo la voce ma risulta disabilitato.
E' rimasta la voce nel registro molto probabilmente, ma se è disabilitata va bene
Nel caso elimina
O4 - MSConfig\startupreg: Chromium [command] = c:\users\nuria\appdata\local\chromium\application\ chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session (HKCU) (2019/08/23)
Nel caso elimina
O4 - MSConfig\startupreg: Chromium [command] = c:\users\nuria\appdata\local\chromium\application\ chrome.exe --auto-launch-at-startup --profile-directory="Default" --restore-last-session (HKCU) (2019/08/23)
Un controllo.
Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Home), 10.0.18362.295 (ReleaseId: 1903), Service Pack: 0
Time: 27.08.2019 - 16:25 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Crotone1 (group: Administrator) on CROTONE1-PC, FirstRun: yes
Chrome: 76.0.3809.100
Firefox: 68.0.2.7164
Edge: 11.0.18362.267
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1 C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
8 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Nero\Update\NASvc.exe
1 C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
1 C:\Program Files\TOSHIBA\Teco\TecoResident.exe
1 C:\Program Files\TOSHIBA\Teco\TecoService.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.53.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.901.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxOutlook.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe
1 C:\Users\Crotone1\Desktop\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\VSSVC.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://toshiba13.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - HKCU\..\Run: [Facebook Update] = C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Crotone1\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2019/02/02)
O4 - HKCU\..\StartupApproved\Run: [Spotify Web Helper] = C:\Users\Crotone1\AppData\Roaming\Spotify\SpotifyWebHelper.exe (2019/03/27)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SRS Premium Sound HD] = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [TCrdMain] = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [TODDMain] = C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
O4 - HKLM\..\Run: [TecoResident] = C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TosWaitSrv] = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (2015/08/26)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [Intel AppUp(SM) center] = C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4-32 - HKLM\..\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [TPUReg] = C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe /Retimes
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O22 - Task (.job): (Not scheduled) EPSON XP-225 Series Update {CD2A4DA0-9593-4396-B625-CD02778F6DD7}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE /EXE:"{CD2A4DA0-9593-4396-B625-CD02778F6DD7}" /F:"Update"
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001Core.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001UA.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
O22 - Task (.job): (Not scheduled) G2MUpdateTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\14172\g2mupdate.exe
O22 - Task (.job): (Not scheduled) G2MUploadTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\14172\g2mupload.exe
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: GFNEX Service - (GFNEXSrv) - C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Machine Debug Manager - (MDM) - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
O23 - Service R2: Nero Update - (NAUpdate) - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TOSHIBA eco Utility Service - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service R2: TeamViewer 12 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
O23 - Service R3: TPCH Service - (TPCHSrv) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TEMPRO Service - (TemproMonitoringService) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service S3: TMachInfo - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
--
End of file - Time spent: 44 sec. - 27484 bytes, CRC32: FFFFFFFF. Sign: 叅눑
Grazie
Logfile of HiJackThis Fork by Alex Dragokas v.2.9.0.18
Platform: x64 Windows 10 (Home), 10.0.18362.295 (ReleaseId: 1903), Service Pack: 0
Time: 27.08.2019 - 16:25 (UTC+02:00)
Language: OS: Italian (0x410). Display: Italian (0x410). Non-Unicode: Italian (0x410)
Elevated: Yes
Ran by: Crotone1 (group: Administrator) on CROTONE1-PC, FirstRun: yes
Chrome: 76.0.3809.100
Firefox: 68.0.2.7164
Edge: 11.0.18362.267
Internet Explorer: 11.0.18362.1
Default: "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Firefox)
Boot mode: Normal
Running processes:
Number | Path
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
1 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
1 C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
1 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1 C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
1 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
8 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
1 C:\Program Files (x86)\Nero\Update\NASvc.exe
1 C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
1 C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
1 C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
1 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
1 C:\Program Files\AVAST Software\Avast\AvastUI.exe
1 C:\Program Files\AVAST Software\Avast\aswEngSrv.exe
1 C:\Program Files\AVAST Software\Avast\aswidsagent.exe
1 C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
1 C:\Program Files\Intel\iCLS Client\HeciServer.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
1 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
1 C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
1 C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
1 C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
1 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
1 C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
1 C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
1 C:\Program Files\TOSHIBA\Teco\TecoResident.exe
1 C:\Program Files\TOSHIBA\Teco\TecoService.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeApp.exe
1 C:\Program Files\WindowsApps\Microsoft.SkypeApp_14.51.72.0_x64__kzf8qxf38zg5c\SkypeBackgroundHost.exe
1 C:\Program Files\WindowsApps\Microsoft.Windows.Photos_2019.19051.16210.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1906.53.0_x64__8wekyb3d8bbwe\Calculator.exe
1 C:\Program Files\WindowsApps\Microsoft.WindowsStore_11906.1001.24.0_x64__8wekyb3d8bbwe\WinStore.App.exe
1 C:\Program Files\WindowsApps\Microsoft.YourPhone_1.19071.901.0_x64__8wekyb3d8bbwe\YourPhone.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxOutlook.exe
1 C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16005.11901.20184.0_x64__8wekyb3d8bbwe\HxTsr.exe
1 C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe
1 C:\Users\Crotone1\Desktop\HiJackThis.exe
1 C:\Windows\ImmersiveControlPanel\SystemSettings.exe
1 C:\Windows\RtkBtManServ.exe
1 C:\Windows\System32\ApplicationFrameHost.exe
8 C:\Windows\System32\RuntimeBroker.exe
1 C:\Windows\System32\SearchIndexer.exe
1 C:\Windows\System32\SecurityHealthService.exe
1 C:\Windows\System32\SecurityHealthSystray.exe
1 C:\Windows\System32\SgrmBroker.exe
1 C:\Windows\System32\TODDSrv.exe
1 C:\Windows\System32\VSSVC.exe
1 C:\Windows\System32\atieclxx.exe
1 C:\Windows\System32\atiesrxx.exe
2 C:\Windows\System32\csrss.exe
1 C:\Windows\System32\ctfmon.exe
1 C:\Windows\System32\dasHost.exe
1 C:\Windows\System32\dllhost.exe
1 C:\Windows\System32\dwm.exe
1 C:\Windows\System32\escsvc64.exe
2 C:\Windows\System32\fontdrvhost.exe
1 C:\Windows\System32\lsass.exe
1 C:\Windows\System32\services.exe
1 C:\Windows\System32\sihost.exe
1 C:\Windows\System32\smartscreen.exe
1 C:\Windows\System32\smss.exe
1 C:\Windows\System32\spoolsv.exe
73 C:\Windows\System32\svchost.exe
1 C:\Windows\System32\taskhostw.exe
1 C:\Windows\System32\wbem\WmiPrvSE.exe
1 C:\Windows\System32\wbem\unsecapp.exe
1 C:\Windows\System32\wininit.exe
1 C:\Windows\System32\winlogon.exe
1 C:\Windows\SystemApps\InputApp_cw5n1h2txyewy\WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
1 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
1 C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
1 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
1 C:\Windows\explorer.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Default_Page_URL] = http://toshiba13.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main: [Start Page] = https://www.google.it/
O2-32 - HKLM\..\BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\jp2ssv.dll
O2-32 - HKLM\..\BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_221\bin\ssv.dll
O4 - Global User Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
O4 - HKCU\..\Run: [Facebook Update] = C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O4 - HKCU\..\StartupApproved\Run: [OneDrive] = C:\Users\Crotone1\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background (2019/02/02)
O4 - HKCU\..\StartupApproved\Run: [Spotify Web Helper] = C:\Users\Crotone1\AppData\Roaming\Spotify\SpotifyWebHelper.exe (2019/03/27)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] = C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe
O4 - HKLM\..\Run: [AvastUI.exe] = C:\Program Files\AVAST Software\Avast\AvLaunch.exe /gui
O4 - HKLM\..\Run: [RtHDVCpl] = C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
O4 - HKLM\..\Run: [SRS Premium Sound HD] = C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
O4 - HKLM\..\Run: [SecurityHealth] = C:\WINDOWS\system32\SecurityHealthSystray.exe
O4 - HKLM\..\Run: [TCrdMain] = C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
O4 - HKLM\..\Run: [TODDMain] = C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe
O4 - HKLM\..\Run: [TecoResident] = C:\Program Files\TOSHIBA\Teco\TecoResident.exe
O4 - HKLM\..\Run: [TosWaitSrv] = C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe
O4 - HKLM\..\StartupApproved\StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Image Transfer Utility.lnk -> C:\Program Files (x86)\Canon\ImageTransferUtility\ImageTransferUtility.exe (2015/08/26)
O4 - HKU\S-1-5-19\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4 - HKU\S-1-5-20\..\RunOnce: [WAB Migrate] = C:\Program Files\Windows Mail\wab.exe /Upgrade
O4-32 - HKLM\..\Run: [Intel AppUp(SM) center] = C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4-32 - HKLM\..\Run: [StartCCC] = C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe MSRun
O4-32 - HKLM\..\Run: [SunJavaUpdateSched] = C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
O4-32 - HKLM\..\Run: [TPUReg] = C:\Program Files (x86)\TOSHIBA\Password Utility\TosPU.exe /Retimes
O17 - DHCP DNS 1: 192.168.1.254
O18 - HKLM\Software\Classes\Protocols\Handler\skype4com: [CLSID] = {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00asw: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O21 - HKLM\..\ShellIconOverlayIdentifiers\00avast: avast - {472083B0-C522-11CF-8763-00608CC02F24} - C:\Program Files\AVAST Software\Avast\ashShell.dll
O22 - Task (.job): (Not scheduled) EPSON XP-225 Series Update {CD2A4DA0-9593-4396-B625-CD02778F6DD7}.job - C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNFE.EXE /EXE:"{CD2A4DA0-9593-4396-B625-CD02778F6DD7}" /F:"Update"
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001Core.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver
O22 - Task (.job): (Not scheduled) FacebookUpdateTaskUserS-1-5-21-3212974350-4222326917-2881284299-1001UA.job - C:\Users\Crotone1\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler
O22 - Task (.job): (Not scheduled) G2MUpdateTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\14172\g2mupdate.exe
O22 - Task (.job): (Not scheduled) G2MUploadTask-S-1-5-21-3212974350-4222326917-2881284299-1001.job - C:\Users\Crotone1\AppData\Local\GoToMeeting\14172\g2mupload.exe
O23 - Service R2: "Realtek Bluetooth Device Manager Service" ;RtkServ - (RtkBtManServ) - C:\WINDOWS\RtkBtManServ.exe
O23 - Service R2: AMD External Events Utility - C:\WINDOWS\system32\atiesrxx.exe
O23 - Service R2: Adobe Acrobat Update Service - (AdobeARMservice) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service R2: Avast Antivirus - (avast! Antivirus) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service R2: AvastWscReporter - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe /runassvc /rpcserver
O23 - Service R2: Epson Scanner Service - (EpsonScanSvc) - C:\WINDOWS\system32\EscSvc64.exe
O23 - Service R2: GFNEX Service - (GFNEXSrv) - C:\Program Files (x86)\TOSHIBA\Password Utility\GFNEXSrv.exe
O23 - Service R2: Intel(R) Capability Licensing Service Interface - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service R2: Intel(R) Dynamic Application Loader Host Interface Service - (jhi_service) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service R2: Intel(R) ME Service - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service R2: Intel(R) Management and Security Application Local Management Service - (LMS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service R2: Intel(R) Management and Security Application User Notification Service - (UNS) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service R2: Machine Debug Manager - (MDM) - C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
O23 - Service R2: Nero Update - (NAUpdate) - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service R2: Realtek Audio Service - (RtkAudioService) - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service R2: SynTPEnh Caller Service - (SynTPEnhService) - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service R2: TOSHIBA Optical Disc Drive Service - (TODDSrv) - C:\Windows\system32\TODDSrv.exe
O23 - Service R2: TOSHIBA eco Utility Service - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service R2: TeamViewer 12 - (TeamViewer) - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
O23 - Service R2: Wondershare Application Framework Service - (WsAppService) - C:\Program Files (x86)\Wondershare\WAF\2.4.3.227\WsAppService.exe
O23 - Service R3: TPCH Service - (TPCHSrv) - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service R3: aswbIDSAgent - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service S2: Servizio Google Update (gupdate) - (gupdate) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /svc
O23 - Service S3: Adobe Flash Player Update Service - (AdobeFlashPlayerUpdateSvc) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service S3: Google Chrome Elevation Service - (GoogleChromeElevationService) - C:\Program Files (x86)\Google\Chrome\Application\76.0.3809.100\elevation_service.exe
O23 - Service S3: Malwarebytes Service - (MBAMService) - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service S3: Microsoft Office Diagnostics Service - (odserv) - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
O23 - Service S3: Mozilla Maintenance Service - (MozillaMaintenance) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service S3: Servizio Google Update (gupdatem) - (gupdatem) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /medsvc
O23 - Service S3: TEMPRO Service - (TemproMonitoringService) - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service S3: TMachInfo - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
--
End of file - Time spent: 44 sec. - 27484 bytes, CRC32: FFFFFFFF. Sign: 叅눑
Nel frattempo shark hai problemi particolari?
Non vedo cose particolari, tutt'alpiù lo 017 che punta all'ip che presumo del router, ma non dovrebbe essere un problema.
Non vedo cose particolari, tutt'alpiù lo 017 che punta all'ip che presumo del router, ma non dovrebbe essere un problema.
Anche il mio dopo 5 anni dall'ultima formattazione, con w7 e i medesimi programmi, è diventato più lento ad accendersi, normale 'vecchiaia' del S.O.